If the word “governance” makes you think of bureaucracy and government organizations (and maybe even fancy spies, like ‘007), you’re not alone. When it comes to businesses’ and agencies’ relationships with Microsoft365, however, governance looks a little different. It typically refers to the set of practices and processes by which M365 is led and controlled. In essence, it’s the framework an organization puts in place to help manage their M365experience, often related to elements like user controls, M365 auditing and data storage in both the short and long-term.
It is uncommon that O365 governance policies are created from scratch. Often times, the foundation of the policies that define an organization’s M365 governance approach are carried over from past communication or file-sharing systems.
But the challenge there — as I’m sure you can imagine — is that Microsoft 365 is an advanced and constantly evolving tool, requiring an advanced and constantly evolving set of policies. Holdover practices are rarely, if ever, best practices when it comes to M365. Moreover, they are generally incomplete by definition, because Microsoft is continually adding additional security and control layers to the platform, and as such, organization’s governance approaches need to be updated regularly to make the best use of the various tools Microsoft is providing.
So, who should control governance such that it reflects the latest security and control improvements offered by Microsoft? And what do they need to know in order to create and maintain a complete and thorough framework?Great questions. Here are four things to keep top of mind when it comes to M365 governance.
Now, who should own governance depends greatly on your organization’s structure and size. But, in most cases, IT administrators should be the ones running point when it comes to M365 (likely with input from the executive and product teams).
Think of IT as the voice in your GPS system, the ones telling you when to go right or turn left. They may not be in the driver’s seat of your organization, but they’re helping dictate where to go (and how to get there)based on satellite navigation. M365 governance should follow a similar pattern.
Because IT understands the ins and outs of Microsoft (and its subsequent apps), they’re well-positioned to determine what the right policies should be — e.g., not only getting you to your desired destination, but doing so in a reasonable and straightforward way – exactly as you’d expect from your GPS system.
Specifically, IT can help craft systems for data storage, file-sharing, and so forth in a way that appreciates the nuances of M365; few other teams are equipped to do this. Moreover, M365 is a complex and sophisticated platform in which controls for various features are distributed throughout the various applications embedded in the platform. As such, your IT team – which interacts with all aspects of the system – is well suited to identifying the simplest and most reliable way to achieve your desired outcomes.
Once you’ve determined who should control M365 governance, that team — likely IT — should establish best practices, particularly for collaboration. There are three main communication tools within M365: Microsoft Teams, Outlook, and the more social Yammer. Take the time to evaluate and understand how groups and individuals across your organization are using each of these tools and establish best practices from there.
Some examples of common governance policies include rules around who can create Teams channels and who can join them; rules targeted at actively securing sensitive data within your organization with native Microsoft features like sensitivity labels; and implementing dynamic identity controls based on specific user traits, such as which department they work in within your organization.
When it comes to sharing these Office 365 best practices with the wider organization, Microsoft has a few tips:
Too often, organizations will shift workloads and workflows to the cloud in an effort to lighten IT’s load — but the long-term costs might not make this worth your while. Not only do you reduce the capacity to customize in the cloud, but you also reduce the number of security features and protocols available. Use M365 governance as an opportunity to boost and tighten security, not loosen it.
Hybrid Microsoft deployments, or those that span both on-premises data centers and the cloud, may provide a path to greater control in the areas that your organization requires, and greater flexibility in other, less sensitive areas of your M365 tenant.
Above all else, M365 governance should align with, and support your business’ priorities and desired outcomes. The goal here should be to get as much bang for your buck out of M365 as possible, allowing you to improve collaboration across teams and reduce security risk (saving time and money in the long run)
Automating governance-related processes within your M365 tenant will go a long way toward achieving this goal in most cases, as it will reduce the day in and day out workload of your administrative team, reduce the number of errors made while applying your desired governance rules, and increase the frequency with which you can reasonably audit your system to ensure things areas they should be.
To do this well, partner with a Microsoft 365 management solution, like (ahem) CoreView. Curious to know how this can take your organization’s, well, organization to the next level? Schedule a CoreView demo today.