We attempt to limit the restrictions we place on how people use Microsoft 365. Our goal is to manage growth and reduce the size of the tenant, so we are only managing active content and active workspaces. AvePoint lets us have that vision, but also enable critical governance.
Griffith University is a public research university in Queensland on the east coast of Australia. Consistently ranking in the top 2 percent of universities globally, their degrees are designed with industry in mind, the future in sight, and social impact at heart. With more than 55,000 students, their community spans five campuses across Southeast Queensland, plus their Digital campus, complemented by a global alumni network of over 200,000 graduates.
There are several use cases for how Griffith University uses its Microsoft 365 tenant: they have students who have access to create their own workspaces, staff creating collaboration spaces for general university business, and researchers using workspaces for collaboration. They also have an integration with their learning management system to deliver hybrid learning. Without a disposal strategy, many of these short-term sites outlive their utility.
The result: a large and complex tenant, totaling more than 85,000 users and 75,000 workspaces. As the number of users and sites continued to skyrocket, the University feared their tenant was becoming the “wild, wild west,” susceptible to worst-case scenarios like sprawl, oversharing, and even data breaches.
They attempted to undertake a manual “certification” of the workspaces in the tenant, reviewing settings and permissions and verifying sites were still necessary. This took a large amount of effort, resulted in a sub-optimal user experience, and ultimately was only a snapshot for a specific point in time.
The University knew they needed to implement proper automated governance to ensure secure and long-term management of their large tenant.
AvePoint Cloud Governance was Griffith’s answer. Cloud Governance delivers a wide range of IT services while automating and controlling the management of content ownership, policies, and lifecycle according to evolving business needs.
The University uses Cloud Governance to properly manage its workspaces, enhancing the provisioning process to enable lifecycle management.
“The provisioning process is the same for users, but so much easier for IT in the background – we can finally manage workspaces at scale,” says Gabrielle Ingram, Head of Information Management and Solutions at Griffith University. “With Cloud Governance’s MyHub, we can capture information that allows us to make use of advanced retention capabilities in Microsoft Purview, improving our lifecycle management across the tenant.”
Prior to Cloud Governance, none of their sites had active retention and lifecycle management, leaving their tenant vulnerable. In fact, “It wasn’t possible,” says Giuseppe Poli, Digital Adoption Specialist at Griffith. “We didn’t have the proper metadata for it. But now, we can mandate collection at provisioning, as well as naming conventions and ownership standards, which is critical for long-term information management.”
By November, more than 40,000 sites will have active retention and lifecycle management, reducing the University’s risk. They also plan to decrease the number of workspaces by at least 25,000 by defensible disposal of inactive and outdated workspaces to reduce management burden and opportunities for breaches.
In addition to better workspace management, Griffith was looking to reduce risk and prevent data leaks. Namely, they wanted more insights into their tenant, particularly where sensitive content was stored and how it was protected. They also wanted a way to prevent users from inadvertently changing workspaces to Public and to stop students from being added to sites with staff-only content. Their solution: AvePoint Policies & Insights.
“With Policies & Insights, we can be assured we don’t have the ‘Everyone’ group assigned to any sites. We can also easily monitor the number of Public Teams, which is very tightly controlled,” says Gabrielle.
The University also leveraged Policies & Insights to get a handle on its guest users. They ran a Policies & Insights scan and realized they had a staggering 35,000 guest users. Using usage reports, they were able to reduce the number of external users to 7,000 by deleting and blocking access for inactive accounts. “We plan to rely heavily on Policies & Insights to manage guest users; there isn’t another way to do it.”
With a tenant of Griffith’s size and complexity, they still have a way to go to fully implement their operational governance. However, AvePoint solutions have helped them build a roadmap to securely manage their Microsoft 365 at scale and even future-proof the University for the challenges of tomorrow.
“Recently, Australia’s new privacy commissioner announced significant reform around privacy and financial penalties for breaches,” says Gabrielle. “Thanks to AvePoint solutions, we are well-positioned to meet these new requirements in M365, with active lifecycle management and defensible disposal, as well as sensitivity labels and active security monitoring.”
For others looking to take back control of their M365 tenants, Gabrielle says, “Our only regret is that we did not implement this five years ago when we went live with our tenant. Our advice: do it sooner rather than later!”
Get started with AvePoint's SaaS management solutions today.
Discover better multi-SaaS management practices to improve your SaaS operations and create a safer and more secure digital workplace.
Our experts are on it! We'll be in touch shortly to get you set up.
