Once you’ve set up your Microsoft Teams environment with the right guardrails and governance policies, the challenge is to keep it that way. Let’s take a look at best practices for maintaining a clean and efficient Teams environment over time.
Other articles in the build a Teams lifecycle management plan series:
After rolling out Teams, it’s important to encourage users to experiment with the different features and tools available to them. This will allow them to gain a deeper understanding of the collaborative platform. This stage of the lifecycle will put your teams to the test—as team membership and channel hierarchy evolves, so too should your environment.
The usage should always dictate the structure of your Teams environment, so it’s important to let things evolve organically while still monitoring the health and usage of your individual teams. We recommend that you keep self-service enabled, and allow users to use the platform to the fullest extent of its capabilities. At the same time, you’ll want to keep an eye on external sharing, guest access, and team ownership to make sure that all your important data is secured, and that owners are meeting the day-to-day needs of each team.
In the second installment of our Teams lifecycle management series, we’ll cover the steps to take to manage your active teams and maintain an efficient and secure Microsoft Teams environment.
Key steps to manage your active teams:
Identify and manage ownerless teams
Whether they’re being promoted, changing departments, or closing the book on a long-term project, one thing’s for sure—the roles and responsibilities of your users are likely to change. In spite of this, you should strive to ensure that each of your teams has at least one owner at all times, and ideally, two.
Owners tend to have a unique insight into the goings-on of their teams, as well as permissions that members don’t. Your team owners also play a vital role in lifecycle management as they are accountable for managing their team and its content on a day-to-day basis.
Best practices dictate that assigning two owners to each team is ideal. That way, if a user switches roles, teams, or organizations, there will still be another owner for that team.
Even if you take every precaution to ensure that your teams have owners, sometimes circumstances arise that are beyond your control. You may still find yourself dealing with an ownerless team from time to time. Your lifecycle management plan should include regular monitoring of your environment so you can identify ownerless teams and assign a new owner ASAP.
Identifying ownerless teams
Log in to the Microsoft Teams admin center to find more information about your teams and their owners. Here you’ll notice that Teams has some built-in features that attempt to prevent your teams from becoming ownerless in the first place.
For example, if your team is down to just one owner, you will be prevented from changing the owner’s status to member:
Ownerless teams will appear with a 0 in the Owners column, and an exclamation point next to it:
Conducting regular reviews of the ownership status of your teams is an important part of maintaining an efficient and secure Teams environment.
Depending on the size of your organization, this process does require quite a bit of manual work from IT admins. Another option is to automate the process through the use of a third-party tool like ShareGate, which performs regular scans of your environment and quickly identifies any ownerless teams, allowing you to address the issue and assign a new owner instantly.
Review external access in Microsoft Teams
Microsoft Teams is the hub for teamwork, and at times your users may need to collaborate with someone outside of your organization.
External access allows users from outside your organization to chat, call, or set up a meeting with your users.
Guest access grants external users access to your teams and channels, as well as shared content.
While we fully support enabling these capabilities across your organization, granting permission for external access also necessitates regular reviews so you can keep track of who has access to what. It’s likely that external access capabilities only need to be granted for a limited time. It’s important to conduct regular reviews so that once a guest no longer needs access they’re removed in a timely manner.
So, how do you go about doing this?
Review Microsoft Teams guest access
You’ll find a general overview of all of your teams’ guest users in the Microsoft Teams admin center.
Clicking on the individual team will give you more information, like who the specific guest users are within that team.
From there, you can contact the team’s owner to ask them to review and manage guest access settings within that team.
This process will allow you to identify external users that have been designated as guests; however, it won’t tell you which files a user may have shared directly with someone outside of your organization.
That’s why it’s also important to conduct regular reviews of sharing links for each team’s SharePoint site.
Conduct a SharePoint external sharing review
In order to manually audit all of your external sharing links, you’ll need to run a report for each of your teams’ SharePoint sites. This will require a fair bit of bandwidth from IT, but the end result will be a CSV file filled with valuable information about all of your files and folders that are being shared.
- Navigate to the team’s associated SharePoint site where you want to run a report.
- Click on the site’s Settings menu, then select Site usage.
Scroll down to the Shared with external users section and click Run report.
Choose the location where you want to save the report, and click Save.
You can find the detailed report including all sharing links and their permissions in the location you selected within the SharePoint site.
Read our blog post to learn how to stop sharing a file or folder.
At this point, you’re probably thinking there must be an easier way… and there is. Using a third-party tool like ShareGate, you can automate the process by scheduling automatic sharing link reviews on an ongoing basis.
Create a Microsoft Teams retention policy
In order to keep your Teams environment organized and efficient, you need to make sure you’re doing some cleanup on a regular basis. Retention policies can be put in place to help you keep your chats and channels clutter-free while still protecting your valuable content.
Retention policies allow you to delete messages so that they no longer appear in your chats and channels, while retaining the data in hidden folders on the backend. You can also set retention policies to permanently delete messages after a specified period, based on when they were created.
Retention policies can be applied to:
- Teams chats and channel messages
- Embedded images
- Tables
- Hypertext links
- Links to other Teams messages and files
Once you set a retention policy, the messages in your chats and channels will be periodically evaluated. When these items have reached their expiration date, as dictated by your policy, they will be moved to another hidden folder known as the SubstrateHolds folder, which stories items that are soft-deleted before getting rid of them for good.
Configuring a retention policy for Microsoft Teams
There are a few ways you can configure your retention policy, depending on your needs.
- Retain only: If you only want your data to be retained without being deleted, you can select Retain items forever, or, At end of the retention period: Do nothing
- Retain and then delete: Set data to be deleted after a specified period of time by selecting At end of the retention period: Delete items automatically
- Delete only: For this configuration, choose Only delete items when they reach a certain age
How to set a retention policy for Microsoft Teams
Once you’ve decided what configuration serves you best, you’re ready to set up your retention policy in the Microsoft compliance center using the following steps:
Go to the Microsoft compliance center and select Policies > Retention
Select New retention policy
Give your retention policy a name and a description
Choose where the policy will be applied. You’ll want to select one or both of the locations for Teams: Teams channel message and Teams chats
Specify whether you want to retain content, delete it, or both
You can read more about how to configure retention policies for Microsoft Teams in the official Microsoft documentation.
By implementing these best practices in your Microsoft Teams lifecycle management plan, you’ll create a healthy environment that allows users to use all of the tools available to them while ensuring that your environment remains secure and organized over time.
Stay tuned for the final installment of our Microsoft Teams lifecycle management series!