Want to keep up with AvePoint at Microsoft Ignite 2018? Check out our Ignite hub! Our next session will be lead by Dux Raymond Sy, titled “How to Ensure Operational Governance for Microsoft Teams.”


To be, or not to be, that is the question: 

Whether ’tis nobler in the mind to suffer 

The slings and arrows of outrageous fortune, 

Or to take arms against a sea of troubles 

We all know these famous lines, but for many planning their Microsoft Teams and/or Office 365 Groups strategy, we can change that first line to be “To allow self-service or to NOT allow self-service… THAT is the question!”  

sharepoint 2019

Microsoft’s “on by default” strategy for self-service creation of Sites, Groups and Teams certainly allows users to quickly begin using these innovative tools to support their daily collaboration.  

But for organizations that want to (or must!) take a more measured approach to the creation, cataloging and governance of collaborative workspaces, out of the box self-service in Office 365 can seem like a “sea of troubles” that has them “taking up arms” and reaching quickly for the “off” button until they can figure everything out.  

Click here to find out how your Teams and/or O365 Groups strategy can allow self-service. Click To Tweet

This, of course, only creates problems of another sort as users who now have to wait for cumbersome, manual provisioning processes that are either slowed down or, worse yet, go around your restrictions by collaborating in a different system that you don’t have control or visibility into—the dreaded “Shadow IT” scenario. 

Is There A Middle Ground? 

Can I give my users the agility they need to form and equip new teams with zero delay, yet ensure that all of my policies around data ownership, reporting, ongoing management and life cycle are enforced? Well, to use another well-worn phrase, yes—you can have your cake and eat it too. How? Read on… 

The “create” button is everywhere in Office 365… In Outlook, in Teams, in SharePoint, in Planner. Just for fun one day, we counted and found at least 15 different end user interfaces in Office 365 where users can initiate the creation of an Office 365 Group. This in turn provisioned a lot of new places where that group can communicate and store and share data— even with folks outside the organization (if you have allowed that of course— mercifully, “external sharing” is not on by default).  

A Rose By Any Other Name (Is Still an Office 365 Group)

Different flavors of Office 365 Groups provide slightly different tools for this work, and the flavor you get depends on what interface you were in when you clicked the “create” button. For example, click create from Microsoft Teams and your conversations will happen in Teams Channels.  

Click create from Yammer and your conversations will happen in Yammer posts.  


Read now! 3 Steps to Drive 90% Adoption of Microsoft Teams and Yammer Today!


But behind it all, you are creating an Office 365 Group and all of its services, including an Exchange mailbox and a SharePoint site. Fears of sprawl, duplication, lack of oversight have led organizations to develop practices, especially for SharePoint, where the creation of new workspaces was a managed process, with requests, review, approval and then fulfillment.  

And if your organization is regulated or your IT organization is built on ITSM best practices, this kind of managed process for new collaborative workspaces is a must have so that you can enable scenarios such as maintaining a configuration management report for your Office 365 workspaces.  

Commonly there are attributes of your workspaces that you’ll want to understand— things like: 

  • Who is the business owner of this workspace? Did they formally accept responsibility for managing it? 
  • What department owns this workspace? 
  • What’s the primary purpose of this workspace? 
  • What’s the highest level of sensitivity for the work being done here? 
  • When was the last time this workspace had all the above information validated? 
  • When was the last time someone attested that the access permissions to the workspace were correct? 

Normally you would gather the information above during a managed provisioning process. But if you want to remove barriers to productivity for your users and leave the native Office 365 self-service provisioning of Office 365 workspaces active, how can you ensure that you collect these necessary details and, as importantly, keep them current over time? 

AvePoint’s Cloud Governance solution has long supported the ability to have an automated and fully-managed provisioning process for SharePoint and Office 365, giving you control of every option and setting available to the user, and then allowing you to pass that request through a fully configurable approval process. 

But, using this process meant you needed to shut off native self-service provisioning in Office 365. This is still the recommended approach if you require that granular control over every option and setting available to the requester, but if you value agility and ease of access for your business users over a fully managed provisioning process, a recent addition to our Cloud Governance solution has you covered.  

Introducing “Automatic Import”

The feature is called “Automatic Import” but we refer to it internally as “create and chase.” Essentially, it allows you to leave the native self-service options for Office 365 turned on, but then automatically chases the requesting user and requires them to formally accept ownership of the workspace and supply any necessary additional governance details, such as those listed above.  

Users who create new groups are notified that they need to supply essential governance details.
Users can easily comply with the import policy through their “My Groups” screen.
Admins can customize the direction given to their users and point them to policy documents or web pages.
Essential governance details are supplied by the user.

Not only does this allow you to gather these critical details, the “import” of this new workspace into the Cloud Governance solution means that all of the ongoing management and lifecycle features we enable—re-certification of ownership, attributes and permissions, proactive policy enforcement, automated inactivity tracking and formal end-of-life workflows—are all activated as soon as the “chase” is complete, meaning you now have an ongoing governance process enforced for all of your workspaces.

Groups, Teams and Sites along with all of their attributes and applied policies are easily visible to admins and workspace owners.

Parting Is Such Sweet Sorrow

In many ways, this “create and chase” approach gives you a simple and effective middle path between the open-access model of the native provisioning strategy in Office 365 (along with the risks inherent in it) and the more powerful but intrusive alternate provisioning processes that many organizations have developed over the years (which can slow down users and diminish usage and adoption in Office 365). 

No single approach is right for everyone and you have to carefully weigh exactly how much governance you need or want over the provisioning process in Office 365, but no matter which approach is right for your organization, AvePoint’s Cloud Governance has the tools you’ll need to make it a reality.

For your convenience, you can also find a video going over these points below:


Want more on cloud governance? Be sure to subscribe to our blog!