Fight IT “Urban Sprawl” Using Office 365 Governance Best Practices

Are your employees managing their own IT? Though Office 365 is a useful, versatile tool with a lot to offer, it can also be confusing to use when employees aren’t properly trained, or when they need to manage more niche, unique systems. Without proper governance protocols in mind, intranet systems can quickly sprawl out of control as users all manage their own work in the way that seems best to them, creating a branching network of files and folders that is impossible to manage or curate – and not only is that inefficient, it can eventually become a security risk.

To defeat this “urban sprawl” of IT, you need an Office 365 governance plan in place.

What it Means to Have Good IT Governance

There are multiple layers to governing something like an Office 365 environment. At the simplest level, it involves asking yourself the question: How will we govern a particular application or concept within Office 365? Whether it’s SharePoint, OneDrive, or Teams, it’s important to identify roles and responsibilities, have proper policies, and follow proper procedures.

For instance, good Office 365 governance policies may include things like ensuring that there is one particular person in charge of any given SharePoint site, and that each business unit or department has a representative in the group of site owners. When there is a clear person in charge, responsibility is better managed.

From there, once roles and responsibilities have been established, it’s important to nail down concrete policies and procedures. For instance, will you allow a person to share an internal document with an external party? If yes, what are the controls on this, and what is the procedure (if any) for getting it approved? Will users be allowed to create their own SharePoint sites, or will there be an approval process? How does a user become an administrator?

By identifying these various needs and creating defined policies and procedures, your Office 365 governance will be significantly more effective.

Using Office 365 Tools for Improved Office 365 Governance

Governance involves both employee training and established business processes. In terms of training, employees need to understand how to use their Office 365 solutions. When should they use Outlook, Teams, or Yammer? What type of communications should be routed where? How should these communications be deployed?

In terms of processes, security controls should be implemented that, among other things:

• Control which employees are able to create new groups, while also establishing through training when new groups are necessary.
• Retain groups for 30 days after deletion, to protect groups and group information from accidental deletion, and to allow them to be restored.
• Develop naming policies for groups, as well as files, to make sure that the corporate infrastructure remains clean and usable.
• Allow groups to expire after a certain amount of inactivity, which cleans up groups that are no longer necessary for operation.
• Appropriately manage group policies and information protection, for better compliance and internal security.
• Pay attention to groups reporting, drill down to individual groups, and assess the activity levels of these groups.
• Enable guest access for the applicable groups, making it possible for groups to share information without compromising their own security.

Updating your governance plan begins with defining when each tool should be used, and ensuring that there are no gaps in your tool availability. From there, a combination of employee training and security settings should lead to better Office 365 governance.

While Microsoft offers tools like Office 365 Advanced Data Governance (ADG), one of the best third-party governance tools is ShareGate. If your business is struggling with its governance practices, we highly recommend using a tool like ShareGate that helps produce transparent reports, find anonymous links, large files and sites that are going unused, and so on.

Need an expert consultation on your Office 365 governance plan, or interested in adopting ShareGate through a holistic Office 365 governance offering? Contact Red River today.