Bringing Clarity to Collaboration: Gonzaga University’s Governance Journey
Success Highlights
Gained centralized visibility into Microsoft 365 data risks through a single-pane-of-glass dashboard
Reduced high-risk exposures by prioritizing and remediating top risks first
Automated remediation of risky sharing settings and public site creation
Enabled a small security team to proactively manage risk across hundreds of collaboration spaces
Location Spokane, Washington
Industry Education
Platform Microsoft 365, Google Workspace
Gonzaga University is a private Jesuit university located in Spokane, Washington. Guided by a mission centered on collaboration, responsibility, and service, Gonzaga supports a highly connected academic environment where faculty, staff, and students rely on modern collaboration tools to share information and support learning.
Critical Needs
- Improve visibility into oversharing and external data access risks
- Replace costly and complex legacy tools with a more intuitive solution
- Enable faster remediation of high-risk exposures with limited staff resources
- Establish automated governance for Microsoft 365 collaboration environments
The Challenge
At Gonzaga University, collaboration is central to both learning and institutional culture. As a Jesuit university, Gonzaga is committed to educating students in a way that emphasizes collaboration, responsibility and service — an approach that encourages open communication and information sharing across faculty, staff, and students.
That same collaborative culture, however, created security challenges.
“Microsoft makes it very easy to share data — sometimes too easy,” said Angel Alvarez, Director of Information Security at Gonzaga. “You can create an ‘anyone’ link and send it out, and you don’t always know who that link gets forwarded to. Suddenly, your data is just out there.”
Without centralized visibility into information sharing, identifying potential exposure risks was difficult. In a university environment where new teams and collaboration spaces are constantly created, oversight can quickly become overwhelming.
“In higher education, people create Teams or SharePoint sites all the time, and sometimes those owners graduate or move on,” said Michael Lavoie, Security Analyst at Gonzaga. “You end up with sites that have no owners or users who still have access even though they haven’t logged in for years.”
Gonzaga previously relied on legacy governance tools, including Varonis, but visibility gaps and configuration complexity made it difficult to act quickly on emerging risks. Native Microsoft tools also lacked the centralized oversight needed to manage collaboration securely at scale. With a lean security team responsible for monitoring a large and constantly changing environment, manual processes created delays and limited the team’s ability to proactively reduce risk.
Ultimately, Gonzaga needed a solution that could provide clear visibility into sharing activity, simplify remediation workflows, and support efficient governance across its Microsoft 365 environment.
AvePoint gives us a single pane of glass where we can see what’s happening and quickly identify the biggest risks. We can click on the highest-risk items and remediate them right away.
Director of Information Security, Gonzaga University
The AvePoint Solution
To strengthen visibility and streamline governance, Gonzaga implemented AvePoint to centralize monitoring and standardize how risk was identified and remediated across Microsoft 365.
With prioritized insights displayed in a single dashboard, the security team gained a consolidated view of collaboration risks across Teams, SharePoint, and other services. Instead of navigating multiple tools, administrators could quickly identify high-risk configurations and take action from a single interface.
“AvePoint gives us a single pane of glass where we can see what’s happening and quickly identify the biggest risks,” said Angel. “We can click on the highest-risk items and remediate them right away.”
Automation became a core component of Gonzaga’s governance strategy. Policies were configured to automatically detect and correct risky settings — such as publicly accessible sites or overly permissive sharing links — reducing the need for manual review. The platform also surfaced orphaned sites and inactive users, helping administrators identify resources that required cleanup or reassignment.
By standardizing how risks were surfaced and addressed, AvePoint enabled Gonzaga to establish a more consistent and scalable governance model.
Outcomes
With centralized visibility and standardized remediation processes in place, Gonzaga strengthened its ability to manage Microsoft 365 risk while operating with limited staff resources.
The team established a repeatable approach to addressing risk, focusing first on the most critical exposures and systematically working through lower-priority issues. This structured workflow helped stabilize Gonzaga’s overall risk posture and reduced the likelihood of unmanaged sharing or lingering access.
“We start with the highest-risk items and work our way down,” said Michael. “We’ve been able to keep those top-risk numbers at zero by addressing them right away.”
Greater transparency across the environment also enabled the team to identify previously hidden risks, including inactive accounts and unused collaboration spaces. Addressing these issues reduced unnecessary access and improved long-term governance hygiene across the university.
By reducing manual workload and improving response speed, Gonzaga shifted from reactive oversight to proactive risk management, allowing a small team to maintain stronger control over a growing collaboration environment.
The Road Ahead
As collaboration technologies continue to evolve, Gonzaga is working with AvePoint to expand governance beyond Microsoft 365 and into additional platforms, particularly Google Workspace, which remains widely used across academic environments.
“With tools like Gemini driving more use of Google Drive, we knew we needed visibility there too,” said Angel.
By extending governance across both Microsoft and Google environments, Gonzaga is building a more unified approach to collaboration security — one that allows the university to support innovation while maintaining strong oversight. Together with AvePoint, Gonzaga is positioning its security program to scale alongside evolving technologies, ensuring that collaboration remains both accessible and secure for years to come.