A couple of the common questions that IT Pros raise when they are new to Microsoft Teams is, “how do I control Teams sprawl and how can I put some Governance controls into the Teams creation process”?
There are a lots of tools at an administrator’s disposal to answer both these questions, but one approach I personally like is to have some form of automated process to manage Microsoft Teams creation.
Over the last last couple of years I’ve delivered numerous training events on this topic. One of my favourite pieces of work is a lab in which Partners use a combination of a SharePoint list, the Power Platform and Graph API to build an automated process for Microsoft Teams creation. My latest iteration of the lab has been around for over a year and I’ve finally got around to creating a video demo. Check it out below:
If you want to have a crack at building this demonstration, you can download the lab guide from here – Lab Guide Download.
As I mentioned this piece of work is over 12 months old now, if I ever have some time to update it I would replace the SharePoint classification label with a Sensitivity label. One of the benefits of the new modern label is that you can also use it to control Guest Access.
One of the things that I personally like about Microsoft Teams from an architect’s perspective is that the service leverages existing Microsoft 365 and Azure AD security capabilities. From an Admin’s perspective, the security features available for other Microsoft 365 services such as EXO and SPO are, when relevant, directly applicable to Teams.
Having said this, if you are new to Microsoft Teams you might struggle to get your head around which of the myriad of available controls relate to Teams and whether they fall under the Microsoft 365 or Azure AD administrative umbrellas. To try and help with this I recently created the diagram below to try and position a lot of the “bells and whistles” you might want to consider for a Teams security posture. One point to note is that different customers (or parts of a business) will have different security requirements. But I use this chart as a bit of a cheat sheet to remind me of some of the main components that should/could be considered during the planning stages of a Teams implementation.
Note; As per the slide name this is a “sample” of the capabilities so may not be exhaustive but it works for me as a super high level overview.
Anyway, just thought I’d post this in case this was helpful. I’ll probably bring some of the features mentioned above to life by way of some video demos in future posts.