Prevent Microsoft Teams Sprawl—How to Control Teams Creation
Microsoft Teams is an intuitive, user-friendly chat-based app that makes digital collaboration a breeze. In fact, it’s so user-friendly that anyone can create a new Team and get a group of users working together in no time.
That sounds awesome, PixelMill! So, what’s the issue? While creative freedom seems promising, we’ve found this simply doesn’t scale for most organizations.
Out of the box, Teams allows anyone to make Teams or channels as they see fit. This can create chaos in the Microsoft 365 platform almost overnight. Without proper training, governance policies, and naming conventions, you start to get duplication of Teams, inconsistent naming of Teams/channels, and more. Before you know it, you don’t even know what’s there.
The most effective way to prevent this sprawl is by limiting the creation of Microsoft Teams Teams, but currently, the only way to do this is by limiting Office 365 group creation. While this sounds like an easy fix, your users have many reasons why they need to create Office 365 groups beyond this one use case, and now you’re turning off an entire feature because of one problem.
Why does Teams use Office 365 groups?
Microsoft Teams uses groups because Teams is built around collections of people. The Microsoft 365 approach to collections of people with owners and members is Office 365 groups (groups), and so it’s Teams’ answer as well.
Since Team creation within Microsoft Teams is built around group creation, we must limit who can create a group if we also want to limit who can create a Team.
So, how do you control Microsoft Teams creation and prevent creating a mess? The way we see it, you have three options:
Option 1: Ignore it and make it a free for all
This, of course, sounds like sticking your head in the sand, and that’s because it is. This option will undoubtedly become a management nightmare for someone down the road, and if you’re taking time to read this post, that person is probably you.
That being said, this can work for smaller organizations (i.e., 25 users or fewer), and there are some ways to make this option more palatable. For example, depending on your licensing, you can set up naming conventions using the Azure AD Naming Policy for Microsoft 365 groups, but the reality is, without proper governance and training, this is likely to become a giant mess.
Option 2: Request Mechanism + Governance & Training
We’re currently recommending our clients use a new-Team request mechanism. Basically, shut down Teams creation, and by extension, group creation for most of your users. Next, create a new Team/group request form that ties its submissions into a SharePoint list with an Azure Logic App (or Power Automate flow) on top of it that would validate, authorize, and automate Team/group provisioning for you.
If you don’t want to deal with creating an automated provision process with Logic Apps/Power Automate—and you have the manpower to create Teams manually—you can easily build a simple Power Automate flow to notify those who will fulfill new Team/group requests when a new request is submitted.
We suggest using a Microsoft Forms form for users to submit a request with at least the following fields:
- Requested Team/group Name (If the Team/group name is not available, add a second and third option for your name.)
- Team/group Privacy
- Team/group Sharing
- Internal Private
- Internal Public
- External Sharing with Clients/Contractors
- Type of Team/group requested (i.e. custom templates)
- Team/group Owners (please list 2)
- Reason for the Team/group
Once you have created this process and spelled out your governance, you must educate and train your users, so they know how and why to follow your policies. You could also provide in-app training to help guide users to make the right choices when creating a new team. Check out Visual SP; they provide very sophisticated in-context training for all of the Microsoft 365 suite, so you can deliver help for your users right where and when they need it most.
Option 3: Create and Chase
This is a combination of options 1 and 2 in a sense. You allow anyone to create a team and encourage/expect them to follow your organization’s governance policy. After a Team is created, you, or a process, scans and forces each new Team into compliance. If they do not follow the rules, the Team is deleted/archived after X number of days.
This process could also be purely manual. You could set regularly scheduled audits to review Teams created in the admin center and knock on doors; or create processes that automatically tell you when a Team has been created. We shudder at the workload of such a manual process.
A more successful approach to create and chase includes considering an automated process that uses rules of governance and requires the owners to conform to what is required.
For example, in order for a Team to live on, the following would be required:
- A form must be completed that provides the organization more insight into the Team’s purpose and allows the owner to set additional Team metadata.
- The Team must receive a manager’s approval based on the Team creator’s manager.
- The Team must conform to specific retention policies.
- The Team must have at least 2 owners assigned to it.
- Specific common channels must be included that fit your governance model.
If the requirements are not met within a set time period, the Team is archived, and users are removed.
You can certainly build a create and chase solution yourself that you own and maintain. External partners such as PixelMill stand by ready to assist you as well. Pre-canned options are also available that include create and chase solutions, like AvePoint’s Cloud Governance for Microsoft 365 offering.
Which option sounds right for your organization? Are you ready to dive into Teams, but need assistance setting up governance policies? A PixelMill Teams expert would love to chat with you today!