Looking to leverage Microsoft Teams in your organization to support distributed work? Get up to speed on administration best practices with these actionable Teams management tips.
In the wake of COVID-19, Microsoft Teams usage soared as many organizations rushed to roll out Microsoft Teams to facilitate new methods of virtual collaboration—often without time to implement an effective Teams management plan.
As explored in our benchmark cloud productivity report, distributed work is here to stay. IT departments now face the challenge of finding a scalable way to maintain a productive and secure Microsoft 365 environment.
At ShareGate, we want to make managing Microsoft teams easy. We created this list of actionable tips and tricks to help you successfully manage your Microsoft Teams environment.
10 Microsoft Teams management tips for IT admins:
- Create effective teams faster with templates in Microsoft Teams
Help users get started quickly with a variety of customizable—or completely custom—templates when creating a new team.
- Implement a naming convention for your Microsoft teams
An effective naming convention can help you identify the function, membership, geographic region, and/or creator of a team.
- Plan for lifecycle management in Microsoft Teams
“There’s no time like the present” applies to Teams management—and can save you a lot of headaches further on down the line.
- Keep guest access turned on in Microsoft Teams
Don’t be the bouncer! Adding unnecessary friction by gatekeeping hurts end-user adoption and can lead to shadow IT.
- Manage integrated applications in Microsoft Teams
Seamless integration with other applications is part of what makes Teams great! But you still want to keep track of third-party party apps.
- Create a clearly defined classification scheme
If you’ve ever used a filing cabinet to keep track of your tax returns, then you’re already familiar with this organizational concept.
- Understand the backends for different parts of Teams
Move beyond a surface-level understanding to identify all the different products/controls you should be looking at to successfully manage Teams.
- Create an organization-wide team in Microsoft Teams
Provide an automatic way for everyone in your small to medium-sized organization to collaborate and stay up to date.
- Be aware of link permissions in Microsoft Teams
Be aware, don’t overshare! Take a peek at the organization-level sharing settings in your SharePoint admin center to avoid accidental data leaks.
- Configure custom security settings for each Microsoft team
Tailor-make your Teams security by customizing each team’s security settings based on their business purpose and level of sensitivity.
Tip #1: Create effective teams faster with templates in Microsoft Teams
With team templates, users can choose from a variety of customizable templates when creating a new Microsoft team, helping them get started quickly. Or, you can create your own custom templates for your organization—allowing you to standardize team structures, surface relevant apps, and scale best practices.
What to remember about Microsoft Teams templates:
- Team templates are pre-built definitions of a team’s structure designed around a business need or project.
- Currently, you can create a team from a template in the Teams client or using Microsoft Graph.
- Private channels and sensitivity labels are currently not supported in team templates.
Related links:
- Creating Teams Templates link on Microsoft.com
- Getting Started with Teams templates in the admin console link on Microsoft.com
Tip #2: Implement a naming convention for your Microsoft teams
It’s challenging to manage your teams if you don’t know why they exist or what they’re used for. Whether implemented manually or enforced via a naming policy in your Azure Active Directory, an effective naming convention can help you and your users identify the function, membership, geographic region, and/or creator of a team.
What to know about Microsoft Teams naming conventions
- A naming convention is a consistent naming structure to define your teams depending on its intended business purpose.
- It’s important to remember that Teams is built on top of Microsoft 365 Groups, so the name chosen when a user creates a new team will also apply to the corresponding group and all of the associated resources that are provisioned automatically at the moment of creation.
- Using Azure AD naming policy for Microsoft 365 groups (and by extension, Microsoft teams) requires that you possess an Azure Active Directory Premium P1 license or Azure AD Basic EDU license for each unique user that is a member of one or more Microsoft 365 groups.
Related links:
- ShareGate Blog Article: How to create a naming convention for Microsoft 365 groups/teams
- Azure Active directory naming policy documentation link on Microsoft.com
Tip #3: Plan for lifecycle management in Microsoft Teams
Most projects consist of a beginning, middle, and end. And Microsoft teams do, too! But since they can be constructed and used in such a variety of ways, it’s not always obvious which stage of their lifecycle they’re in. Planning for management at each stage of a team’s lifecycle—from the moment of creation and when a team is actively in use all the way through to archival or deletion—will help you track your organization’s projects as they go through these stages.
Tips on managing Microsoft Teams:
- Implement any governance policies that your organization has decided it requires before you roll out Teams to your organization. It’s usually much easier to implement these requirements before you start scaling your deployment.
- Microsoft defines the stages of lifecycle management as follows:
- Beginning: When a team is created and the channels are set up
- Middle: When a team is used and collaboration is actively occurring
- End: When a team has completed its purpose and reached the end of its useful life
On-demand webinar:
Watch our 3-part masterclass on how to manage Microsoft Teams across the entire lifecycle, by MVP Jasper Oosterveld
Tip #4: Keep guest access turned on in Microsoft Teams
Keeping self-service features (like guest access in Teams) enabled enhances productivity and boosts end-user adoption. And, you can manage guests in your Azure AD and the same compliance and auditing protection as the rest of Microsoft 365 apply. Essentially, guest access lets you maintain complete control and your data never leaves your sight!
What to know about Guest access in Teams:
- As of February 8th, 2021, guest access capabilities in Microsoft Teams are turned on by default for any customers who have not configured this setting. This brings the Teams guest access capabilities into alignment with the rest of the suite, where the setting is already on by default.
- If you’re looking to turn on guest access in Teams after previously disabling it, read our blog article on how to authorize guest access in Microsoft Teams.
- Guest access features and capabilities in Teams can be managed through four different levels of authorization. Depending on the needs of your organization, these authorization levels provide you with flexibility in how you set up guest access.
Check out our blog article for more details on how to configure additional guest access settings for secure collaboration in Microsoft Teams.
Related links:
- How to authorize guest access in Microsoft Teams (Blog Article)
- How to configure additional guest access settings for secure collaboration in Teams (Blog Article)
Tip #5: Manage integrated applications in Microsoft Teams
One of the most powerful aspects of Microsoft Teams is the ability to seamlessly integrate other apps. By default, any user can install and use a supported application. To keep your Teams tidy and secure, you may want to consider managing your apps to only allow Microsoft applications and a specific list of agreed-upon third-party applications.
Tips on managing integrated applications in Teams
- As an admin, the Manage apps page in the Microsoft Teams admin center is where you view and manage all Teams apps for your organization.
- From there, you can also use app permission policies, app setup policies, and custom app policies and settings to configure the app experience for specific users in your organization.
Related Links:
- Managing Apps – Microsoft Documentation
- App permission policies – Microsoft Documentation
- App setup policies – Microsoft Documentation
- Custom App policies and settings – Microsoft Documentation
Tip #6: Create a clearly defined classification scheme
Categorizing your data in a way that conveys its level of sensitivity helps you better understand where sensitive data lives, what users are doing with it, and why it may be at risk. But first, you need to know what the categories are! An effective data classification scheme maps out and defines all of the available options in a way that makes sense for your users.
What to keep in mind for classification schemes:
- Make sure the categories in your scheme make sense for your organization and create classifications that are clear and easy-to-understand for your end users.
- Once you have your classification scheme in place, there are many things you can implement building on top of it—such as sensitivity labels, Data Loss Prevention (DLP), and retention labels, just to name a few.
- Apply classification at the container-level—i.e., at the level of a Microsoft 365 group, team, or SharePoint site—whenever possible.
Related links:
- How to define an effective classification scheme – with Microsoft MVP Marc D Anderson
- Sensitivity labels – Microsoft documentation
- Data loss prevention – Microsoft documentation
- Retention labels – Microsoft documentation
Tip #7: Understand the backends for different parts of Teams
Did you know that Teams is actually a client interface on top of other Microsoft 365 services? To manage Microsoft Teams successfully, you need to understand the logical architecture of productivity services in Microsoft 365 and how Teams relates to other products, like SharePoint and Microsoft 365 Groups, on the backend.
Good to know: Teams end points
- Teams is built on top of Microsoft 365 Groups, the cross-application membership service in Microsoft 365. Every time a new team is created, an associated Microsoft 365 group is automatically provisioned.
- The Teams platform ties together other Microsoft 365 services and apps, but that means that most Teams data isn’t actually stored in Teams. For example, files and folders visible in a team’s Files tab are actually stored in the team’s associated SharePoint site.
- Depending on the capabilities you want to configure, you’ll need to jump between settings in several different admin centers (not just the Microsoft Teams admin center).
Related links:
- Microsoft Teams and SharePoint Integration Article
- Microsoft Productivity illustration – Microsoft documentation
Tip #8: Create an organization-wide team in Microsoft Teams
Organization-wide teams provide an automatic way for everyone in a small to medium-sized business (SMB) to be part of a single team for collaboration. Global admins with no more than 10,000 users can easily create a public org-wide team that keeps membership up to date with Active Directory as users join and leave the organization.
What to know about org-wide teams in Teams:
- Only global admins can create org-wide teams. Currently, org-wide teams are limited to organizations with no more than 10,000 users. There’s also a limit of five org-wide teams per tenant.
- When an org-wide team is created, all global admins and Teams service administrators are added as team owners and all active users are added as team members. Unlicensed users are also added to the team and will be assigned a Microsoft Teams Exploratory license the first time they sign in. Guest user accounts will not be added to your org-wide team.
- As new employees are added to your organization’s directory or an employee leaves the company and their account is disabled, changes are automatically synced and users are added to or removed from the team.
Related links:
- Microsoft Teams exploratory license – Microsoft documentation
- Org-wide Teams FAQ – Microsoft documentation
Tip #9: Be aware of link permissions in Microsoft Teams
Once a file is uploaded into a team or Teams chat, it’s now a SharePoint object. That means the same sharing capabilities you get from SharePoint and OneDrive apply in Microsoft Teams. To prevent accidental security breaches, we recommend configuring the organization-level sharing settings in your SharePoint admin center according to your business’s security needs.
With the key insights at your fingertips, managing Microsoft Teams permissions can be done easily and securely for every role in your organization.
Teams link permission tips:
- If you can access a file on your device, you can share the file with other people in Teams. This includes any files that are:
- In the Files tab of your channels and chats
- In your personal OneDrive or other cloud storage
- On your local device
- By default, both owners and members of a team can share files and folders with people outside the team—and may include people outside your organization if you have allowed guest sharing.
Related links:
- Learn how to configure sharing settings in Teams – Article
- Guest sharing & protection overview – Microsoft documentation
Tip #10: Configure custom security settings for each Microsoft team
You want to give users the freedom to create new resources as they see fit—but you don’t want that freedom to come at the cost of creating a security risk. The scalable solution: configure custom security settings for your Microsoft teams based on their confidentiality and business purpose. That way, you can implement additional restrictions only where needed.
Good to know:
- Because Teams is actually a unified interface overlying other Microsoft 365 apps and services, you need to configure settings in multiple admin centers—and through several levels of authorization—if you want to set up custom protection for each team manually.
- Sensitivity labels through the Microsoft Information Protection (MIP) framework can be used to classify a team and enforce protection settings based on that classification. However, enabling this feature for Teams requires an Azure AD Premium license and a fair bit of PowerShell scripting.
- You can use a third-party Microsoft 365 management solution like ShareGate to apply custom security settings to each Microsoft team. Our sensitivity tag feature enables you to work with owners to define each team’s level of sensitivity and automatically apply the right security settings.
Related links:
3 ways to configure custom security settings in Teams – Article
How to use sensitivity labels in Teams – Article
ShareGate’s Microsoft 365 management solution
Sensitivity labels feature overview in ShareGate