Reading time:
5 min

Teams Rapid Deployment with Governance: RBAC and Virtual Tenants


Part Two of a Four Part Series

Enterprises of all sizes are rushing to remote work, and adopting virtual meeting and collaboration solutions so employees don’t miss a beat. For many, that means rolling out Microsoft Teams – often done quickly – without tackling governance such as proper and safe Microsoft Teams and O365 administration and management.

We spoke with Mark Evans, Microsoft Alliance Lead and Head of Special Projects, about:

  • How to ‘bake in’ governance during your Microsoft Teams deployment
  • The biggest security risks we see when rolling out new systems like Microsoft Teams, and how to avoid them
  • Clever ways to dial up and down what users can do to manage their Teams experience, to make them happier, and take the load off your IT team

Evans also explained how Virtual Tenants and Role-Based Access Control (RBAC) ease management and support true Teams Governance.

CoreView: What is Teams governance all about, and how does CoreView help? And what is this I hear about Role-Based Access Control (RBAC)?

Evans: Governance is a substantial area of CoreView expertise. Some of the most popular and common uses of CoreView’s governance capabilities are, first, distributing limited admin rights to selected users around the organization. This way, your central IT group is not overwhelmed and become the bottleneck for every action IT requires. Instead, you smartly distribute limited admin functions to particular people.

Teams channel creation is another example, and defining whom those responsibilities and related admin rights should be given to is critical. Teams call queue management is another example.

The Role of RBAC

CoreView: Do you have more Teams governance examples?

Evans: We talked about distributing limited admin rights for O365. Teams examples include managing call queues and auto-attendants. For example, if you have someone in Italy who speaks Italian, it makes more sense for someone in that region to manage those recordings. With CoreView’s Virtual Tenants and Role-Based Access Control (RBAC), you can specify an individual or a set of individuals with just this capability or more capabilities. It has flexibility, power and ease of use all combined into one.

CoreView: And some broader O365 use cases?

Evans: A broad example is saying, ‘ A region should be able to manage itself, so Europe, South America, North America, should each be able to manage different aspects of themselves ’ . The same is true for a department. This system is used by most of our customers because it is so useful.

Double Feature – Virtual Tenants Plus RBAC

CoreView: How do Virtual Tenants and RBAC support Teams governance?

Evans: A great way to make people collaborative, productive and happy is helping them to manage themselves appropriately. Clearly Virtual Tenants and Role-Based Access Control (RBAC) are vital to spreading limited admin rights over limited segments of the tenant, these Virtual Tenants. You can take any tenant and break it up into any number of Virtual Tenants, which might be done by department, region, individual location, or license pool.

RBAC and Virtual Tenants are flexible and extremely easy to use. Why would you do all this? To break up the giant pool of data that is your tenant into many smaller data pools. That way someone might be able to act on only a limited view and not the entire view of everything that is happening within the organization.

What can you allow these people to do? This is where Role-Based Access Control comes in. RBAC allows you to set very granular policies very easily. With Teams and RBAC possibilities, IT can identify the needs of groups and channels, call queues and auto-attendants. You can select with the click of a button what you want an individual or group of individuals to be able to act upon.

This approach can be applied well beyond Teams, and can tightly and efficiently manage SharePoint, OneDrive, Skype, security groups – there are any number of different objects you can create these limited permissions around. It is a super powerful feature.

Virtual Tenant Advantages

CoreView: What is the benefit of a Virtual Tenant?

Evans: You can segment your tenant into Virtual Tenants that might reflect a department, or a country, or region, or even a single location. By breaking into smaller groups, you can restrict what users can see and act on, making it much easier to manage than having to tackle the entire organization in one bite.

The Role of RBAC

CoreView: How do Virtual Tenants tie into limiting admin rights?

Evans: Once you have created Virtual Tenants, you can create “operators” to act with limited admin rights inside those Virtual Tenants. CoreView lets you allocate many fine-grained permissions to a user. For instance, that user might only be able to modify Teams groups and channels, or just call queues and auto-attendants. That might only be for a region or a department, as defined by the Virtual Tenant.

CoreView: What is all this about a single pane of glass for O365?

Evans: The single pane of glass replaces all the different O365 admin consoles with one unified place to go for management.

More Teams Governance Info at Your Fingertips

This blog is one part of a four part series. Here are links to all Teams Governance blogs:

Learn About Teams Rapid Deployment with Governance

Learn more about Team governance with our CoreView Webinar:

Rapidly Deploy Microsoft Teams with Governance.

The webinar covers:

  • Governance does not need to slow down your rapid deployment!
  • How to “bake in” governance during your Microsoft Teams deployment
  • The biggest security risks we see when rolling out new systems like Microsoft Teams, and how to avoid them
  • How to actually get people to use more parts of Teams, since you’re already paying for it, with real proficiency 
  • Clever ways to dial up and down what users can do to manage their Teams experience, to make them happier, and take the load off your IT team

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.