How to Create & Enforce Your Office 365 Governance Policies

Post Date: 06/19/2019
feature image

Optimize governance in your environment with our free ebook “When to Use and How to Manage Office 365 Groups.” Download here!

Note: The following is a recap of John Hodges’ and Robert Young’s sessions at Shift Happens Conference 2019. Check out the other session recaps below: 

By creating strong governance policies and applying them proactively, you can increase your Office 365 adoption while making data more secure. But to successfully apply governance policies, you need to make them real for your users and create enforcement mechanisms. You can wind up drowning if you try to apply governance across the applications within Office 365 on an ad-hoc basis.

Prudential Financial—based right outside of NYC in Newark, NJ—realized the time had come to move to the cloud. Robert had to calm everyone’s nerves and assure them that privacy and security were naturally top of mind, the cloud really is safer than having everything on-premises—and no, this isn’t about an actual trip on a cloud.

But first, a little about Prudential:

  • They have 45,000 domestic tenant users and 23,000 tenant users in Japan
  • They moved from IBM Lotus Notes and IBM connections to Microsoft 365
  • They’re currently using Outlook, OneDrive, SharePoint Online, Forms/Flow and currently in the process of rolling out Microsoft Teams. PowerApps, Stream, and Yammer are planned for the near future.

In terms of their roadblocks:

  • It’s a highly-regulated financial company with strenuous legal requirements
  • There’s a seven-year global retention policy for SharePoint
  • Trying to keep up with rolling out new products to anxious business partners while staying on top of governance and operational processes
  • Multiple tenants have some “ethical walls” within the Japan business
  • Learned lots of hard lessons with Lotus Notes and this time around they needed to prevent sprawl and hold owners accountable for their content.
Have questions about Office 365 governance? Check out this post: Click To Tweet

While aware of the fact that it would take some time to roll out and for user adoption to occur, the time had come to get rid of the “low-hanging fruit” and make some moves. Previously, they had set a global retention policy that said NOTHING should ever be deleted, but that caused major issues in terms of sprawl. They were quickly maxing out on storage and something needed to change.

Cloud Governance to the Rescue

Prudential really needed meaningful and calculated policies and a way to view who’d done what in which collaboration spaces, so they turned to AvePoint’s Cloud Governance for assistance. Since they’re a ServiceNow company, they needed to find a way to integrate ServiceNow and Cloud Governance. They decided ServiceNow would become the initial requestor and all the future update requests would be done directly from their SharePoint sites (all via the Cloud Governance panel). They also needed to find ways to use Cloud Governance services to help with their permissions models of SharePoint sites.

Before the move, they found content that was over 20 years old! So, clearly, the next priority after moving to the cloud was to put policies in place to manage everything…including SharePoint and Microsoft Teams’ storage, renewal/recertification, SharePoint designer settings, and sharing settings. To play it safer, they opted to start off very restrictive—it’s always easier to add capabilities than take them away later. After moving to the cloud, this became top priority.

While dealing with challenges and change, they had to ask themselves many questions, like:

  • Who gets access to what?
  • How do you tackle the challenge of sharing internally vs. externally? Or Teams vs. private use?
  • What about tricky sharing policies between countries?
  • How do you know you’re following policies?
  • Can you trust your users to do the right thing?
  • How do you ensure that the correct roles and responsibilities within Prudential have access to whatever they need—and cannot access what’s not meant for them?

Moving Forward with AvePoint

Cloud Governance makes sure the rules and policies apply to specific roles and responsibilities. Our communication and SharePoint sites help with document access, and we give them subsites on a site collection so they have full control over that subsite.

microsoft teams

With AvePoint by their side, Prudential runs reports via Policy Enforcer to tell them who has accessed what, when, and how. Due to our restrictive model, their employees cannot create a team without first requesting one and being approved. This thereby reduces sprawl and helps keeps content out of the hands of those who should not have access. Admins can also create sites and provision with specific service models, limit the manage permissions settings in SharePoint, manage group memberships, and so much more!

Prudential is thrilled with the ease of the Cloud Governance panel that automatically takes action, calls services with built-in approvals, and even helps them to move away from ServiceNow maintenance.

Since tech and software are always changing and improving, so is Prudential. In the future, they’ll be looking for ways to eliminate additional manual processes and find more ways to stay ahead of the Office 365 roadmap and its potential impacts.

Looking for more Office 365 governance content from industry experts? Subscribe to our blog!

Subscribe to our blog