Expert roundup: Planning for Microsoft 365 governance

M365planning Featured

Security and governance are some of the hottest topics in today’s digital workplace. We spoke to our friends in the Microsoft community to see what the experts had to say about Microsoft 365 governance strategies and best practices, and what helpful tips they could offer.

Welcome back to the Expert Roundup Series! In the last two articles, we’ve covered top Microsoft 365 announcements of the year and expert tips for effective team collaboration and communication in the modern workplace. 

In this article, our experts expound on Microsoft 365 security governance strategies.

Maintaining data governance in Microsoft 365 is challenging

The interconnected nature of Microsoft 365 means people use more things! Your tenant continuously grows and content accumulates. 

And the hub of all that collaboration and work? Microsoft Teams.

Of course, Teams is just one piece of the larger Microsoft 365 puzzle. The incredible ecosystem of integrated apps, tools, and services that make up Microsoft 365 makes it powerful, but also difficult to manage.

People are collaborating virtually now more than ever, which means external sharing has grown exponentially. IT teams need to stay on top of what and why things are being created and shared because these are potential points of security failure. 

The root of the problem in Microsoft 365 comes down to:

  • Sprawl: It’s easy for users unfamiliar with Microsoft 365 to provision resources accidentally—resulting in confusion, lack of governance, and guests having access to things they shouldn’t.
  • Shadow IT: If IT-approved systems aren’t meeting their needs, users aren’t afraid to turn to something that will—tools without IT oversight that make your organization especially vulnerable to sensitive data leaks and get in the way of secure collaboration.

Deploying an org-wide governance plan

Microsoft 365 security encompasses not just external threats but also internal risks related to how untrained users access and share sensitive data. Common examples of data breaches include accidental sharing of confidential files and forwarding sensitive documents to colleagues not authorized to receive them.

How to strengthen your Microsoft 365 security across your organization:

  • Implement multi-factor authentication: Microsoft 365 mitigates the risks of security breaches through multi-factor authentication (MFA), which adds a layer of protection to the sign-in process. Using a conditional access policy to manage user access is based on continual verification. MFA makes sure the right person is accessing a device.
  • Balance self-service with governance best practices: Implement a governance strategy that gives users freedom while protecting content and data across all the products they’re using. Keeping self-service features enabled boosts user adoption, and in Microsoft 365 that means letting end users provision and manage their own tools. IT professionals first need to understand how all the tools and apps within Microsoft 365 connect from an administrative perspective. Then use that knowledge to create a governance strategy that keeps content secure across platforms and devices.
  • Teach end users Microsoft 365 best practices: Clear protocols and strategic education are your best bets at stopping employees from accidentally creating security risks to your business. IT can help make security a team effort through user training and by promoting healthy data habits. Watch our webinar to learn how Microsoft MVP and training specialist Andy Huneycutt built an enterprise-level training platform that leverages the full power of Microsoft 365, or review the key takeaways from the webinar in our article.
  • Leverage automation to manage security issues: Use a third-party Microsoft 365 management solution like ShareGate to properly govern your tenant, and maintain an organized and secure environment at scale.

Helpful tips from Microsoft experts

Liz Sundet 1

“The key to the good Microsoft 365 governance strategy is to cover the gamut of all things that would fit under governance, and all of the training elements that go along with that, and all of the communications that go along with that.”

Liz Sundet
Program Manager, Microsoft
Simon 2

“The first thing is getting that vision, and then starting to build up a plan, understand what it is that you’re trying to tackle, and then start executing on that plan.”

Simon Doy
Owner of iThink365 (@simondoy)
Maarten Eekels 4

“All your employees, all your co-workers, all your colleagues, everybody you work with, they have to understand how something works, and they have to understand where to go to when they require support.”

Maarten Eekels
Microsoft MVP and Microsoft Regional Director (@maarteneekels)
Marc Anderson 1

“To me, governance is more a frame of mind than it is something written down. It’s really a common set of rules and objectives that people in the organization understand. And that applies to the people who are building it too. Everybody has to live within some sort of rules.”

Marc D Anderson
Microsoft MVP, Co-founder and President of Sympraxis Consulting (@sympmarc)
Antje Lamartine 2

“Governance is something that has to adjust over time to the changing business needs, to priorities of the business. And I think the most important thing is to understand that it’s not something that you create, you deliver, you communicate about, and you’ve put in a drawer and you lock that drawer.”

Antje Lamartine
Microsoft 365 Adoption and Change Management MVP (@antjelamartine)
Simon2 1

“It’s very easy to say ‘we’re just going to put governance in place and just focus on the data loss prevention’, and you know, those kinds of things. Look at what the tools can give you and camp them down, rather than understanding what different parts of the business expose themselves to with various governance risks.”

Simon Hudson
Founder of Kinata Ltd. (@simonjhudson)
Freese Luise 2

“Make a plan and adjust to that plan if things change. And we know that this world right now is not only on fire but ever changing, so we need to be adaptable in change like our users need to be adaptable and change as well when it comes to adoption.”

Luise Freese
Microsoft 365 Consultant and Office Apps & Services MVP (@LuiseFreese)

If you’re looking to empower users to do their best work in Microsoft 365, while keeping things organized and secure–check out how ShareGate can help your organization

Need to implement collaborative governance? Or, manage external sharing and guest access? Maybe you want to run actionable reports to gather information about your SharePoint and Teams environments. Whatever the need, we’ve got you covered!


What did you think of this article?

Recommended by our team

Getting started is easy

Try ShareGate free for 15 days. No credit card required.

Spot Icon Rise up

Live event RISE UP - ShareGate’s new M365 management features