Prevent Microsoft 365 Teams Sprawl

Microsoft Teams is an intuitive, user-friendly chat-based app within Microsoft 365 that makes digital collaboration a breeze. In fact, it’s so user-friendly that anyone can create a new Team and get a group of users working together in no time.  While creative freedom seems promising, we’ve found this simply doesn’t scale for most organizations.  

The problem:   

Out of the box, Teams allows anyone to make Teams or channels as they see fit. This can create chaos in the Microsoft 365 platform almost overnight. Without proper training, governance policies, and naming conventions, you start to get duplication of Teams, inconsistent naming of Teams/channels, and more. Before you know it, you don’t even know what’s there.  

The most effective way to prevent this sprawl is by limiting the creation of Microsoft Teams Teams, but currently, the only way to do this is by limiting Office 365 group creation. While this sounds like an easy fix, your users have many reasons why they need to create Office 365 groups beyond this one-use case, and now you’re turning off an entire feature because of one problem. 

New call-to-action

Why does Microsoft Teams use Office 365 groups?  

Microsoft Teams uses groups because Teams is built around collections of people. The Microsoft 365 approach to collections of people with owners and members is Office 365 groups (groups), and so it’s Teams’ answer as well.  

Since Team creation within Microsoft Teams is built around group creation, we must limit who can create a group if we also want to limit who can create a Team.  

Solutions:   

So, how do you control Microsoft Teams creation and prevent creating a mess? The way we see it, you have three options:   

Option 1: Ignore it and make it a free for all  

This, of course, sounds like sticking your head in the sand, and that’s because it is. This option will undoubtedly become a management nightmare for someone down the road, and if you’re taking the time to read this post, that person is probably you.  

That being said, this can work for smaller organizations (i.e., 25 users or fewer), and there are some ways to make this option more palatable. For example, depending on your licensing, you can set up naming conventions using the Azure AD Naming Policy for Microsoft 365 groups, but the reality is, without proper governance and training, this is likely to become a giant mess.   

Option 2: Request Mechanism + Governance & Training  

We’re currently recommending our clients use a new-Team request mechanism. Basically, shut down Teams creation, and by extension, group creation for most of your users. Next, create a new Team/group request form that ties its submissions into a SharePoint list with an Azure Logic App (or Power Automate flow) on top of it that would validate, authorize, and automate Team/group provisioning for you.  

If you don’t want to deal with creating an automated provision process with Logic Apps/Power Automate—and you have the manpower to create Teams manually—you can easily build a simple Power Automate flow to notify those who will fulfill new Team/group requests when a new request is submitted.   

We suggest using a Microsoft Forms form for users to submit a request with at least the following fields:  

  • Requested Team/group Name (If the Team/group name is not available, add a second and third option for your name.)  
  • Team/group Privacy 
  • Public  
  • Private 
  • Team/group Sharing 
  • Internal Private  
  • Internal Public  
  • External Sharing with Clients/Contractors  
  • Type of Team/group requested (i.e. custom templates)  
  • Team/group Owners (please list 2)  
  • Reason for the Team/group 

Once you have created this process and spelled out your governance, you must educate and train your users, so they know how and why to follow your policies. You could also provide in-app training to help guide users to make the right choices when creating a new team. Check out Visual SP; they provide very sophisticated in-context training for all of the Microsoft 365 suite, so you can deliver help for your users right where and when they need it most.   

Option 3: Create and Chase   

This is a combination of options 1 and 2 in a sense. You allow anyone to create a team and encourage/expect them to follow your organization’s governance policy. After a Team is created, you, or a process, scans and forces each new Team into compliance. If they do not follow the rules, the Team is deleted/archived after X number of days.   

This process could also be purely manual. You could set regularly scheduled audits to review Teams created in the admin center and knock on doors, or create processes that automatically tell you when a Team has been created. We shudder at the workload of such a manual process.  

A more successful approach to creating and chasing includes considering an automated process that uses rules of governance and requires the owners to conform to what is required.  

 For example, in order for a Team to live on, the following would be required:  

  • A form must be completed that provides the organization with more insight into the Team’s purpose and allows the owner to set additional Team metadata.  
  • The Team must receive a manager’s approval based on the Team creator’s manager.  
  • The Team must conform to specific retention policies.  
  • The Team must have at least 2 owners assigned to it.  
  • Specific common channels must be included that fit your governance model.  

If the requirements are not met within a set time period, the Team is archived, and users are removed.  

You can certainly build a create-and-chase solution yourself that you own and maintain. Pre-canned options are also available that include create and chase solutions. Which option sounds right for your organization? Are you ready to dive into Teams but need assistance setting-up governance policies? A Creospark Teams expert would love to chat with you today! 

New call-to-action

 

Subscribe our newsletter

Enter your email to get latest updates.

Thank you for subscribing
There was an error trying to send your message. Please try again later.