ShareGate Apricot automatically collects information from owners about how their team is being used—giving you the visibility you need to apply custom-fit governance in Microsoft Teams.
Freedom and flexibility are at the heart of the Microsoft 365 user experience, with self-service features and collaboration tools like Microsoft Teams transforming the way that we work.
But with more user freedom comes more responsibility for IT. It's a delicate balance: protecting data in a way that meets your organization's business and compliance policies, while making sure user productivity isn't hindered.
The truth is that your governance strategy needs to be flexible, too. Locking everything down is harmful, one-size-fits-all thinking that can negatively impact adoption and result in users turning to other, unapproved tools.
Ideally, policies should be customized according to how each team is being used. With ShareGate Apricot, you can collaborate with owners to categorize teams according to their business purpose. That way, you can apply the appropriate controls at the Microsoft 365 group (i.e. individual team) level to ensure your data stays secure.
The challenge of managing data at scale
Today, we have almost instant access to a historic amount of data—with enterprises producing a staggering amount, at an ever-increasing pace, each and every day.
And a lot of that data requires protection; according to McAfee's 2019 Cloud Adoption and Risk Report, nearly a quarter of all files in the cloud contain sensitive data, up 17% over the past two years.
The best way to approach data security is from the perspective of governance. And one of the best ways to approach data security at scale is from the perspective of container governance: security and compliance policies applied at the level of Microsoft teams and Microsoft 365 groups.
The fact is, not all teams (and, by extension, the data within them) are created equal. Effective Teams governance requires targeted application. But that means you need to know where—which is to say, within which teams—your sensitive data lives.
Try ShareGate Apricot in your tenant for free.
Classify containers to help identify your valuable content
In her ShareGate webinar on how to protect your Teams content, Microsoft MVP Joanne Klein explained that container governance can be broken down into the following best practices:
- Empower employees: Enable self-service site creation and lifecycle management so users don't turn to shadow IT.
- Identify valuable content: Define a data classification scheme and require classification for containers.
- Protect valuable assets: Put policies in place to control access to sensitive data.
- Ensure accountability: Manage group/team ownership and review external sharing and guest access.
Within the scope of this blog post, we're going to show you how ShareGate Apricot's "Group categorization" feature can help you identify your valuable content at the level of each container/team.
Looking for tips on how to define an effective data classification scheme for your organization? We spoke to Microsoft MVP Marc D Anderson about best practices, tips, and tricks to help you get started.
Know why users create new teams
It's easy for users to create a new team in Microsoft Teams. Unfortunately, it's also easy for users to ignore the optional Description field:
Users create teams for a number of reasons, some less business-oriented than others. If a team is named "Softball league", it's pretty easy to infer what the team will be used for.
But if a team is named "Project Pitch", the reason of creation is less obvious. In that case, you're going to need to ask the person who knows best: the owner of that team.
Automatically collect information from owners with ShareGate Apricot's Teams chatbot
Instead of reaching out to each owner manually, activate the ShareGate Apricot bot to ask for this information automatically. A conversational bot integrates seamlessly with users' existing workflow in Teams, helping reduce friction and context-switching to keep productivity at its highest possible level.
Here's how it works: When ShareGate Apricot detects a new Microsoft 365 group, our chatbot automatically contacts the owner via direct message in Teams and asks them for its reason of creation.
To make it easy for owners to make a decision, the bot presents them with pre-defined 'Group purpose' options to choose between—then relates their selection back to you.
Activating the ShareGate Apricot Teams bot
In the ShareGate Apricot UI, click on Settings, then slide the toggle next to Activate the ShareGate Apricot bot in Teams.
Note: ShareGate Apricot comes pre-populated with a default list of 'Group purpose' categories based on some of the most common reasons users create teams. If you want to edit or add to these categories, click on Manage underneath the bot activation toggle.
Once activated, the Teams bot will be installed automatically for any user the app needs to contact.
Group purpose categorization: Use case
Let's say John Greene decides to create a new team for members of the office softball league—the team called "Project Pitch" mentioned above.
Shortly after the new team is created, the ShareGate Apricot bot reaches out to John via chat conversation in Teams:
The chatbot asks him to define the purpose of his new team and presents him with pre-populated options to choose from.
We built a default list of 'Group purpose' categories based on some of the most common reasons users create teams—but you can edit or add to these options in ShareGate Apricot's Settings tab based on the needs of your organization.
- Department: Used for an ongoing project or collaboration between employees who are part of a specific department (i.e. marketing or HR).
- External project: Used for projects that involve collaboration with people outside the organization (i.e. collaboration with an external vendor).
- Internal project: Used for projects that involve collaboration with people inside the organization (i.e. implementation of a new system).
- Office location: Used to gather employees working in different geographic locations (i.e. New York office)
- Particular topic: Used to communicate and collaborate on specific initiatives or topics (i.e. planning the holiday party).
Each category also includes a description. If John is unsure which option to choose, he can click on the ? next to a category to read its description. In this case, the Particular topic option makes the most sense.
Once John clicks Select, our bot confirms his decision in their chat conversation...
...and relates that information back to you in ShareGate Apricot.
Organize your teams by purpose for custom-fit container governance
On your end, in ShareGate Apricot, click on the Groups tab to see a list of all your teams and Microsoft 365 groups. The option he selected is now visible in the Group Purpose column next to his "Project Pitch" team:
You can also manually assign a Group Purpose category (or overwrite a selection made earlier by an owner) by selecting a team from the list, then clicking on Choose a group purpose...
...and choosing one of the categories from the list. In the case of the "Product marketing" team, Department makes the most sense.
Your choice also now appears in the Groups tab, where you can organize and filter all your teams by business purpose.
Next up: Protect your valuable assets with targeted security policies
Understanding how users collaborate in Teams is the first step towards customizing your governance policies. If you know where your sensitive data lives and what users are doing with it, you can apply the appropriate controls to ensure it stays secure.
For example, if you identify a team that collaborates regularly with people outside your organization, you can configure guest access settings at the individual team and SharePoint site level.
Or, if you know which teams contain highly sensitive content, you can apply targeted security and compliance policies based on the needs of your organization. Our next ShareGate Apricot release will allow you to categorize your teams by data sensitivity and group purpose and enable you to apply custom security policies through the app itself.
From identifying valuable content to uncovering inactive and ownerless teams, our easy-to-use governance tools provide better visibility across the entire lifecycle—from creation all the way through to archival.
ShareGate Apricot is easy to setup and even easier to manage—no clunky interface, no coding, and no Azure AD premium subscription required.
If you're a ShareGate Desktop customer, then we have great news! Your subscription now gives you full access to ShareGate Apricot at no extra charge! Activate your ShareGate Apricot account by signing in here. Make sure to have your ShareGate Desktop license key handy—you'll need it complete your activation.
If you're ready start categorizing your groups and teams according to business purpose, take a look at our documentation to learn how to set it up!
Make Teams everyone's
Guide users towards productive and secure collaboration,
with governance that scales with you.