Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Create a dream TeamsMastering Microsoft Teams management across the entire lifecycle
Sh
are
Gate
by G
Soft
ShareGate by GSoft
Jasper Oosterveld
Microsoft MVP & Modern
Workplace Consultant at InSpark
Laurent St-Pierre
Community Enablement Manager
at ShareGate
Agenda
• Part I: Build a solid Microsoft Teams foundation from the moment of creation
• Part II: Maintain a healthy and secure Microsoft Teams environment—at scale
• Part III: Defining end-of-life strategies to keep your Teams organized and up-to-date
Goal
Cover beginning-of-life best practices to help you
understand why users create their teams—so you
can apply the right governance policies and security
settings from the moment of creation.
Build a solid Microsoft Teams foundation from the moment of creation
Main topics
Build a solid Microsoft Teams foundation from the moment of creation
• Creation process
• Collaboration process
• Classification process
Creation process
Build a solid Microsoft Teams foundation from the moment of creation
Why do business users create teams?
Build a solid Microsoft Teams foundation from the moment of creation
• Collaborate with colleagues
• Collaborate with colleagues and guests
Who can create a team?
Build a solid Microsoft Teams foundation from the moment of creation
• All employees
• A selection of employees
• Delegated to IT
Where can you create a team?
Build a solid Microsoft Teams foundation from the moment of creation
• Microsoft Teams application
• Provisioning solution
• SharePoint team site
• Microsoft 365 administration center
What are Teams templates?
Build a solid Microsoft Teams foundation from the moment of creation
• 13 out-of-the-box templates for different scenarios
• Customize or create your own
• Add additional channels and tabs per template
• Assign one or more templates per policy for all, or a
selection of, employees
Example: Select a Teams template
Build a solid Microsoft Teams foundation from the moment of creation
What is a naming policy?
A naming policy allows you to provide a team with a
pre-defined naming convention.
Build a solid Microsoft Teams foundation from the moment of creation
Three options to apply a naming policy
Build a solid Microsoft Teams foundation from the moment of creation
• Provisioning solution
• Manually by the business users
• Azure Active Directory
(requires Azure Premium P1 license)
What are our recommendations?
Build a solid Microsoft Teams foundation from the moment of creation
• Naming policy exposes the purpose and goal of a team.
• Increasing the ease-of-maintenance for the IT
administrator.
Collaboration process
Build a solid Microsoft Teams foundation from the moment of creation
P1: Build a solid Microsoft Teams foundation from the moment of creation
External sharing
Build a solid Microsoft Teams foundation from the moment of creation
What is external sharing?
Build a solid Microsoft Teams foundation from the moment of creation
• Instead of inviting a guest into the entire team, business
users share one or more files with a guest.
• The guest receives an e-mail with a link to the files.
• The guest has to enter a verification code.
Verification code (1)
Build a solid Microsoft Teams foundation from the moment of creation
Verification code (2)
Build a solid Microsoft Teams foundation from the moment of creation
Verification code (3)
Build a solid Microsoft Teams foundation from the moment of creation
What type of sharing links are available?
Build a solid Microsoft Teams foundation from the moment of creation
• Everyone
• New & existing guests
• Existing guests
• Disabled
Where do you manage external sharing?
Build a solid Microsoft Teams foundation from the moment of creation
• SharePoint Online administration center.
• Sensitivity labels through Microsoft Information Protection
Protection framework (MIP)
• A third-party tool like ShareGate Apricot
What is our recommendation?
Build a solid Microsoft Teams foundation from the moment of creation
• Enable external sharing with new & existing guests.
• Implement a periodic review of sharing links.
(More on that in session 2!)
• Educate your team owners & members.
• Start with defining your classification scheme & strategy.
Guest access
Build a solid Microsoft Teams foundation from the moment of creation
What are guests?
Build a solid Microsoft Teams foundation from the moment of creation
• People without a Microsoft 365 license assigned
from your organization.
Why would you allow guests in Teams?
Build a solid Microsoft Teams foundation from the moment of creation
• Reduce shadow IT.
• Provide an efficient collaboration experience.
• More control & insights into who’s working with
your colleagues & content.
What can a guest do in Teams?
Build a solid Microsoft Teams foundation from the moment of creation
• The permissions are set within the Microsoft Teams
Administrator Guest Access & settings of the
specific team.
Guest Access Settings
Build a solid Microsoft Teams foundation from the moment of creation
Team Settings
Build a solid Microsoft Teams foundation from the moment of creation
How do you enable guest access?
Build a solid Microsoft Teams foundation from the moment of creation
• Azure Active Directory
• Microsoft 365 admin center
• Microsoft Teams admin center
What guests can be invited?
Build a solid Microsoft Teams foundation from the moment of creation
IT administrators allow invitations to be sent to any domain
(most inclusive)
OR
Deny invitations to the specified domains
OR
Allow invitations only to the specified domains (most
restrictive)
Invitations & domains
Build a solid Microsoft Teams foundation from the moment of creation
How are guests invited?
Build a solid Microsoft Teams foundation from the moment of creation
IT administrators add guests in Azure AD
OR
Owners of a team invite guests.
Be aware:
• A guest is considered a member!
• A guest receives access to all the content of the public
channels.
What are our recommendations?
Build a solid Microsoft Teams foundation from the moment of creation
• Enable guest access.
• Implement a process to periodically review guests. (more
on that in session 2!)
• Enable MFA for guests.
• Educate your team owners.
• Work with private channels for internal collaboration.
• Start with defining your classification scheme & strategy.
Collaboration settings
Build a solid Microsoft Teams foundation from the moment of creation
What are important policies?
Build a solid Microsoft Teams foundation from the moment of creation
1. Teams policies: Enable private channels.
2. App policy: Enable Microsoft Apps & limit or block 3rd
party apps.
Review the Team & channel settings
Build a solid Microsoft Teams foundation from the moment of creation
Classification process
Build a solid Microsoft Teams foundation from the moment of creation
P1: Build a solid Microsoft Teams foundation from the moment of creation
What is classification?
Build a solid Microsoft Teams foundation from the moment of creation
1. Classify a team according to its purpose.
For example: Project or department.
2. Classify a team according to its level of sensitivity.
For example: Internal or Highly Sensitive.
How to create a classification scheme?
Build a solid Microsoft Teams foundation from the moment of creation
• The classification scheme is often determined by the
regulation of your country or company industry.
For example: E.U. GDPR or U.S. Health Insurance Act
(HIPAA)
Real-world classification scheme
Non-business data,
for personal use only.
Company
data specifically
prepared and approved
for public use.
Company data intended
for general use within
and outside the
organization (business
partners).
Sensitive company data
that poses a business
risk if it is shared with
unauthorized people.
Highly sensitive
company data that
poses a business risk
if it is shared with
unauthorized people.
Personal Public Internal Confidential Top secret
Build a solid Microsoft Teams foundation from the moment of creation
What classification options are there?
Build a solid Microsoft Teams foundation from the moment of creation
• Sensitivity labels with Microsoft Information
Protection (MIP)
• ShareGate Apricot’s group purpose and sensitivity tags
How do sensitivity labels work with Teams?
Build a solid Microsoft Teams foundation from the moment of creation
• The sensitivity label is assigned during or after the creation of a team.
• Enforce the following security settings for a team:
• Privacy of the team
• Enable or disable guest access
• Type of external sharing link
• The type of access to SharePoint content with unmanaged devices
Be aware: Enabling this feature requires that you possess at least one active
Azure Active Directory Premium P1 license.
Build a solid Microsoft Teams foundation from the moment of creation
Build a solid Microsoft Teams foundation from the moment of creation
What is our recommendation?
Build a solid Microsoft Teams foundation from the moment of creation
1. Start defining your classification scheme for Teams.
2. Implement a classification/tagging system for Teams.
Takeaways from part I
Build a solid Microsoft Teams foundation from the moment of creation
• Talk with your business users about their requirements and needs.
• Enable guest access & sharing links at the organization level.
• Define & implement your classification scheme & strategy.
Resources
Build a solid Microsoft Teams foundation from the moment of creation
• Teams template capabilities & limits
• Manage who can create Microsoft 365 Groups
• Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and
SharePoint sites
• Detailed Microsoft 365 Compliance Licensing Comparison PDF (April 2021)
Contact us
Jappie 🧘🏼♂️ (@jasoosterveld) | Twitter
Jasper Oosterveld | LinkedIn
Jasper Oosterveld - Microsoft MVP | Website
ShareGate (@sharegatetools) | Twitter
ShareGate (@sharegate) | LinkedIn
Sharegate.com | Website
Build a solid Microsoft Teams foundation from the moment of creation