Full Session Recording: https://myignite.techcommunity.microsoft.com/sessions/81821
Managing Microsoft Teams Effectively is the fourth session in the Journey to Teams learning path. It was the one I’d wanted to blog about when MVP’s were presented with the opportunity to do so. Why? I strongly believe in the effective management of Microsoft Teams - but also because I knew Anne Michels was delivering the session. For anyone who has seen Anne live, they’ll know that she is one of the most passionate and engaging speakers in Microsoft - and I personally saw her knock it out the park in a Teams Architecture session back in Berlin last December during Microsoft Ignite the Tour.
Over 2000 IT pros turned up to this one. That’s around 7% of everyone who attend Microsoft Ignite.
Managing Microsoft Teams Effectively is all about what administrators need to know regarding what controls are available to customise and regulate Teams within their tenants. Effective management of Teams ensures the best experience for end users. It ensures the best experience for IT. It ensures the best experience and greatest return for the organisation.
There are three key areas here: architecture, security and compliance and manageability
What are the building blocks of Teams? Where is data stored?
From an architectural perspective Teams brings together Office 365 services (I.e. SharePoint, OneDrive for Business), the Intelligent Communications Cloud which enables communications capabilities such as chat, meetings and calling and Teams Services - defined as the orchestration layer bringing all the components together. Everything is built upon Azure and the Teams Clients - the Desktop, Web and Mobile clients - sit across it all, directly interacting with other services for optimal performance and user experience.
In terms of where the data within Teams is stored - this is dependent upon the entity. For example, Teams Files are stored in SharePoint whereas personal files are stored in the user’s OneDrive for Business. Similarly, whilst all chats are stored in Azure, private chats are ingested into the user’s mailbox whereas Team conversations are ingested into the shared mailbox associated with the Office 365 Group. It is critical to understand where all this data is stored in order to plan for, and execute, the correct security and compliance controls as well as the optimal lifecycle and administration policies.
Changes to Teams architecture has occurred through the introduction of Private Channels - focused spaces for collaboration within teams where only users who are owners or defined members are authorised to access. Information shared within private channels are stored differently to regular channels. Each private channel has its own SharePoint site collection which means files within it are inaccessible to unauthorised users. Since site collections are expected to rise significantly with the use of private channels Microsoft has raised the tenant limit of site collections from 500,000 to 2 Million per tenant. In addition to this, chats within private channels are no longer stored within the Office 365 Group mailbox - they are within the mailboxes of the members of that private channel. The ability to create private channels can be determined either at the tenant level or at the Team level. Guests can be added if they are already within the Team. Session THR1080 is recommended for an in-depth look at private channels and information protection.
Security & Compliance
In order to manage Teams effectively, the administrator needs to know about Security and Compliance controls in order to protect data and meet compliance requirements. Teams is a Tier D compliant application, meaning industry-leading compliance commitments are enabled by default. It includes the following standards: ISO 27001, ISO 27018, SSAE16 SOC 1 and SOC 2, HIPAA, and EU Model Clauses (EUMC). Since security and compliance has always been a focus for Teams whose users expect high levels of security following other Microsoft 365 apps such as Exchange and SharePoint, there is already a wide range of controls available today and configurable through the Office 365 Security and Compliance centre. These include Data Loss Prevention (DLP), Supervision, Retention Policies and eDiscovery.
A number of new security and compliance controls announced at Ignite include
- 1 Day Retention Policies
- Information Barriers for SharePoint Online files in Teams
- Sensitivity labels for Teams
- Advanced Threat Protection Safe Links
- eDiscovery support for threaded conversations
- Audit log support for messaging events
These features will be rolled in over the coming months and can be tracked on both the Microsoft 365 Roadmap and the Message Centre.
In order to manage Teams effectively, the administrator needs to know what controls can help them during onboarding and the day-to-day management. This begins with understanding where these controls are. Administrators can use GUI's such as the Microsoft Teams Admin Centre, the Microsoft 365 Security and Compliance Centres and the Azure AD Admin Centre, or they can use CLI’s such as Powershell or the Graph API.
As opposed to being reactive when Teams is in flight, effective management should begin right from the outset of the onboarding. This includes preparation of the environment (I.e. deployment, checks and the configuration of service dependencies), preparation of the network with Network Planner to support different kinds of traffic such as audio and video conferencing, and the configuration of different clients for users based upon their needs, roles and work styles. This list is not exhaustive. It can also include administrator training via https://aka.ms/successwithteams which provides the team with best practices and where they become best placed to support end users. It can also include leveraging role based access control (RBAC) to assign administrators the correct Teams administrator permissions for what they need to do. Azure AD roles are especially effective for larger organisations which typically have multiple administrators managing the service or a specific workload.
Mapping and tracking all of these considerations and tasks at the onboarding stage as mentioned above may be difficult or cumbersome for some IT teams. Yet this pain can be circumvented with the new Advisor for Teams which is in preview today. The Advisor is set within the Teams Admin Centre and is a tool which deploys a dedicated Team offering step-by-step guidance through the process in a logical and optimal manner. This can be managed on a workload by workload basis if required.
Administrators should also look to get familiar with settings and policies in the Teams Admin Centre as soon as is possible. Settings and Policies are both collections of configuration elements grouped by modality. The difference here is that whilst settings are typically set on a per tenant basis, policies can be set on both a tenant and user basis. The ability to set policies on groups is coming soon. Common Teams settings and policies that administrators are likely to engage with early in the onboarding will include Org Wide Settings, Messaging and App Permission Policies.
Due to the flexibility and granularity of Teams, there are multiple settings and policies at the administrator’s disposal. A new control called Policy packages - collections of predefined policies and policy settings which can be assigned to users who have similar roles, can simplify, streamline, and help provide consistency when managing policies for groups of users across the organization. This can also make it significantly easier for IT to assign permissions when onboarding new users or when users change roles.
Moving onto the management of devices, the ability to manage them should not be a difficult experience for the administrator, nor far removed or separate from the central administration experience. The ability to manage Teams Rooms systems within the Teams Admin Centre will soon be possible, including the ability to update, restart, monitor or assign configuration profiles.
Finally, to cap an amazing session jam packed with new controls, effective management comes with rich reporting and analytics capabilities. Administrators need to know what is going on within their environment so they can best make decisions and give users the best experience possible. Teams has a growing number of usage reports within the Teams Admin Centre. They can also be surfaced within the Microsoft 365 Admin Centre and the Adoption Content Pack. The newest reporting available is Per Team and Cross Team Analytics. Per-team analytics gives users a more granular view of usage data for a specific team. This includes temporal-based charts for active user and message counts plus deeper breakdowns of user types and activity trends. Cross-team analytics gives users a broad overview of usage data for all teams that they are a member or owner of in a single list view. This includes active user and message counts and trend lines for team activity.
Overall, it's been another fantastic tour de force by Anne which has given the 2000 plus attendees a lot to think about, and a new set of controls to make the management of Teams more effective.
5/5 - A must watch
More About Anne
Anne leads the Industry & Firstline team for Microsoft Teams. She has worked in the tech industry for over 10 years - driving the marketing strategy for a variety of programs and products. In 2012, she moved to the US to lead the launch of key Office 365 capabilities, including a new Office 365 admin center used by thousands of IT Pros worldwide. She holds a Master of Arts in Communication and Media Studies from the University of Bonn. She is fluent in German, English and Spanish.
Follow Anne on Twitter: https://twitter.com/Anne_Michels
Follow Anne on Instagram: https://www.instagram.com/anne_michels