Breaking Down Silos: A Look at Cross-Cloud Collaboration for Government

Alongside the growth of remote work and distributed teams is the surge in adopting online collaboration tools. Then, as businesses needed to expand their communication with clients, partners, and outside users, cross-cloud collaboration enabled organizations to work together on projects across different platforms and devices.  

However, cross-cloud collaboration poses some serious challenges, especially for the government sector with strict data regulations. With different policies and compliance requirements for multiple cloud providers, data governance becomes even more complex, and interoperability can be an issue in ensuring seamless communication and coordination among different cloud platforms and services. 

In our October episode, the crew is excited to introduce repeat guests Tim Hayes, Microsoft 365 Program Coordinator at the Department of State, and John Peluso, Chief Product Officer for AvePoint, to explore insights, challenges, and the latest trends in cross-cloud collaboration.  

Whether in Commercial, Government Community Cloud (GCC), GCC High, or Department of Defense (DoD) Cloud, learn how to collaborate effectively across different cloud environments with technologies and strategies that can help achieve seamless and secure cross-cloud collaboration.  

Watch the full episode below or read on as we highlight key points of the discussion.

 

External Sharing in Microsoft 365 

Microsoft 365 offers various options for external sharing, depending on the level of collaboration and security you need. However, these options may vary depending on whether you use a commercial, GCC, GCC High, or DoD license.  

For light and occasional collaboration, such as email and meetings, you can use external sharing features that do not require external users to sign in or have a Microsoft account. For example, you can send email invitations to external users or allow them to join meetings anonymously. However, you should be mindful of the security risks and best practices for these scenarios, as they may not have the same level of protection as internal collaboration.   

For more structured collaboration, such as file sharing, Teams projects, or giving access to SharePoint sites, you can use external sharing features that require the external users to sign in and verify their identity. For example, you can add external users as guests to your Teams or SharePoint sites or use Azure B2B to invite them to your tenant and grant them access to specific resources. These options provide more control and visibility over external access but require more configuration and management.   

External sharing in Microsoft 365 can be complex and challenging, especially when dealing with different licenses and scenarios. That is why it is essential to understand the available options and how they work so you can choose the best one for your needs. 

Cross-Cloud Collaboration in Government 

Much like the structured external sharing scenarios above, government agencies collaborate between local or overseas inter-agencies by bringing everybody into one platform. This was how government teams communicated and shared documents and information with each other. 

But while most agencies already operate under a well-functioning guest access program, there were tighter controls to navigate around, which makes it a bit more challenging than Commercial cloud collaboration. For example, to be invited as a guest, users need a .gov or .mail domain first. So when government organizations interact with their overseas embassies or other agencies from a different cloud, they must log out of their home agency and into the state.gov network or vice versa. 

Cross-Cloud Collaboration Options in Microsoft 365 

Depending on your collaboration needs, there are different mechanisms to enable cross-cloud collaboration in Microsoft 365. Some configurations are turned on by default, while others require you to enable them manually. Below are some examples of cross-cloud collaboration scenarios Microsoft supports: 

• If you want to chat with external users, you need to enable chat federation. This is disabled by default, but you can turn it on by adding the domain of the external organization to your allowed list. The external organization also needs to do the same for you. 
• Business-to-business (B2B) collaboration allows you to invite guests to your tenant and access your resources. It is enabled and open by default unless you set up some restrictions. Guests can be from any cloud, such as commercial, GCC, or GCC High.
• Azure commercial is where B2B guests from commercial Microsoft 365 and GCC Microsoft 365 live. Similar to B2B collaboration, the commercial and GCC customers can decide whether or not they want to allow guests from GCC High into their tenant. 
• Cross-tenant access policies are also available in Microsoft Entra ID (formerly Azure AD) for all the clouds, where you can set up both guest collaboration and B2B Direct Connect. While this is more complex to set up, it has powerful collaboration capabilities like Shared Channels that allow organizations to work in a shared channel without switching tenants. 

To ensure the right level of protection, it’s critical to understand the configurations in Microsoft 365. While others are a bit more complicated and others much more flexible, making sure it is set up properly allows your organization to leverage the power of cross-cloud collaboration without sacrificing security. 

Securing Cross-Cloud Collaboration  

With new capabilities coming in for cross-cloud collaboration, it may take a while to set things up with the assurance that it has the proper controls and security. No matter how big or small your organization is, following these three fundamental tips (in addition to your other security practices) will help you ensure cross-cloud collaboration security: 

1. Improve management of shared documents.

In the past, one of the main security challenges for external collaboration was that people would send documents as email attachments. This meant that organizations typically lost control of the document once it left their users’ inbox – it could be forwarded to another organization, duplicated, or modified without their knowledge. 

With Microsoft’s new collaboration platforms like Teams and SharePoint, securing collaboration is easier because users can now share documents through links instead of attachments. This way, they don’t have to download or upload files whenever they want to share them. Moreover, they can also check who has access to the document and revoke it if needed. This provides a more secure and convenient way of managing shared documents. 

2. Review guest access regularly. 

Typically, workspace and content owners are the most knowledgeable of the purpose and duration of the access they grant to the information. Rather than turning access on at the tenant level, where everybody could request access to the information for external users, delegating that responsibility to the owners, who can best judge whether or not people need access, is key.  

Today, third-party tools can help automate the review of guest access with the Teams owner so the process of recertifying guest access is more seamless and automated. 

3. Assess your risk profile. 

Assessing your risk profile is critical to ensure your policies are applied, and your data governance posture remains secure. While there are native audit logs available to check your sharing footprint, this can be time-consuming due to the manual process involved.  

To help you look more holistically at your risk profile, you can leverage third-party solutions that help provide insights into your collaboration practices, like which resources are shared with external users, if there are active links that need to be retired, who exactly has access to which resource, and more. 

Getting Started: What You Need to Prepare 

Ready to start enabling cross-collaboration with your tenant? Here are a few things you need to focus on to prepare: 

1. Knowledge: gain a deep understanding of cross-cloud collaboration options in your cloud. 

There are a lot of collaboration settings in Microsoft, many of which change frequently. Understanding your options is essential to prepare for any changes or updates. This is vital because you have to develop the expertise so you can show your agency that whatever you’re doing will protect the information and that you understand how this will function. 

To get started, there are a lot of primers available from both Microsoft and AvePoint about how the concept of cross-collaboration works. 

2. Communication: relay the information and educate. 

Many decisions, especially in government, aren’t ones that IT makes in isolation. A lot of times, approvals are needed. To ensure that the rest of your business stakeholders are onboard, it’s then important to learn how to downstream that knowledge to communicate the risks involved while assuring that controls are in place.  

3. Prepare better: explore more advanced tools. 

Many people in government need to realize that there aren’t a lot of built-in native tools in Microsoft 365 to help you manage security challenges. The configuration is there to set things up, but some great tools should be considered to help mitigate the risks and concerns because the native toolset doesn’t do it all for you.  

When you need additional control, some solutions provide more advanced capabilities to control and secure cross-cloud collaboration more efficiently and seamlessly. 

What’s in the Roadmap? 

Microsoft has some great cross-cloud collaboration capabilities coming in. Below are two of the most exciting things to look forward to: 

• Teams cross-cloud guest access 

This past month, users from different clouds can now have a rich collaboration experience with the existing guest access functionality extended across all clouds. This means guests can join Teams, participate in channels, access documents, be part of one-on-one group chats and Teams meetings, and even share files as long as the guest access is enabled between either cloud or tenants, even if they’re in different clouds.  

• Teams cross-cloud authenticated meeting

Teams users can now also join a meeting in another cloud while signed into their account in their home tenant. This new cross-cloud capability allows the meeting host to validate the identities of the people coming into the meeting without granting those participants any access to the host tenant. 

Invited users don’t have to be a guest; they can just be authenticated in their home tenant, and everyone can enjoy a native meeting experience regardless of where the people are joining from. 

Get in touch! 

Have further questions? Reach out to our guests to dive deeper into collaboration options in Microsoft 365: 

Tim Hayes: Tim Hayes | LinkedIn 

John Peluso: John Peluso | LinkedIn 

Dive deeper into navigating digital transformation for the government sector by subscribing to the Microsoft 365 Government Community Call or downloading this ebook: