As Microsoft 365 has matured and Microsoft Teams has come to the forefront, organizations have spent the last few years catching up to what is happening within the technology sphere.
In the past, when SharePoint On-Premises had been the primary focus, things have been much simpler. But today, Microsoft 365 is much more complex. It’s not a static platform–it needs proactive management to be optimized and get the most benefit out of.
This is why business owners (as opposed to IT leaders) are beginning to realize that Teams and SharePoint need to be finely tuned, adjusted, and configured to get what they want out of them. Many have started to really think about not just “what” technology is being deployed, but more importantly, “how” it is being deployed so it becomes a solution to business challenges.
This has then led to more discussion around governance.
What is Microsoft 365 Governance?
Governance is a very broad topic, and no single definition might fit into what it really is. While everyone has a different take on what it means, how you define governance would depend on your area of focus. It is, however, typically concerned with records and data management and how we store data in the long term.
With employees using Microsoft Teams, SharePoint, Yammer, OneDrive, and several lines of business applications (sales and marketing platforms), organizations have a lot of unstructured data. The issue then would be how to manage data across these systems and the processes that surround those activities.
Therefore, governance basically deals with management, control, and regulating content rules, user controls, and content security.
How Microsoft 365 Governance Is Typically Handled
One common practice most organizations do to handle governance is putting policies in place. But the policies and procedures that have been defined are usually holdover policies from prior tools and systems and don’t typically fit into what is viewed as the best practices for Microsoft 365.
Different companies bring different perspectives. Some come from very ad hoc, wild west environments and have issues with people doing what they want. Other environments, on the other hand, are very locked down and inflexible, and users have the opposite experience where they can’t get anything done because of how tightly controlled everything is.
Another ill-defined policy example is dealing with document management by retaining everything. But you can’t hold on to everything. You need to figure out your content structure and information management policies and let that process work. In the end, it all comes down to having SLAs and making sure they’re well defined, and then communicating those SLAs out to your end-users.
Microsoft Teams and SharePoint are viewed as this free realm where you can do anything, so as you define your governance you need to do a better job of communicating how you should conduct yourself. It’s an easy game if you define them and communicate them well, but if you don’t do that, you’re setting yourself up for problems.
Who Should Own It?
The quick answer to “Who owns governance?” in an organization is usually that IT owns it with input from Marketing and Product teams. Others believe IT only delivers the platform, but that it should be owned by the business and not solely by IT.
The problem inherently lies with misperception that the goal of the project is to “deploy SharePoint” or “deploy Microsoft Teams” when the goal should be solving the business problem by using Microsoft 365 as a tool to reach that end state.
Defining what services need to be run comes from the business needs and objectives, which then helps determine what governance policies need to be set in place to manage those services.
At the end of the day, the successful deployment of any enterprise technology rests on the commitments of IT. Until you see that change and business owners are held accountable for Microsoft 365’s success, you will not see this shift in the business.
Key Things to Note in Owning Microsoft 365 Governance
1. Don’t give the full responsibility to just one person.
We find that when the responsibility tends to fall on one person, like the service manager, they just want to make the exception; they don’t want to have to deliver the bad news.
When it comes to enforcing many of the rules of the system, they’re not always willing to support it. Perhaps this responsibility of owning governance needs to fall within a committee so that one person is not set up to be the bad guy.
2. Know the “cost” of your governance model.
Corporate life is not democracy. Decisions have to be made. Different corporate cultures will have different ways of setting up and managing governance, but what organizations need to understand is the “costs” of whatever model they choose to set up.
Make it too structured and controlled and people may not use the system. Too unstructured, and people may not follow the standards and ultimately users may not coalesce around the platform.
Business and IT are going to be head-to-head on some of these decisions more than they probably should. There might be some gaps with the change process and in explaining the work effort necessary to do much of what the business is asking, and so communicating expectations to end-users will be important.
3. Try content delivery!
IT deals with various workloads around collaboration, document management, records management, security, and compliance. Now, they also have to manage application delivery.
While they’re trying to tackle all of those workflows on one infrastructure, there’s yet another challenge of organization growth. With the value IT is providing for the business, doing all this work for a global organization with six other people is not sustainable at all. So, what exactly is not being done?
One solution is to begin to call it content delivery. Setting applications up as a service would simplify the request process and help determine specific SLAs for that particular service. Moreover, you have to clearly outline the services available—from making a site look nice, to fixing navigation, to helping build out the web parts and organizing site structures.
4. Understand the cost of moving workloads to the cloud.
In connection with easing IT’s workload, moving certain workloads to the cloud can shift certain tasks from the IT team.
They don’t have the same pressures of handholding users through basic Microsoft 365 activities, because if they even provide this service, there’s a cost associated with those requests. This might be advantageous to the business from a cost perspective, but you have to ask what the costs are to the business.
If you reduce the ability to customize, you lose some of the inherent value of Microsoft 365. Nobody is really talking about this lost opportunity cost when it comes to moving to the cloud, but it’s very real.
Moreover, there are major concerns around the cloud: How secure is it? How secure are our on-prem systems? How can governance improve security?
You have to remember that process is as important, or more important, than systems. Within the region, it’s not so much of a concern about security as it is about sovereignty. Specifically, the Microsoft 365 offering being hosted in the United States brings up concerns regarding data laws for many companies in APAC and EMEA, and makes cloud adoption in those regions slower.
One overall goal with governance for Microsoft 365 is to accomplish more with the people and resources that you already have.
Cloud may, in the future, allow them to do even more with less. But right now, they are concentrating on optimizing existing infrastructure and personnel and using governance to get better organized and to get a better handle on what teams need today and whether they’re maximizing what is available on the platform.
If we’re going to focus on what is happening today, governance is about understanding how to get the most out of the current workloads and making things more efficient for teams and the business as a whole.