Learn about the struggles and successes of fellow organizations in our Office 365 governance and migration industry survey.


At their heart, Office 365 Groups work like security groups. They not only provide access and permissions, but they also combine a lot of other applications. This includes information from Outlook, Planner, OneNote, SharePoint, and OneDrive.

It’s only natural that managing such a variety of data can become a major issue for organizations across the board. To alleviate some of that stress, here are 7 governance strategies to help you get a handle on your data management and protection.

1. Govern who can provision and create Office 365 Groups.

This is the first thing that organizations should think about. You have to start by asking yourself this question of “How much control?” versus “How much adoption do you want?” When you’re talking about who should be able to provision Office 365 Groups, the idea is to reduce sprawl. You need to gain control over what’s going in your Office 365 Groups.

So, asking yourself how much of your content is regulated can help bare the burden. These are classic questions for content management and information management in these environments. With everything that’s happening, you have to ask yourself how much of the responsibility of governance IT is going to take on and how much can you federate that in the environment.

When looking long-term, the question I like to ask people is “What is your environment going to look like in ten years?” This is where managing the access and ownership of Office 365 Groups to help properly govern your environment is imperative.

2. Manage access and ownership of Groups.

Understanding who needs to have access to sensitive content and who needs to be able to externally share and add external members to the teams for those chats is important for Office 365 environments. You still want to be able to enable your end users to have groups and teams for personal fun use without compromising the security of the environment.

Getting control of how that’s being done is key; you don’t want to have official groups and teams getting confused with ones that are there for fun. A third-party solution like AvePoint’s Cloud Governance can give you a lot more control over what’s going on in your environment.

3. Evaluate your retention policy including saving, archiving, and deleting data.

When it comes to retention policy and setting that up for the Office 365 Groups and Microsoft Teams in your environment, it always comes down to understanding your business and how it’s operating. Is your organization regulated? Are you managing records? Are there other kinds of business requirements for records management in your organization?

The more you can make friends with people and the more you can convince people to understand that these things are necessary, the more easily you can work with people to have reasonable policies to control this kind of sprawl. McKinsey has a research survey where they’ve found that users are spending close to 20% of their time looking for information, which is an incredible amount of time wasted. You don’t want to be another statistic!

Looking for tested O365 governance strategies? Check out this post: Click To Tweet

4. Understand how to best utilize Office 365 to reduce IT’s burden.

The biggest point that I have with this is, again, understanding how your organization operates. The more friends that you can have in an organization from an IT perspective, the more you can understand organizational change management. This includes having end users understand the how and why of something being deployed or having a new feature added to Office 365.

The better your end users understand what they’re doing, the more productive they’re going to be. All of these policies, including the security settings, don’t mean anything unless you have buy-in from your stakeholders, decision-makers and, in a lot of cases, from the end users themselves!

5. Determine which applications and services users should be allowed to use.

It’s important to understand that there’re a lot of applications in Office 365–including Microsoft Teams, PowerApps and Flow–that have the capability to connect to external applications. Most organizations end up simply turning them off if they don’t need them.

You can use PowerShell to create a directory group, enabling you to use the GUI inside of Office 365 to turn off those licenses or not give users access to those applications when you’re creating the license. There’re also tenant-wide settings for things like Delve, where it’s giving all this access to be able to see documents that are exposed. You can similarly turn that off for everybody in the organization if you don’t think that people should have access to those.

6. Structure and enforcing properties and naming conventions for Office 365 Groups.

Having a good understanding of the way that your organization is managing information or structuring is important to understand. If you have any kind of records management going on in your organization, your records manager might be a really good person to talk to when it comes to these sorts of things. Otherwise, though, a great place to start is by setting up basic policies around how to secure content is, how sensitive it is, and the different departments that are using your content.

You need to structure out that information. With some licenses, you have the ability to apply properties and classification to Office 365 Groups, but that requires PowerShell. The naming conventions are there, but they also require a well-maintained Azure Active Directory in order to be able to utilize them. Microsoft Teams templates allow you to choose what aspect of a team you’re going to reuse when you provision it. And if you’re controlling structure and everything in your organization, this may be a way that you can template things. Especially the names of different channels that you’ve got.

7. Get news about and preparing for new feature roll-outs.

It can be frustrating to try to keep pace with everything that’s happening all the time in Office 365. Luckily, you can go back and look at the important updates and announcements that have happened and start to strategize based off how they affect you, your environment, and what you’re doing rather than trying to understand every single thing that’s rolling out.

This is a cut of a long infographic that gives you a good idea of what you need to be a member of and pay attention to in order to keep up with all the changes in Office 365. Nobody is on top of all of these updates all the time, including Microsoft. You need to make sure that you keep track of what’s going on in your admin and message centers. Keep in mind, though, that Office 365 admins are the only ones who typically have access to that.

Now that you know what governance strategies you need to have in place, this is where a third-party vendor like AvePoint can help you govern everything that’s been addressed. It’s important to understand that from the beginning, our governance solution can bake in the necessary policies when you’re creating an Office 365 Group, Team, or SharePoint site. We have ways of making it so that your end users can’t do anything on their own unless you want them to. Check out our solutions page for more information on how!


Looking for more content around Office 365 governance? Subscribe to our blog!