Background image

New in ShareGate Apricot: Automatically apply customized governance policies to your Microsoft teams based on their purpose and sensitivity

ShareGate Apricot custom policies update ShareGate Apricot custom policies update

In this release, as part of ShareGate Apricot’s Team security solutions, we’ve made it possible for you to easily manage and adapt your organization’s governance policies based on a team or Microsoft 365 group’s business purpose and level of sensitivity.

Users create Microsoft teams for all sorts of reasons, and the level of risk each team poses to an organization depends on the type of information that’s shared within it. Since no team or Microsoft 365 group is created equal, why should the governance policies applied to them all be the same?

Ideally, you want to be able to give maximum freedom to lower risk groups to drive adoption while enforcing stricter rules of engagement for higher risk groups to protect your organization.

It’s probably not such a big deal if Laura shares her favorite recipes with the external ad agency. But if you put strict restrictions that don’t allow her to do that, she could start using a third-party tool to communicate with external people. On the other hand, you’d want to make sure that there are stricter rules set for Jenny’s “Compensation review” team since they discuss and share employee information.

At the same time, you want to make sure that short-lived teams are cleaned up once they’ve served their purpose. That way, you avoid having a growing number of inactive groups accumulating in your tenant, which can get quite messy.

So, how can you find the right balance when setting a team’s governance policies between implementing policies that are too strict, which can lead to shadow IT, and policies that are not strict enough, which can lead to sprawl and sensitive information getting into the wrong hands?

Microsoft’s out-of-the-box solutions don’t allow for this kind of customization. The Microsoft 365 governance policies are one-size fits all. And even if you had an Azure AD Premium license or wanted to venture into writing a PowerShell script, there isn’t a straightforward way of customizing your governance policies. That’s the problem we aim to tackle with our latest release.

Introducing ‘Custom governance policies’ in ShareGate Apricot

At ShareGate, we want to help you set custom governance policies based on the purpose of each team and the risk it poses to your business.

That’s why we’re excited to launch custom governance policies in ShareGate Apricot. This new feature allows you to easily customize and manage two policies: inactive group detection and external sharing review, based on a team’s purpose and sensitivity.

ShareGate Apricot logo

Try ShareGate Apricot in your tenant for free.



Clean up inactive teams based on their purpose in ShareGate Apricot

You can now customize your inactive group detection policy by setting the number of days after which a team is automatically deemed inactive based on its business purpose. This allows you to clean up short-lived groups more frequently and keep your tenant more organized for everybody.

You’d want to set a shorter inactivity threshold for time-based projects because once the project is finished, the team will have served its purpose and become idle. By cleaning it up quickly, you avoid having too many inactive time- and project-based teams piling up in your environment, creating clutter.

For example, you might want to set a 30-days threshold for teams that have External project as their purpose like Laura’s “Earth Day Ad” team. This means that ShareGate Apricot will look for user generated activities in Teams, SharePoint, and Outlook, and if none is detected for 30 days, ShareGate Apricot will flag the team as inactive. At which point you’ll have the option to either keep, archive, or delete the team. And if you’ve entrusted Laura with her team, she’ll also be notified, either by email or via the ShareGate Apricot chatbot, to make that decision herself.

On the other hand, teams that you know are used for a long time, like those based around Departments or Office locations, would benefit from a longer wait time before being marked as inactive. This would reduce the frequency at which you and the owner are nudged to act on the team, something we’re sure everyone would appreciate!

How it works

Whether you used the default ‘Group purpose’ categories we set up or have created your own, you will be able set a customized inactivity threshold, in days, for each purpose tag.

Screen Shot 2021 06 24 At 11 49 54 Am

You can edit the inactivity threshold based on group purpose.

We understand that all of your teams may not yet have a purpose assigned to them, which is why for those teams, the default inactivity detection policy that you’ve set will be applied.

Image002

You can set a default inactivity detection policy for teams without a purpose.

Set the frequency of external sharing reviews based on a team’s sensitivity

Now you might be thinking, and what about group sensitivity? How can you use that information to customize a policy? That’s where our external sharing review policy comes into play.

It gives IT admins visibility on the links of every file that’s shared externally by each team. And team owners are asked to review the validity of those files periodically to avoid your organization’s data falling into the wrong hands.

By combining our group sensitivity feature with the external sharing review policy, you can customize the frequency at which team owners are asked to review externally shared links, based on their team’s sensitivity level. It reduces the risk of exposing sensitive data to external people who should no longer have access to it. Sounds great! But what does that mean?

It means that you can set your policy so that owners of higher-risk groups can be asked to review their links more frequently than those of lower-risk groups.

Let’s take Jenny’s “Compensation review” team for example. Since it involves discussing and sharing employee details and salaries with an external consultant, you’d want to make sure she reviews the validity of externally shared links frequently, let’s say every 30 days. That way, owners of teams sharing more sensitive information are asked to remove links to files that no longer need to be shared more often, lowering the risk that those shared links could pose to the business should they fall into the wrong hands.

Whereas for Laura’s “Earth Day Ad” team, which contains data that poses less of a security risk to the business, you might want to set the review recurrence to every 90 days. Customizing how frequently links are reviewed based on each team’s level of sensitivity helps ensure the safety of your organization’s data.

How it works

Whether you used the default ‘Group sensitivity’ labels we set up or have created your own, you will be able set a customized external sharing review recurrence, in days, for each sensitivity tag.

Customize external sharing review based on the level of sensitivity of a team or group.

We understand that all of your teams may not have a group sensitivity label assigned to them yet, which is why for those teams, the default external sharing review policy that you have set will be applied.

Note: This doesn’t apply to group sensitivity labels that only allow users to share links within the organization.

Image003

You can set a default occurrence for external sharing reviews for teams without a sensitivity.

Coming soon: Simpler way of collaborating with your owners using the chatbot

We know you might not always have the answers needed to make the right decisions about the organization and security of your Teams. Luckily, team and group owners usually have most of those answers.

Our next feature will focus on making it easier for you to identify and individually contact owners of specific teams and groups, both new and current ones, for any missing information in relation to any of the ShareGate Apricot governance policies. This on-demand collaboration with owners will allow you to confirm or obtain missing information about a particular team or group to better understand why it’s been created, how it’s being used or how much of a risk it poses to the organization.

We’re excited for what’s coming up on the roadmap!

Recommended by our team

What did you think of this article?

Simplify Microsoft 365 adoption with your ShareGate subscription Watch our on-demand webinar.