Office 365 Groups are an amazing part of Microsoft’s ecosystem that add a key layer of collaboration to the platform. With recent updates, creating an Office 365 Group now also creates a team mailbox, task management tool, file library, team calendar, and notebook. By integrating the different ways of creating and sharing information across Exchange/Outlook, SharePoint Online, Planner, and OneNote, Office 365 Groups makes it that much more intuitive to collaborate on a single project across departments and Office 365 apps.
The Caveat: Managing Office 365 Groups
Managing Office 365 Groups as an IT administrator, however, is not as simple. Activating Groups in your environment is like a circuit breaker. This means once turned on, it’s easy for anyone to create and own a Group, share content within a Group, modify membership, or delete a Group. It’s also simple for users to accidentally create a Group, as a Group can be provisioned unintentionally when using a number of Office 365 apps (for example, making a shared Planner or a Microsoft Team will automatically create a Group).
Also, when administrators turn on Office 365 Groups functionality for their end users, the default for any provisioned Group is to be public. Unless a user chooses to make a Group they have created private, any content uploaded or added to that Group will be made public and appear in Office 365 search results. This means that if I share a sensitive document with access permissions to my public Group, any user in Office 365 will be also be given access. (There’s more to this story, but we’ll dive into that in a later blog as part of our Office 365 Groups Playbook).
As an IT administrator managing Office 365 Groups with only native processes, you’ll face three challenges:
- Preventing a sprawl of Groups or redundant Groups from overtaking your environment,
- Enforcing permissions and privacy policies on Group creation, membership, and sharing
- Applying your information architecture to each Office 365 Group
Managing Office 365 Groups with Governance Automation Online
To address these challenges, Governance Automation Online — AvePoint’s automated IT management solution — uses simple self-service forms to strike that balance between enforcing governance over Office 365 Groups and getting your users what they need quickly. Here’s how:
1) Regulated Provisioning of Office 365 Groups
Each request is automatically routed through necessary approval processes — which can be anywhere from automatic provisioning upon request, or pending approval from IT and/or designated business users. By permitting Groups to be created only through a service request form, administrators can ensure that each Group is created with a specific business purpose and without redundancy.
Each Group is also provisioned with a lease to simplify the end-of-life process for a Group. At the end of the lease, a Group is automatically marked for deletion, archival, or renewal — it simply depends on your record retention service level agreements (SLAs).
2) Comprehensive Permissions Management for Office 365 Groups
The Governance Automation Online service request to make an Office 365 Group is visible based on the user’s business role. This offers more scalable and granular permissions management of who can create a Group. Office 365 Groups provisioned with Governance Automation Online are also pre-configured with proper privacy settings based on who is requesting and the intended use of the Group, which will be specified by the user in the form.
More importantly, every Group provisioned with Governance Automation Online designates the administrator as the owner of the Group. This adds an important layer for managing Office 365 Groups, helping prevent business users from accidentally sharing content with unauthorized users or deleting an Office 365 Group.
You also have the option to set up additional service requests such as add new Group members, renew a Group, delete a Group, or make changes to a Group’s privacy settings. By using self-service request forms for these actions, administrators gain a clear activity trail on how a Group is used over time, who is requesting the changes, and why those changes are necessary.
3) Reporting and Classification for Office 365 Groups
When building the Office 365 Groups self-service form, IT administrators have the option to apply custom metadata values to the request. This allows you to generate a catalogue list or export reports of how many Groups exist in your environment, how much space they’re taking up, and what classifications they have associated with them through a single pane of glass.
Try it Yourself!
Don’t just take our word for it. Try Governance Automation Online free for 30 days! As a 100% Microsoft Cloud-based SaaS solution, there is zero installation required. Simply connect your Office 365 account to get started.