Learn best practices for implementing a Microsoft 365 provisioning solution with ShareGate, and how you can empower end users to do their best work while providing your IT team peace of mind, reducing manual tasks, and saving time.
User freedom and IT responsibility in Microsoft 365 are two sides of the same coin.
On one side, users want to spread their wings and work freely. On the other side, IT teams carry the weight of protecting their organization’s sensitive data while still letting users work their magic.
The key is striking the right balance. If you tighten all the screws, it could hinder productivity, but being too loose with security measures could create risks. So, it’s all about finding the sweet spot where users are empowered while your data stays secure.
Success in managing today’s complex Microsoft 365 ecosystem can only come from having control over your environment—and ShareGate enables you to do just that.
This article breaks down the best practices for setting up a Microsoft 365 provisioning solution with ShareGate (screenshots included!). We’ll explore the advantages and potential challenges at each stage, as well as key data for benchmarking.
Let’s get started!
Table of contents
What is Microsoft 365 provisioning?
Simply put, provisioning is about setting up the infrastructure—tools and resources—for your collaboration, communication, or app needs.
Works like a charm!
But ever pondered the convenience of self-service Microsoft 365 provisioning? People in your organization can create their own workspaces, like teams in Microsoft Teams, Microsoft 365 groups, SharePoint sites, etc., without IT’s help. Everyone gets the freedom to set up the workspaces they need, with IT’s guardrails in place. Win-win!
TIP: A provisioning strategy is crucial for keeping your environment organized and secure.
In today’s modern workplace, organizations deal with a growing volume, speed, and variety of content in their Microsoft 365 environment. The growth can go beyond sites and teams; it can happen across all Microsoft 365-related services.
Additionally, understanding how to control who can create a Microsoft 365 group can greatly enhance collaboration and productivity within your organization.
Having a self-service Microsoft 365 provisioning strategy benefits your IT team and organization in three main ways:
- Boosts productivity: Users can create and manage their own workspaces, leading to higher adoption and better teamwork.
- Saves IT time: IT can focus on important tasks instead of dealing with routine provisioning requests or manual, repetitive tasks.
- Improves security: IT sets guardrails and policies to ensure safe provisioning, reducing the risk of shadow IT and sprawl while maintaining control over what’s being created.
Without a provisioning strategy in place for Microsoft 365, several issues can arise, resulting in increased costs, such as:
- Ineffective naming
- Owners missing
- Redundant team sites
- Data loss risks
- Loss of control
- Slower team/site start
- Inefficient navigation
- Training and adoption challenges
How it works
By default, self-service is turned on in Microsoft 365. Some organizations still turn off self-serve because they’re worried about security and clutter, or it’s one of their regulations. We get the concerns.
However, in a survey ShareGate conducted, 84% of IT pros said enabling self-serve in their environment saved them time and money.
Enabling self-service in Microsoft 365 is the first step towards increased productivity, and with the guardrails in place, you’re setting end users and your IT team up for success.
- Microsoft’s out-of-the-box provisioning solution includes high-level configurations available in different admin portals. But suppose you want to customize and adapt the provisioning process to your IT team’s and end users’ needs. In that case, you can use PowerShell, Power Automate, or an out-of-the-box management solution for Microsoft 365 like ShareGate.
How can ShareGate help you with Microsoft 365 provisioning?
ShareGate provides a one-stop solution for Microsoft 365 provisioning, including template creation, SharePoint blueprint sites, and the ShareGate end-user app in Microsoft Teams.
ShareGate helps you guide end users in creating the teams and SharePoint sites they need the right way, from the get-go.
Custom templates: Create unlimited teams templates customized to the needs of your team and end users.
Dynamic templates: SharePoint sites embedded in templates dynamically update as changes are made to the site.
ShareGate Blueprints: Attach an existing SharePoint site to your provisioning templates so users get a purpose-fit site at the moment of creating their workspace.
Approval workflows: Include as approval workflow in your provisioning templates so admins maintain control of preventing duplicates and any unique compliance guidelines.
ShareGate’s end-user app: End users create and manage their workspaces from start to finish without leaving Teams.
How to set up and implement a Microsoft 365 provisioning solution with ShareGate
Creating an effective and efficient Microsoft 365 provisioning solution doesn’t have to be complex. In fact, it can be simplified into just a couple of straightforward steps. Here’s how you can do it:
- Get your templates ready
- Put the provisioning solution into action
1. Get your templates ready
Before you dive into creating templates, it’s a good idea to understand what already exists in your environment and identify any gaps that need to be filled. To gather this info:
- Take a look at how the Microsoft 365 workspace is currently being used. Do you see any content types with the names “Departments”, “Function”, “Projects”, or “Customers”? The names themselves can give you a sense of their purposes or categories.
- Check out the most common requests that your internal IT help desk receives for IT support. These requests should be prioritized when creating your templates. For example, things like “My site doesn’t look right” or “I need to share a document with a guest” are common ones to address.
TIPS: Once you have a clear idea of the template you need, start preparing three or four templates. And as a general rule, try to keep the number of items in a list to seven or fewer, since people tend to have trouble remembering more than that.
1. Name your template and add a description
A well-defined template title and description will help your users understand what the template is for and how to use it. Is the template intended for a Teams team or a planner? If so, add that info to your template!
The template description is crucial for adoption. Take the time to write the descriptions in a way that helps users choose the right template for their needs. The descriptions will also help you better understand and report on the teams created in your tenant.
Here are some things to keep in mind when writing a template description:
- Choose a clear and catchy name
- Briefly explain what the team’s purpose or function is within the organization
- Summarize the main goals the team is working towards
- Let users know about the team’s privacy and sharing settings, including guest or external access
2. Add team owners
Once you’ve come up with a clear title and description, it’s important to think about how many team owners that template should have.
Team owners handle membership, guests, and settings for teams.
TIP: It’s good to assign at least two owners to share the management of each team. This way, if one owner leaves, there’s still someone else accountable. By default, ShareGate’s provisioning templates recommend having two team owners.
Heads up: although you can set a minimum of two team owners, users can add more than that during team creation. For example, someone creating a team for a cross-departmental project might want to assign an owner from each department.
Good to know: 84% of templates created in ShareGate have two owners.
3. Add governance rules
So, you named your template, added a description, and determined the minimum number of owners. The next step is ensuring users follow business standards when creating their teams.
- Strike the right balance by implementing governance rules that are necessary, but at the same time, keep the process user-friendly and simple for everyone. The goal of these templates is to give users guidelines to follow while still providing flexibility.
- Enforce a naming convention in addition to the minimum owners requirement. Naming conventions can help you make sense of your teams and avoid having multiple team components with the same name.
- Depending on your needs, consider implementing an approval process. It adds an extra step to make sure teams are created according to your requirements. You can even set up an approval process for teams created using specific templates. This helps admins maintain control of any unique compliance guidelines and prevents duplicates.
Let’s take a closer look at these governance rules:
Standardization becomes crucial in a world where thousands of new teams are created daily. That’s why using a naming convention helps you maintain order and consistency. It also helps people search and discover teams.
But, implementing a naming convention can come with challenges, including:
- Getting everyone on the same page and reaching an agreement among stakeholders
- Keeping it simple and flexible
- Updating it to adapt to evolving organizational needs
One way to address this is by adding a prefix or a suffix. With ShareGate, you can add either one or both!
Good to know: 77% of templates created using ShareGate have an active naming convention.
—It can make the team’s purpose more prominent and immediately recognizable.
—It can help distinguish teams from one another, especially when viewing long lists of teams.
Be mindful of the Teams view inside the Teams app; the longer the prefix, the less visible the name.
Example: I can use PRO as a prefix for my Project template.
—Using a suffix at the end of the name can help preserve the readability of the base name by keeping it at the beginning.
—Useful when the base name is the most important part of the team’s identity.
Example: I can use Project as a suffix for my Project template.
To create a new Team, your users need a thumbs-up from an admin. You want to ensure there are no duplicates, the team name is appropriate, the right owners are assigned, and security settings are in place.
Most companies aim for self-service, but it’s difficult to achieve using Microsoft’s out-of-the-box tools. This often leads to unorganized, duplicated, and unused sites.
With ShareGate’s Approval workflows, admins approve a new team provisioned by a user.
You can give the green light or slam the brakes on teams created from specific templates as an admin. This helps you monitor teams created with stricter security templates. It’s like having a watchful eye on the most secure ones.
Approval requests can be located within the Approval Request tab.
We’ll soon add the option for multiple approvers, including folks outside the IT department. Stay tuned for updates!
4. Apply governance policies
With your rules enforced within your template, you’ve set the guardrails for users to follow when creating teams. But wouldn’t it also be great if your users applied the right security settings to the Microsoft teams they create?
Governance policies are rules that keep Microsoft 365 and Teams in check. They cover team creation, content management, security, access control, and compliance.
Implementing governance policies from the start helps you:
- Avoid stale content when a team becomes inactive
- Apply the right security settings
- Stay secure with automated external sharing and guest reviews
Let’s explore a few policies you can define within a template that help you maintain a secure and productive environment:
Public vs. private
What kind of team do you want it to be: a private or public team?
In Microsoft Teams, a private team is limited to a specific set of people. A public team is open to anyone in the organization to join.
For example, if you’re working on a sensitive project with confidential information, you’d choose a private team. This limits access to a specific group of people involved, ensuring confidentiality. Alternatively, a public team would be more suitable if you’re working on a collaborative initiative or company-wide announcement. It allows anyone in the organization to join and start a conversation.
External sharing and guests
External sharing is about making content accessible to people outside your organization who don’t have a Microsoft 365 account.
When creating a team using ShareGate, you can easily control external sharing settings using these sensitivity tags:
- Only people in your organization
- With existing guests
- With new and existing guests
- With anyone
Guests are individuals without a license from your Microsoft 365 tenant. They typically come from outside your organization, like partners, vendors, or clients.
Benefits of collaborating with guests in Teams include:
- Improved communication: Guests can participate in conversations, collaborate on projects, join meetings, and engage in discussions.
- Efficient file sharing: No more back-and-forth emails with attachments. Sharing and co-authoring content with external stakeholders becomes simpler.
- Increased productivity: By seamlessly collaborating with guests, you can streamline workflows and achieve goals more efficiently.
When creating a team, you can directly specify the Guest Access setting with ShareGate’s sensitivity tags:
- Guest allowed
- Guest not allowed
TIP: ShareGate’s sensitivity tags have your back when it comes to assigning the best security settings for privacy, guest access, and external sharing. You can assign a combination of security settings—for example, you can create a Highly Confidential tag with the security settings Private, Only with people in your organization, and Guests not allowed.
Purpose and sensitivity tags
Let’s uncover more about labels—sensitivity and purpose tags. Our user data shows that 82% of templates created using ShareGate have purpose tags, and 65% have sensitivity tags.
- Purpose tags help you understand why users create teams and better organize them by business purpose.
- Sensitivity tags help you assess how much of a security risk a team poses to your business. That way, you can apply the right security settings to each team from the get-go!
ShareGate provisioning is fully integrated with purpose and sensitivity tags you can manage from the Policies menu.
You can categorize teams by their level of sensitivity.
By implementing sensitivity tags at the template level, you ensure proper review of guest and external sharing. This guarantees that external users and guests have access only to relevant content in Teams.
When assigning purpose tags to a team, our goal is not to classify the content, but to allow you to determine the threshold for inactive teams. Setting a longer or shorter threshold for inactive teams helps optimize resources, keep the workspace organized, and tidy up teams based on their relevance and project status.
Here’s an example of how to set up thresholds:
- Project teams – 15 days
- Functional teams – 200 days
- Release – 90 days
More governance tools
Add and automate an inactivity policy to effectively manage the entire lifecycle of the workspace, from creation to archiving or deletion.
ShareGate’s Inactivity detection policy automatically finds inactive teams in your tenant, so you don’t have to. And it asks the right people to take action on them, by email or via our chatbot. Which is why it’s important to add at least two owners to share the management of each team.
5. Sync content and structure
If you haven’t already heard, Microsoft is making it easier for end users to discover SharePoint sites associated with teams. And creating new sites will be a piece of cake too, thanks to Copilot.
Keep up as Microsoft 365 shifts more power to end users. With a good governance plan in place, you can keep the number of sites, teams, and content in your tenant in check.
Get ahead of the mess with ShareGate Blueprints! This feature lets you use an active SharePoint site as a blueprint to enable the creation of perfectly purpose-fit sites associated to your teams.
How it works
With ShareGate Blueprints, you identify an existing SharePoint site with all its web parts, components, structure, and content to embed it in your provisioning template. When a user creates a team using that template, ShareGate quickly copies the blueprint site, including all its features, within minutes of the workspace’s creation.
Even better, any changes you make to the blueprint site will automatically update the provisioning template.
Head over to SharePoint online and create a team site that has the structure and the content you need. Check it out:
TIP: Set default folder structure and documents. ShareGate Blueprints enables you to establish a folder structure and document within the general channel.
1. Make sure there’s a teams attached to your SharePoint blueprint site.
2. Under the Documents library, select the General folder.
3. Create your own folder structure.
4. Customize the document library with documents, document templates or metadata.
6. Set up channels
You’re almost all set in getting your templates set up! The final step is setting up the channel structure for your teams ahead of time.
Channels are the conversations that happen within Microsoft Teams. Each can be dedicated to a specific topic, project, or department.
According to Microsoft MVP Jasper Oosterveld, it’s ideal to let your end users decide the number of channels they create within their team. Alternatively, a good starting point is to have six channels, including the General channel, but users can choose any number of channels that suits their needs.
Good to know: 64% of templates created using ShareGate don’t have any extra channels besides the General channel.
And there you have it—your templates are now ready! It’s time to implement the provisioning solution.
2. Put the provisioning solution into action
We talked to ShareGate customers and IT admins and noticed a common trend in implementing Teams in companies.
When the pandemic hit, remote work became necessary, and deploying Teams quickly was crucial. However, this caused problems like duplicate, test, and inactive teams. People we spoke to described the situation as “chaotic”, “like the wild west”, and “a nightmare.” (Yikes!)
To tackle this, many companies turned off self-service in Microsoft 365 and cleaned up unused teams and groups in their environment.
Now, organizations want a solution to help users effectively use Microsoft 365 while staying in control. (Hello, ShareGate!)
Start with a pilot group
When implementing your Microsoft 365 provisioning solution with ShareGate, start small. First, test the process and template before introducing it company-wide. Add the necessary people to the Microsoft 365 group for testing. Then, review feedback and make any changes before rolling out the solution to the whole company.
And don’t forget to enable Microsoft 365 group creation for all users.
TIP: Pin the ShareGate end-user app to the Teams sidebar menu for easy company-wide access.
Get your users on board
How do you get your users to use new templates in Microsoft 365? How do you introduce this change within your organization? It all begins with a communication plan.
To help you tailor your communication strategy, we created a sample email that can help you start the conversation about implementing ShareGate’s end-user Teams app for Microsoft 365 provisioning.
|Subject: An easy way to create teams |
We’re excited to launch a new way to create collaborative teams in Microsoft Teams.
The new ShareGate Teams application will be available starting [date].
You’ll notice the new application called ShareGate on Microsoft Teams when logging in after the above date.
Why you should be using the ShareGate Teams App?
You know best about the security levels for your documents and teams, and who should have access.
With the ShareGate Teams app, you’ll be able to:
-Create new teams from IT-approved templates.
-See and manage all your teams in a centralized place.
-Get notified once a team is no longer active to archive, keep or delete it.
-Regularly clean up externally shared links and guests.
-Classify teams by purpose and sensitivity.
How it works
You can now create and manage your own teams with the ShareGate Teams app. We have prepared some templates for you to use. If you don’t see a template that fits your needs, let us know!
Please see the step-by-step guide on how to create a team using our organizational templates.
Who do I contact if I need a new template?
For any questions, you can open a request with us at [IT desk contact info or process]. We hope this will make it easier for you to collaborate and keep track of your documents and conversations. Keeping our environment organized and secure is everyone’s business!
Group creation not allowed in your tenant? No problem
The ShareGate end-user app permissions align with your tenant’s permission level. When creating teams, we use the Microsoft API with delegated permissions, avoiding any intrusive access that overrides tenant-level settings.
This means that ShareGate and Microsoft native solutions can work together seamlessly.
To enable ShareGate provisioning and hide Microsoft’s “Create a Team” native button:
- Restrict the creation of Microsoft 365 groups to a select group of users. Follow the process in Microsoft’s official documentation to managing group creation.
- Enable the approval process for all ShareGate provisioning templates.
With the approval process, ShareGate can create teams and assign the appropriate owners afterward.
Turn Microsoft 365 into the collaborative and secure tool it should be
Your users crave freedom in their work, while you strive to maintain a well-organized and secure Microsoft 365 environment. Bringing everything full circle, you can combine the best of both worlds and create optimal workspaces for all!