Preventing and Managing Teams Sprawl

Posted on by

In October 2020, Microsoft announced that Teams had reached 115 million daily users. This growth reflects the continued demand for technology to support remote work, helping teams and organisations stay productive. While many Australian companies are staging a return to the office, there is no doubt a cultural shift has taken place and collaboration hub technology will continue to play a big part of hybrid work in the future.

By providing a single portal for meetings, chat, task management and business processes, Microsoft Teams makes communication and collaboration between users easier and more productive with very little set-up required. But with great power comes great responsibility.

What causes Teams Sprawl?

The default setting for Microsoft Teams allows anyone to create a Team and because it’s so easy to set up and use, it is tempting to create a new Team at the slightest provocation. Many users think of Teams as a tool for meetings and chat and will set up a new Team for this purpose, without checking if an existing Team already exists.

This results in multiple chat streams, duplicated or outdated document links and difficulties in locating conversations and resources.

Security Risk

In addition, because Teams supports working across the Microsoft 365 suite, each Team creates a new Microsoft 365 Group which then spawns a host of supporting spaces including an Outlook group, SharePoint Team site, Calendar, Planner board and more. IT Admins may periodically clean up unused Teams but this will not delete these corresponding shared spaces.

This poses a security risk because it’s difficult to manage security for these orphaned Outlook groups and SharePoint sites.

Teams governance is essential to maintain productivity and security.

Microsoft 365 Groups and related services

Teams Governance to prevent sprawl

1)    Define who can create Teams

The whole point of most cloud-based productivity services is that they provide freedom for users to connect and create, without dragging in IT every time they need to co-author a document. To try and find a balance between total anarchy and Orwellian control, make sure you educate your users on the above risks and circulate a checklist of actions to complete before a new Team is created.

Adding a new Teams security group

You also have the option to restrict Group creation  to the members of a Microsoft security group.

1. From the Groups page of your admin centre, create a new group

2. Choose security as the group type and make a note of the Group name.Add users or existing groups - members will require Azure AD premium or Azure AD Basic EDU licenses.

3. Complete the setup.

4. Use PowerShell to run commands (available in Microsoft 365 support pages) to manage group creation restriction. This is where you will need your Group name.

5. Check the set-up by signing in as a non-Group member and trying to create a new Team.

NOTE: Limiting Group creation also  impacts the services that rely on groups for provisioning, including Outlook, SharePoint, Planner, PowerBI, Yammer and of course Teams.

2)    Teams Naming Conventions

Maintain Teams hygiene by using Azure AD naming policy for Microsoft 365 Groups. Team names can identify purpose, membership, location and more. Effective Team names prevent duplicates – if it’s clear what a Team is for, it’s less likely a new one will be set up for a similar function.

A Microsoft Group naming policy is not just something you create and then email around – it’s an actual set-up in your Microsoft tenant. You can require prefixes and suffixes, and block certain words from being used. Check out Microsoft’s useful guide to group naming policies.

 

3)    Team Ownership

Within Microsoft Teams there are two user roles: owner and member. If someone creates a new Team, they are by default the Owner and have the ability to edit the Team name, add members and delete the Team.

Teams with confidential information can have Owner Members rather than owners, so that no individual user has control. To help with management of this Team, you might set up a process where any changes to this Team need to be submitted via Helpdesk.

4)    Use it or lose it

The key to preventing zombie SharePoint sites and Planner boards piling up in an admin nightmare is Group expiration. When a group expires, its connected services (email, Team, Planner, SharePoint etc) are also deleted. Group expiry is set in days and Groups that are in use are automatically reactivated. Even when expiry comes around it’s not 100% final and results in ‘soft deletion’ so it can be recovered for up to 30 days if you suddenly need it back.

Expiration is turned off by default so if you want to activate it, read Microsoft’s 356 Groups Expiration Policy.

Teams Sprawl Checklist

Is this all a bit much? Here’s a handy checklist to help break the elephant down into bite size pieces.

  1. 1. Get buy-in from senior leaders by convincing them of the very real risks to productivity, efficiency and security that Teams sprawl can pose.
  2. 2. Create a plan and communicate this clearly to the organisation to manage user expectationsaround Team creation and expiration.
  3. 3. Implement the expiration policy to start cleaning out the dead wood.
  4. 4. Determine and set up naming conventions.
  5. 5. Enjoy your clean and sparkling Teams environment!

We hope you found this information helpful. If you have any questions you can Contact Us or for more Teams support, we offer Teams Training.