Guide: Microsoft 365 governance in self-serve environments

Are you debating whether or not you should enable self-service in your Microsoft 365 environment? In this blog, we explain the pros and cons of productivity and other security features, as well as a way to get the best of both worlds!

You know all too well that modern organizations, adopting solutions like Microsoft 365, have a wide range of productivity tools and services at their disposal. This is incredibly useful in the modern workplace, particularly since the pandemic triggered a wave of remote and hybrid work opportunities.

Alongside these tools, self-service came along as an approach for boosting end-user adoption, collaboration, and efficiency—it's even set as default in Microsoft 365. Self-service, however, sends shivers down some IT admins' spines, since it's seen as a starter of sprawl and security issues.

Well, there's a solution for it, and it's called governance.

Governance is how you manage user access to resources, set policies to uphold business standards and secure your Microsoft 365 data. Users collaborate in multiple places, and understanding exactly where those users work is key to defining your governance strategy. This article will present you with some Microsoft 365 governance best practices to make your management work way easier. Let's get to it!

Self-serve + Microsoft 365 governance =  seamless and secure collaboration

Self-service is a powerful way to promote collaboration, grant users more freedom, and accelerate innovation and growth in any organization. With self-service, each team can select the tools best suited to their tasks or personal preferences. While leadership might favor emails, for example, developers might opt for team chat. This freedom reduces friction, boosts productivity, and enhances the overall user experience.

And, of course, IT plays a crucial role in this process by removing technology barriers and enhancing seamless interaction within and beyond the organization. However, self-service can create challenges on the IT end of things if you don't take the right steps to preemptively manage permissions and mitigate sprawl and security risks. That's where a good Microsoft 365 governance strategy comes in.

Can collaboration governance and self-service work hand-in-hand? You bet it can! But it's important to first set yourself up for success by implementing some best practices for Microsoft 365 governance in a self-serve environment, including:

• Setting up your policies and guardrails to ensure safe collaboration between your end users and external parties they work with.
• Making sure your end users know the importance of security and their role in protecting the organization.
• Setting up your system for monitoring and auditing self-service activity in your tenant (ideally, through the use of automation). 
• Configuring your system with the necessary access controls and running regular access reviews to ensure that only the people who need access to your system have it.

Importance of a good Microsoft 365 governance strategy

Governance is vital for IT efficiency, transparency, and easing the team's workload. It's more than just reducing stress—it's about proactive threat mitigation and ensuring secure and compliant data handling.

The costs of data breaches, direct and indirect, can be devastating, including customer trust erosion and business loss. With a clear governance plan, your organization can reap benefits across all sectors. Every upcoming question or crisis becomes easier to handle, as you've thought ahead and planned for it.

Thankfully, expanding your knowledge further with this guide on Microsoft 365 security best practices can help protect your organization's sensitive data.

Improved decision-making 

When an IT team has a collaboration governance set up, every decision becomes easier. The reason for this is that you've already gone through the steps to think of the what-ifs and essentially designed a rule book for the collaboration process. Rather than needing to make decisions on each individual situation, your established governance already has the answer for you and for your organization's end users. 

This doesn't mean that new situations won't arise that you haven't accounted for in your existing governance. Of course, they will! Continuous governance is key (and inevitable). But the fact that you have governance set up for so many other scenarios will at least serve as a precedent in those new situations and will help to guide you in your decision-making. 

A rock-solid governance framework supports your business goals

You can't dissociate governance from your organization's vision and goals. On one hand, the needs of the business will determine the policies and guidelines IT will enforce with end users. On the other, governance will require some trade-offs such as restricting a degree of flexibility, lots of time to initiate, resource allocation, and ongoing training for effective implementation.

To minimize the impacts of those trade-offs, you need to share a very clear understanding of your priorities and key variables. Also, the level of detail required for your governance plan documentation should be aligned with the results you hope to achieve. This is how the vision offers a framework for governance.

Bonus: Increased transparency

Collaboration governance offers transparency, which is reassuring because everyone has the ability to understand how and why decisions are made. Transparency also makes it easier to maintain consistency and avoid non-compliance. 

All team members can rest assured—not only is the IT team well-prepared for any issues or questions that arise, but team members also have access to that information themselves. This sort of transparency breeds trust, and that's a core value that every organization should strive toward.

Enhanced communication 

Modern collaborative efforts now take place through a comprehensive range of technologies rather than solely in meetings. Furthermore, the use of asynchronous communication has grown, offering employees more freedom to choose when and how to connect with their colleagues. 

Microsoft 365 provides a variety of collaborative tools, such as Teams, Outlook, and Sharepoint, to assist you in managing communication inside your company. Collaboration governance allows IT teams this seamless communication experience for end users by ensuring consistent policies and mitigating risks. 

Not only does collaboration governance improve communication between end users, but it also improves communication between IT teams and end users. It has to. It's crucial that IT managers and their teams have a clear plan in place for how Microsoft 365 will develop their business and meet their needs. And by having this plan and communicating governance policies to end users, achieve efficiency.

NEW! FREE COURSE: Microsoft 365 Maturity Program: Optimize your governance in M365

Pros of self-service in your Microsoft 365 governance strategy

Collaboration governance results in planning, efficiency, transparency, and risk mitigation. Self-service may seem to conflict with some of these governance values, but in reality, marrying governance and self-serve may bring the best of both worlds together. Here are some benefits of enabling self-service following collaboration governance best practices:

Increased productivity and efficiency

We all know the huge impact technology can have on employee productivity. Employees need software and applications that allow them to maximize their efficiency so they can feel more productive and confident in their roles. However, if there's too much friction in their ability to access those tools when and where they need them, the potential for productivity gains goes way down. 

So, try lengthening the leash a little. Trust goes a long way, and self-serve intrinsically involves an element of trust. It also enhances the possibilities for collaborative approaches, which may strengthen a company and its teams when done effectively. ​​​​​​​

Employees manage guest access securely

Imagine one of the business units in your organization embarking on a big, new, and complex initiative involving internal and external collaborators and multiple work groups, each needing its own place to work on different projects for the initiative. Microsoft Teams is ideally suited to supporting this kind of work. And, with self-service enabled, the friction of having to ask IT to set everything up to facilitate the work is eliminated. The initiative can hit the ground running, and with the ability to collaborate seamlessly, more work gets done faster.

Employee empowerment 

As part of your organization's IT team, you play an important role in making the digital employee experience a positive one by empowering them with the technology. When you allow end users to have some control while also safeguarding the content and data they use across all products through your collaboration governance plan, you empower employees in a practical way.  

Employee empowerment in the context of Microsoft 365 means allowing end users to choose and manage their own tools and providing them with clear standards and the training necessary to do that correctly. When a company trusts and empowers its employees, they feel good about coming to work every day. But, they also want and need to know how to hold up their end of the bargain when it comes to security.

Reduce security risks with employee training

For example, training employees on how to safely invite external collaborators into their Microsoft Teams, for example, empowers them with peace of mind in addition to the freedom to work with the Microsoft tools in ways that make them feel more productive and satisfied in their day-to-day work. 

Cost savings 

Simply put, self-serve is the more cost-effective option. IT scalability suffers significantly when a system is completely locked down. This model requires IT to conduct extensive research, provide their approval, and accept responsibility for all decisions. The larger your organization, the more bodies are needed to read tickets, execute changes, etc. 

Self-serve saves IT teams time and resources

For example, enabling SharePoint site creation illustrates the efficiency of self-serve in conserving IT resources.

On one hand, restricting site creation to Administrators-only demands significant time investment to review, set up, and perpetually manage each site request—a considerable burden for a growing organization.

Or, developing a self-service site creation plan allows end users to promptly establish top-level sites for various purposes. The trick is pre-setting data storage quotas, retention policies, and notifications, acting as your guardrails. This proactive approach enables your organization to efficiently scale SharePoint to adapt to evolving business needs.

Improved data protection 

When we say that enabling self-serve can actually improve data security, a lot of people think that there must be a mistake. That can't be right! When we give employees more freedom, it only opens up their organization to risk, right? Maybe, but maybe not...

How good data governance curbs recurring security issues

For example, enabling self-serve in Microsoft significantly boosts data security by reducing the likelihood of shadow IT usage.

When access is overly restricted, frustrated employees, impeded by waiting times for IT ticket resolution, may resort to unapproved workarounds. Even with a tightly controlled Microsoft 365 environment, potential content leakage can occur if users share via platforms like Google Docs.

However, facilitating self-service and educating users about the proper use of provided tools can significantly mitigate this risk, ultimately curbing the use of shadow IT.

Free course for IT admins: Mitigate pesky shadow IT by optimizing security and adoption

Cons of self-service in your Microsoft 365 governance plan

While the pros of self-serve we just listed may have convinced you (or affirmed your opinion), it is possible to have too much of a good thing. Self-service, particularly when implemented without a proper plan for managing your environment, can present some concerns. 

Less control over data management

Implementing self-serve can make it harder to manage your organization's data effectively, especially if you're not using best practices for provisioning in Microsoft 365 or providing guidelines for end users whenever they create spaces in Microsoft 365 (which is a consequence of the lack of governance).

No governance strategy = unbridled security risks in Microsoft Teams

Self-service without provisioning is kind of like the wild west. Think of a company that's adopted Microsoft 365 and enabled self-service for all employees: they create SharePoint sites for various projects, Teams channels for different department discussions, and OneDrive folders for personal document storage.

With the proliferation of those digital spaces, critical project files, property documents, and customer data are saved across multiple locations. Soon, without strict governance, it'll be a challenge for IT to track where specific data is stored, who has access to it, and whether it's appropriately backed up and protected.

In this scenario, with less control over data management, no regular review process, and no Microsoft 365 governance strategy for self-service, the consequence is potential data loss, security breaches, and compliance issues.

Difficulty in tracking and monitoring usage 

When self-serve is enabled without effective policies and guardrails, it can be incredibly time-consuming to monitor the state of your Microsoft 365 environment.

Without governance, you're facing unending sprawl

All Microsoft Teams become inactive at some point. Without regular lifecycle management, dormant or "orphaned" teams can quickly accumulate in your tenancy, creating sprawl.

Let's say that, in the same company we mentioned before, each project team creates its own Teams channels, SharePoint sites, and Planner boards without previous IT approval. Over time, hundreds, or even thousands, of these spaces pop up, each with its own set of members, permissions, and usage patterns. As a consequence, it becomes almost impossible for IT to track and monitor usage across these spaces.

For instance, a SharePoint site created for a completed project may still be active and consuming resources, or a Planner board might be under-utilized, yet nobody realizes this because of the numerous different spaces. The lesson is, IT missed an opportunity to make things easier from the start by creating a rock-solid governance framework at the time of enabling self-service.

Data loss prevention without automation

Allowing end users to organize their own teams, invite visitors, and share information with fewer restrictions can pose significant security problems if IT isn't monitoring and managing external access to the environment. This is almost impossible to do effectively. 

What happens to orphaned teams with external users?

Many Microsoft Teams have a shelf-life. In a self-serve environment, someone in a given business unit might spin up a new team to collaborate with external parties on a short-term project.

While this flexibility serves the organization's business needs well, it's not uncommon for such teams to become "orphaned" once they're no longer needed. In these cases, any external users that had access to the team continue to have access, which introduces an unnecessary security risk to your organization. 

A lot of training and support is needed 

The more freedom an organization gives to its end users, the more training and support will be needed (after all, most employees are likely not IT professionals). So, implementing self-serve in your SharePoint environment without training people first is usually a bad idea. Users won't know where to find files or how to work with them when they do, which will lead to frustration.

Let's say that, in our imaginary company, many employees lack technical know-how, leading to a surge in IT help requests and training needs. This highlights a con of self-service: it requires substantial training and support.

Nonetheless, this can be mitigated with a governance strategy that outlines clear usage guidelines, standardizes procedures, and provides targeted training, which streamlines the self-service model. Win-win.

How to enable a Microsoft 365 governance framework for self-serve with smart guardrails

A good governance strategy balances end users' autonomy and IT authority with risk management at the forefront. As we've seen above, there are pros and cons to enabling self-serve, so which is the best option? Well, you can have the best of both worlds by enabling self-serve with guardrails.

Step 1: Pre-planning your governance framework

In order to get there, the first step is to consider some basic big-picture questions as part of planning:  

• What are the business goals?  
• What value are teams and individuals getting from these collaboration tools?
• How will you measure success? 

Once you get to the point of devising your governance plan, trade-offs will inevitably need to be made—especially when you intend to develop collaboration governance that balances self-serve with guardrails. That's why these questions are so important. By having answers, you will have a clear vision to guide these decisions and prioritize policies accordingly. 

Step 2: Establish communication practices 

Before making any governance decisions, you must understand how your organization collaborates. And to do that, you'll need to make sure you know which tools end users are resorting to and how. Based on that, establish a communication strategy to make sure your governance plan is front and center in the employee's minds.

Within Microsoft 365, there are three main ways that end users can communicate and collaborate: 

• Outlook simplifies email collaboration with a shared group inbox and calendar. ​​​​​​​
• Microsoft Teams is a chat-based workspace where employees have the opportunity to engage in unstructured, in-the-moment conversations. It's possible to create sub-groups that are intended to be used for specific subjects. 
• Viva Engage (formerly Yammer) is a business social network that encourages collaboration. 

Consider how these three tools are most likely used by end users in certain situations, and how these situations may pose a security risk. These are important considerations when assessing which policies will be included and how they will apply to Microsoft 365's collaborative features. 

Also part of the Microsoft Viva platform is Viva Insights. It's a great way to view data on the way employees communicate, engage, and do their best work.

Step 3: Involve key stakeholders 

When establishing collaboration governance with both self-serve and risk mitigation in mind, getting stakeholder input is critical. By doing it, you'll grasp the nature of collaboration and the utilization of tools within your organization. Key stakeholders include: 

• End users are the people using Microsoft 365 every day and perhaps in the best position to help you understand how collaboration happens in your organization. 
• Key users are the more experienced and knowledgeable end users in your organization who often serve as a go-to for other, less experienced end users. As such, they can offer insights into where people might be struggling with their Microsoft 365 tools.
• Microsoft Teams owners play an important role in managing user access. They can help you understand the different types of teams across your organization's business divisions and whether they include external members.   
• Managers can provide insight into how their teams use different Microsoft 365 tools in their business processes. 
• Executives will inform your governance model regarding the larger organizational objectives it will need to meet. 

Step 4: Your good governance plan should be flexible

Business and technology are in constant flux, so your governance plan can't be static. Existing collaboration governance decisions can become obsolete, so you must be ready to adapt to changes in the organization and its environment.

Always be open to revising policies, like re-evaluating guardrails in response to security issues uncovered by self-service features. It's also important to set expectations for regular policy reviews to meet evolving organizational needs.

For instance, you might find more or less supervision is needed for compliance in the self-serve process. Also, roles may need adjustment to align with how users interact with collaborative tools due to governance policies.

Step 5: Implementing a governance framework 

We're sure you get the picture by now that self-serve + guardrails = a match made in heaven. Your collaboration governance framework should rest on the foundation of that concept. Remember, your organization's governance best practices are the process you use to manage user access to resources and how to improve data loss prevention.

By enabling self-service and putting guardrails in place, you ensure that your Microsoft 365 environment is a collaboration solution and not a roadblock.

You can create these guardrails using Microsoft's out-of-the-box tools and services. You can also create PowerShell scripts or use Power Automate to build your guardrails, though this can be time-consuming and require certain skills not all IT admins have. In this case, a solution such as ShareGate can save the day, with easy-to-use, automated provisioning features that help you create your governance strategy.

Data governance decisions can make or break your self-service environment

We know, implementing self-serve with Microsoft 365 can feel a bit dangerous. But, with a collaboration governance strategy, it's entirely possible to unlock all the benefits of self-serve while at the same time, significantly minimizing the risks associated with it.

Secure collaboration is indeed possible with a self-serve environment because, with good governance controls, you can effectively manage user access, including external users, the creation of Microsoft Teams and SharePoint sites, and how external sharing happens within them. 

You can empower your end users to make them more productive while actually improving security, protecting sensitive data with good data governance, and reducing costs at the same time. Check out our article on the best practices for implementing Microsoft 365 governance in a self-serve environment to see how easy it can be!