Find out how this Australian university mitigated collaboration risk and controlled sprawl in Microsoft 365 with AvePoint.

Success Highlights

Automated provisioning guidelines to support ownership, lifecycles, compliance, and efficiency
Implemented retention policies and defensible lifecycle management
Enhanced monitoring of workspace usage and lifecycles
Decreased the number of active guest users by 80%
Griffith university banner
Gu Logo

Customer Location Queensland, Australia

Industry Education

Platform Microsoft 365

Download the Case Study PDF

Griffith University is a public research university in Queensland on the east coast of Australia. Consistently ranking in the top 2 percent of universities globally, their degrees are designed with industry in mind, the future in sight, and social impact at heart. With more than 55,000 students, their community spans five campuses across Southeast Queensland, plus their Digital campus, complemented by a global alumni network of over 200,000 graduates.

Critical Needs

  • Protection of sensitive data
  • Advanced, customized self-service workspace provisioning
  • Reduction in tenant size with defensible lifecycle management
  • Workspace configuration enforcement and security monitoring

The Challenge

There are several use cases for how Griffith University uses its Microsoft 365 tenant: they have students who have access to create their own workspaces, staff creating collaboration spaces for general university business, and researchers using workspaces for collaboration. They also have an integration with their learning management system to deliver hybrid learning. Without a disposal strategy, many of these short-term sites outlive their utility.

The result: a large and complex tenant, totaling more than 85,000 users and 75,000 workspaces. As the number of users and sites continued to skyrocket, the University feared their tenant was becoming the “wild, wild west,” susceptible to worst-case scenarios like sprawl, oversharing, and even data breaches.

They attempted to undertake a manual “certification” of the workspaces in the tenant, reviewing settings and permissions and verifying sites were still necessary. This took a large amount of effort, resulted in a sub-optimal user experience, and ultimately was only a snapshot for a specific point in time.

The University knew they needed to implement proper automated governance to ensure secure and long-term management of their large tenant.

Griffith university image01

We attempt to limit the restrictions we place on how people use Microsoft 365. Our goal is to manage growth and reduce the size of the tenant, so we are only managing active content and active workspaces. AvePoint lets us have that vision, but also enable critical governance.

Tegan Valentine
Senior Information Solutions Analyst, Griffith University

The AvePoint Solution

AvePoint Cloud Governance was Griffith’s answer. Cloud Governance delivers a wide range of IT services while automating and controlling the management of content ownership, policies, and lifecycle according to evolving business needs.

The University uses Cloud Governance to properly manage its workspaces, enhancing the provisioning process to enable lifecycle management.

“The provisioning process is the same for users, but so much easier for IT in the background – we can finally manage workspaces at scale,” says Gabrielle Ingram, Head of Information Management and Solutions at Griffith University. “With Cloud Governance’s MyHub, we can capture information that allows us to make use of advanced retention capabilities in Microsoft Purview, improving our lifecycle management across the tenant.”

Prior to Cloud Governance, none of their sites had active retention and lifecycle management, leaving their tenant vulnerable. In fact, “It wasn’t possible,” says Giuseppe Poli, Digital Adoption Specialist at Griffith. “We didn’t have the proper metadata for it. But now, we can mandate collection at provisioning, as well as naming conventions and ownership standards, which is critical for long-term information management.”

By November, more than 40,000 sites will have active retention and lifecycle management, reducing the University’s risk. They also plan to decrease the number of workspaces by at least 25,000 by defensible disposal of inactive and outdated workspaces to reduce management burden and opportunities for breaches.

In addition to better workspace management, Griffith was looking to reduce risk and prevent data leaks. Namely, they wanted more insights into their tenant, particularly where sensitive content was stored and how it was protected. They also wanted a way to prevent users from inadvertently changing workspaces to Public and to stop students from being added to sites with staff-only content. Their solution: AvePoint Policies & Insights.

“With Policies & Insights, we can be assured we don’t have the ‘Everyone’ group assigned to any sites. We can also easily monitor the number of Public Teams, which is very tightly controlled,” says Gabrielle.

The University also leveraged Policies & Insights to get a handle on its guest users. They ran a Policies & Insights scan and realized they had a staggering 35,000 guest users. Using usage reports, they were able to reduce the number of external users to 7,000 by deleting and blocking access for inactive accounts. “We plan to rely heavily on Policies & Insights to manage guest users; there isn’t another way to do it.”

Griffith university image02

The Road Ahead

With a tenant of Griffith’s size and complexity, they still have a way to go to fully implement their operational governance. However, AvePoint solutions have helped them build a roadmap to securely manage their Microsoft 365 at scale and even future-proof the University for the challenges of tomorrow.

“Recently, Australia’s new privacy commissioner announced significant reform around privacy and financial penalties for breaches,” says Gabrielle. “Thanks to AvePoint solutions, we are well-positioned to meet these new requirements in M365, with active lifecycle management and defensible disposal, as well as sensitivity labels and active security monitoring.”

For others looking to take back control of their M365 tenants, Gabrielle says, “Our only regret is that we did not implement this five years ago when we went live with our tenant. Our advice: do it sooner rather than later!”

Get started with AvePoint's SaaS management solutions today.

Discover better multi-SaaS management practices to improve your SaaS operations and create a safer and more secure digital workplace.

Ready to Discover How AvePoint Can Transform Your Data Protection Strategy?

Get a Demo
Microsoft 365GovernanceCompliance

AvePoint Products