Securing Microsoft Teams for compliance
Collaboration is a big business buzzword these days, with tools popping up all over the show to help you and your team work better, together. These tools can add undeniable value to your workplace, but without proper integration into your governance structure, they can also introduce some unnecessary compliance blind-spots.
Chris Hathaway, founder and director of Cloud Essentials, introduces Microsoft’s game-changing inter-office communication and collaboration tool, Microsoft Teams, and explains why a governance analysis is necessary when making it available to users inside (and outside) your organisation.
What is Microsoft Teams?
“Microsoft Teams is essentially the Office 365 equivalent of Slack,” says Hathaway. “It’s a teamwork hub and group chat platform with a range of optional app integrations that give users a huge amount of functionality within a very user-friendly and easy-to-share space.”
Launched in March 2017, Microsoft Teams started out as a pretty basic platform but has grown in leaps and bounds since then. These days it offers (amongst other things):
- Unlimited chat messages and search
- 1TB storage per user
- Ability to share with people outside of the organisation
- Integrated audio, video and screen sharing (the equivalent of Skype for Business)
- Meeting scheduling through Outlook as well as Teams
- Integrations with business applications such as Evernote & Trello
“In true Microsoft style, the development curve since launch has been extremely steep and Teams is now just as powerful as any of the other big players in the inter-office communications space,” says Hathaway. “For businesses using Office 365 – or planning to migrate to Office 365 soon – that’s a very big win, because instead of paying for a third-party platform (or making do with the restrictions of free versions*) they can now access the full functionality of Microsoft Teams as part of their existing Office 365 business licencing.”
Examples of useful Microsoft Teams apps for businesses
PowerBI: Build reports for customers inside your Microsoft Teams workspace and share them without having to give access to the raw data or background.
Microsoft Forms & Adobe Sign: Create and share electronic forms with customers and have them completed and signed live on chat within Microsoft Teams.
Microsoft Planner: Organise and assign tasks by adding one or more Planner tabs to a team channel, and work on your progress together from within Microsoft Teams.
ZenDesk: Log a call from inside Microsoft Teams.
YouTube: Create, add and share how-to videos for your customers via Microsoft Teams channels.
Chat Bots: Import existing Bot-Framework-based bots into Microsoft Teams, or build and connect new bots to interact with Microsoft Teams users through chat.
*Businesses on Office 365 licences below the Business Premium tier can still access the majority of Microsoft Teams functionality for free. The free version is, in our opinion, more comprehensive than any other free equivalent, but does lack the built-in security and governance tools required to integrate it into a broader Office 365 information governance and compliance strategy.
Securing Microsoft Teams for compliance
Like most collaboration platforms, Microsoft Teams was designed so that users could create chats and channels to build and share work-related content without direct supervision. With the right controls in place, that can be a very powerful productivity tool. Without proper oversight and administration, however, you risk:
- Chats and channels proliferating out of control and clogging up Teams and SharePoint storage.
- Users sharing sensitive information with unauthorised teammates or guest users and creating potential security or compliance breaches.
“Letting users run wild with no governance in place is never advisable,” says Hathaway, “and yet we’ve seen a lot of organisations where Microsoft Teams or similar collaboration platforms have completely slipped through the cracks of their governance strategy. Teams is, admittedly, relatively new technology, so it’s understandable that it may not be an automatic inclusion in governance and compliance audits. That said, it really is essential to add it to that list.”
Thankfully, Microsoft have provided all the functions and features necessary to get Teams on the same governance program as the other Office 365 workloads. Global security and compliance policies applied via the Office 365 Admin Centre serve as a first line of defence, but the new Microsoft Teams & Skype for Business Admin Centre (announced this week at Ignite) provides an additional layer of control and more granular management.
Using this new dashboard, a delegated “Teams Admin” role will be able to manage permissions structures and settings without needing wider or “Global” administrative privileges on your tenant. However, since Teams integrates closely with Microsoft SharePoint, it’s also important to analyse the two services together to get full control over permissions and security and make the most of their combined functionality.
“It can be a complicated process,” says Hathaway, “which is why we created our compliance workshops at Cloud Essentials. We find they really help clarify all the variables involved when bringing new functionality into existing corporate information structures and governance policies. In our experience, they are the fastest and most effective way to ensure any governance blind spots are exposed to the light of day, and that our clients are enjoying the full benefit of their Microsoft licences.”