What is collaboration governance?
Collaboration governance is how you manage users' access to resources, compliance with your business standards, and ensure the security of your data.
Organizations today are using a diverse tool set. There's the team of developers using team chat, the executives sending email, and the entire organization connecting over enterprise social. Multiple collaboration tools are in use because every group is unique and has their own functional needs and work style. Some will use only email while others will live primarily in chat.
If users feel the IT-provided tools do not fit their needs, they will likely download their favorite consumer app which supports their scenarios. Although this process allows users to get started quickly, it leads to a frustrating user experience across the organization with multiple logins, difficulty sharing, and no single place to view content. This concept is referred to as "Shadow IT" and poses a significant risk to organizations. It reduces the ability to uniformly manage user access, ensure security, and service compliance needs.
Services such as Microsoft 365 groups, Teams, and Viva Engage empower users and reduces the risk of shadow IT by providing the tools needed to collaborate. Microsoft 365 has a rich set of tools to implement any governance capabilities your organization might require.
This series of articles will help you understand how groups, teams, and SharePoint settings interact, what governance capabilities are available, and how to create and implement a governance framework for the collaboration features in Microsoft 365.
There are many options for deploying Microsoft 365 Groups and Teams for secure collaboration in your organization. We recommend you use this governance content alongside Set up secure file sharing and collaboration with Microsoft Teams and its associated articles to create the best collaboration solution for your organization.
If your organization is multi-national and you have data residency requirements for different geographies, include Microsoft 365 Multi-Geo as part of your collaboration governance plan.
Microsoft 365 groups let you choose a set of people with whom you wish to collaborate, and easily set up a collection of resources for those people to share. Adding members to the group automatically grants the needed permissions to all assets provided by the group. Both Teams and Viva Engage use Microsoft 365 groups to manage their membership.
Microsoft 365 groups include a suite of linked resources that users can use for communication and collaboration. Groups always include a SharePoint site, Planner, and a mailbox and calendar. Depending on how you create the group, you can optionally add other services such as Teams, Viva Engage, and Project.
Resource | Description |
---|---|
Calendar | For scheduling events related to the group |
Inbox | For email conversations between group members. This inbox has an email address and can be set to accept messages from people outside the group and even outside your organization, much like a traditional distribution list. |
OneNote notebook | For gathering ideas, research, and information |
Planner | For assigning and managing project tasks among your group members |
Project and Roadmap | Web-based project management tools |
SharePoint team site | A central repository for information, links and content relating to your group |
Teams | A chat-based workspace in Microsoft 365 |
Viva Engage | A common place to have conversations and share information |
Microsoft 365 Groups includes a variety of governance controls, including an expiration policy, naming conventions, and a blocked words policy, to help you manage groups in your organization. Because groups control membership and access to this suite of resources, managing groups is a key part of governing collaboration in Microsoft 365.
There are multiple places to collaborate and have conversations within Microsoft 365. Understanding where users can start conversations can help you define a strategy for communication.
There are three main communication methods supported by Microsoft 365:
- Outlook: collaboration through email, including with a shared group inbox and calendar
- Microsoft Teams: a persistent-chat-based workspace where you can have informal, real-time, conversations around a variety of topics, organized by specific sub-groups
- Viva Engage: enterprise social experience for collaboration
Teams: chat-based workspace (high velocity collaboration)
- Built for collaboration with the people your users work with every day
- Puts information at the fingertips of users in a single experience
- Add tabs, connectors and bots
- Live chat, audio/video conferencing, recorded meetings
Viva Engage: connect across the org (enterprise social)
- Communities of practice - Cross-functional groups of people who share a common interest or expertise but are not necessarily working together on a day-to-day basis
- Leadership connection, learning communities, role-based communities
Mailbox and calendar (email-based collaboration)
- Used for targeted communication with individuals or a group of people
- Shared calendar for meetings with other group members
As you determine how you want to use collaboration features in Microsoft 365, consider these methods of communication and which your users are likely to use in different scenarios.
Note
When a new Microsoft 365 group is created via Viva Engage or Teams, the group isn't visible in Outlook or the address book because the primary communication between those users happens in their respective clients. Viva Engage groups cannot be connected to Teams.
As you start your governance planning process, keep these best practices in mind:
Talk to your users - identify your biggest users of collaboration features and meet with them to understand their core business requirements and use case scenarios.
Balance risks and benefits - review your business, regulatory, legal, and compliance needs and plan a solution that optimizes for all outcomes.
Adapt to different organizations and different types of content and scenarios - consider the different needs for different groups or departments and different types of content such as intranet content versus a user's OneDrive content.
Align to business priorities - business goals will help you define how much time and energy you need to invest in governance.
Embed governance decisions directly in the solutions you create - many governance decisions can be implemented by turning on or off features in Microsoft 365.
Use a phased approach - Roll collaboration features out to a small group of users first. Get feedback from them, watch for help desk tickets, and update any needed settings or processes before proceeding to a larger group.
Reinforce with training - adapt solutions such as Microsoft 365 learning pathways to ensure that your organization-specific expectations are reinforced with Microsoft-provided training.
Have a strategy for communicating governance policies and guidelines in your organization - create a Microsoft 365 Adoption Center in a SharePoint communication site to communicate policies and procedures.
Define roles and responsibilities - identify your governance core team and work through key governance decisions about provisioning and naming and external access first, and then work through the remaining decisions.
Revisit your decisions as business and technology changes - meet periodically to review new capabilities and new business expectations.
For a closer look at these practices, read Create your collaboration governance plan.
Because groups and teams can be created in several ways, we recommend training your users to use the method that fits your organization the best:
- If your organization has deployed Teams, instruct your users to create a team when they need a collaboration space.
- If your organization does most of its communication using email, instruct your users to create groups in Outlook.
- If your organization heavily uses SharePoint or is migrating from SharePoint on-premises, instruct your users to create SharePoint team sites for collaboration.
This helps avoid confusion if users are unfamiliar with how groups relate to their related services. For more information about how to talk to your users about groups, see Explaining Microsoft 365 Groups to your users.
Governance capabilities for collaboration in Microsoft 365 include features in Microsoft 365, Teams, SharePoint, and Microsoft Entra ID.
Capability or feature | Description | Licensing |
---|---|---|
Team and site sharing | Control if teams, groups, and sites can be shared with people outside your organization. | Microsoft 365 E5 or E3 |
Domain allow/block | Restrict sharing with people outside your organization to people from specific domains. | Microsoft 365 E5 or E3 |
Self-service site creation | Allow or prevent users from creating their own SharePoint sites. | Microsoft 365 E5 or E3 |
Restricted site and file sharing | Restrict site, file, and folder sharing to members of a specific security group. | Microsoft 365 E5 or E3 |
Restricted group creation | Restrict team and group creation to members of a specific security group. | Microsoft 365 E5 or E3 with Microsoft Entra ID P1 or P2 or Microsoft Entra Basic EDU licenses |
Group naming policy | Enforce prefixes or suffixes on group and team names. | Microsoft 365 E5 or E3 with Microsoft Entra ID P1 or P2 or Microsoft Entra Basic EDU licenses |
Group expiration policy | Set inactive groups and teams to expire and be deleted after a specified period of time. | Microsoft 365 E5 or E3 with Microsoft Entra ID P1 or P2 licenses |
Per-group guest access | Allow or prevent team and group sharing with people outside your organization on a per-group basis. | Microsoft 365 E5 or E3 |
Additionally, these add-on licenses provide enhanced governance capabilities:
- Microsoft Teams Premium provides compliance capabilities for meetings, including watermarks, encryption, and sensitivity labels.
- Microsoft Syntex - SharePoint Advanced Management provides policies for content access, collaboration and lifecycle management.
Follow these basic steps to create your governance plan:
- Consider key business goals and processes - create your governance plan to meet the needs of your business.
- Understand settings in services - settings in groups and SharePoint interact with each other, as do settings in groups, SharePoint and Teams and other services. Be sure to understand these interactions as you plan your governance strategy.
- Plan to manage user access - plan the level of access you want to grant users in groups, SharePoint, and Teams.
- Plan to manage compliance settings - review the available compliance options for Microsoft 365 groups, Teams, and SharePoint collaboration.
- Plan to manage communications - review the available communications governance options for collaboration scenarios.
- Plan for organization and lifecycle governance - choose the policies you want to use for group and team creation, naming, expiration, and archiving. Also, understand the end of lifecycle options for groups, teams, and Viva Engage
These training modules from Microsoft Learn can help you learn the governance features in Microsoft 365.
- Introduction to information protection and data lifecycle management in Microsoft Purview - Learn how Microsoft 365 information protection and data lifecycle management solutions help you protect and govern your data, throughout its lifecycle.
- Microsoft Security, Compliance, and Identity Fundamentals: Describe the capabilities of Microsoft compliance solutions - Learn about compliance solutions in Microsoft. Topics covered will include compliance, information protection, and governance in Microsoft 365, Insider Risk, audit, and eDiscovery solutions. Also covered are Azure resources governance capabilities.
These illustrations will help you understand how groups and teams interact with other services in Microsoft 365 and what governance and compliance features are available to help you manage these services in your organization.
What IT architects need to know about groups in Microsoft 365
Item | Description |
---|---|
PDF | Visio Updated May 2022 |
These illustrations detail the different types of groups, how these are created and managed, and a few governance recommendations. |
The logical architecture of productivity services in Microsoft 365, leading with Microsoft Teams.
Item | Description |
---|---|
Updated April 2019 |
Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities. This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams. |
Microsoft 365 includes a broad set of information protection and compliance capabilities. Together with Microsoft’s productivity tools, these capabilities are designed to help organizations collaborate in real time while adhering to stringent regulatory compliance frameworks.
This set of illustrations uses one of the most regulated industries, financial services, to demonstrate how these capabilities can be applied to address common regulatory requirements. Feel free to adapt these illustrations for your own use.
Item | Description |
---|---|
English: Download as a PDF | Download as a Visio Japanese: Download as a PDF | Download as a Visio Updated November 2020 |
Includes:
|
Microsoft 365 security documentation
Microsoft Purview documentation
Video Governance & Security Practices for Microsoft 365 - Microsoft Ignite | OD13