Get up to speed on Microsoft Teams Admin Best Practices

At the Digital Transformation Hub, we want to simplify Teams management, and this is why we have created this list of actionable tips, tricks to help you successfully manage your Teams environment.
teams

In the wake of COVID-19, Microsoft Teams usage soared as many businesses rushed to roll out to support the new methods of virtual collaboration often without time to implement an effective management plan.  

At the Digital Transformation Hub, we want to simplify Teams management, and this is why we have created this list of actionable tips, tricks to help you successfully manage your Teams environment. 

General tips

Implement a naming convention for your teams

It’s challenging to manage teams if you don’t know why they were created or used for. An effective naming convention can help you identify the function, membership, geographic region, and/or creator of a team.  

It’s important to remember that Teams is built on top of Microsoft 365 Groups, so the name chosen has many impacts on the IT side. It defines Microsoft 365 group email address; and it defines the SharePoint sites URL that is attached to the team itself. As Microsoft 365 groups are a core component of your company productivity suite, so you can imagine how IT needs to create rules and policy to make sure that all the information is compliant, secured, etc. Lack of naming convention results in a nightmare for the IT department, and therefore costs and risks that could be avoided. 

Only create new Teams when it makes sense 

You can perform a search to make sure a Team that meets your needs doesn’t already exist. Most of the time we see a new channel in an existing Team will suffice. 

Create an all-staff wide team 

Provide an automatic way for everyone in your small to medium-sized organization to collaborate and stay up to date. 

A new Team comes with a lot. You don’t have to use everything 

Your team may use Teams solely for file sharing instead of communication and/or planner. 

Don’t over invite people to your Teams 

If your Team isn’t working on dedicated deliverables and it’s more informational, provide invitees with the option to join or not. You can do this by sending a join code and let recipients decide if it is appropriate to join, unless mandated by team. For bigger, more open-ended discussions you may want to use Yammer, which likely is included with your MS 365 account. 

Keep guest access turned on in MS Teams  

By granting guest access you’re also allowing your guests  complete access to your Team’s files and other data that is shared through channels. Therefore, you risk having your guests see sensitive content, which poses potential data security risks. 

You can manage guests in your Azure AD with the same compliance and auditing protections as the rest of Microsoft 365 that is applied. Essentially, guest access lets you maintain complete control and your data never leaves your sight. From February 2021, guest access capabilities in Teams are turned on by default.  

Understand the backends for parts of Teams 

Teams is a client interface on top of other Microsoft 365 services. If you want to understand the nitty-gritty, you’ll need to explore the back-end (which we don’t cover in this guide) and look at products such as: 

  • Connection between Microsoft 365 services (Teams, SharePoint, Planner, Exchange, Planner and Stream) with the use of Microsoft 365 Groups  
  • Understand the permission model between the Microsoft Teams and SharePoint  
  • Review the usage of Dynamic Membership and update profile properties of users in Azure AD (if applicable) 

MS Teams security best practices 

Microsoft Corporation invests huge amounts of time and money into security of their systems, including MS Teams. Their team constantly improves and adds new security features, making it one of the safest tools for collaboration. At the same time, there are always data security risks, no matter what platform you use. And it’s a responsibility of each not-for-rofit to ensure the safest use of the tool and protection of data. 

Fortunately, Teams benefits from its integration with key elements of the Microsoft security framework

  • File-sharing experience powered by SharePoint 
  • Team conversations stored in a dedicated group mailbox 
  • Azure Active Directory (Azure AD) stores and manages team data and membership. It also manages user authentication for the Teams platform as a whole 

We suggest before you make Teams generally available to your not-for-profit, be sure to review and configure the following: 

  • Authentication setup in Azure AD for user logins to Teams 
  • Global security settings in Microsoft 365 many settings carry over to Teams or to SharePoint, OneDrive and Exchange (Work in tandem with Teams) 

Digital Transformation Hub recommends that you go and enable MFA if you haven’t already. Sure, it can be an extra step in your log-in process, but it’s a high-level shortcut that keeps your data secure. 

We also recommend Mobile Device Management & Mobile App Management for corporate and personal devices if you have Business licensing and store sensitive data on these devices. 

Beware of link permissions 

If external sharing is turned on in Teams, then all the documents you store in SharePoint can potentially be shared with external users through chats. This can result in leaks of sensitive data and create serious security risks.  

So, once a file is uploaded into a team it has the same capabilities you get from SharePoint and OneDrive. To prevent accidental security breaches, we recommend configuring the business-level sharing settings in admin centre according to your business’s security needs. 

App Management 

Apps in the Teams store fall under one of three categories: 

  1. Built-in apps provided by Microsoft 
  2. Apps built by third parties 
  3. Custom-built internal apps 

Consider restricting the use of certain apps based on their source and how they handle data: 

  • To control which apps to block or make available to your organization, use the settings on the Manage apps page in the Teams admin centre 
  • You can also use app permission policies to block or make certain apps available to specific sets of users 

 Audit user activity 

You can use Microsoft’s Supervision policies to monitor chats and team channels. You can also monitor usage through various built-in reports and functionality: 

  • Go to Analytics & reports in the Microsoft Teams admin centre 
  • Go to Reports > Usage in the Microsoft 365 admin centre 
  • Or use Microsoft 365 usage analytics in Power BI

Data retention policies 

Create retention policies that specify when to keep Teams data to stay compliant with business, regulatory or litigation requirements. You can also use retention policies to direct the removal of data that no longer needs to be retained. 

Channels 

When you start creating teams and channels, you may have an idea of what a “good” name looks like. It could take some iterating but once you’ve settled on a format, the most important thing you can do is to communicate the naming convention for your Microsoft Teams deployment. 

For example, you might decide to keep things simple like having a general team and a channel per department (HR, Marketing). 

Note: When Teams is used on mobile or a minimised browser version, only the first few characters will be visible. 

Renaming channels come with consequences 

Check and confirm with Team ahead of time if a channel needs to be renamed. 

Less is more – Create Channels only when needed 

Like Teams and access to Teams, keep your channel listing simple to start and allow it to evolve organically. We see confusion happen when there are too many channels. Avoid this from the start by not creating a channel unless you really need it. 

Files and folders can have their own permissions 

You can share files and folders with other people from SharePoint. But be careful: file-level permissions can very quickly become difficult to manage. 

Move files from old team/channel to new 

Use the move button to ensure you won’t lose version history in the file. Drag and drop is considered a new copy of original. 

Adding a Shared Calendar to Team Channels 

As mentioned above, it can be a challenging task to co-ordinate with multiple people and track availabilities for a meeting. With MS Teams, you can create and share a calendar with members of a specific team. MS Teams automatically posts a notification to the channel’s activity feed when a new event is created. This feature enables all members of the channel, except for external guests, to view any upcoming events and move them to their personal calendar. 

Private Channels 

Most channels are standard ones, everyone on the team can see them as well as view and participate in conversations, share files, and more. With a private channel, members of a team must be specifically added to be able to participate, see content, and to see the channel appear in their list of channels. 

Private channels (PC) have their own owners 

By default, a user who creates a new team is granted the owner status. In addition, owners and members can have editor (moderator) capabilities for a channel provided it’s been setup. To change someone's role, select the dropdown arrow and choose a role such as Owner or Member. To add someone, select Add member. 

Members are always a subset of the main Team members 

You can’t add people to the private channel if they aren’t already a member of the Teams “hub”. 

Private channels get their own SharePoint site 

Separate to the main Team hub. 

PC site has limited permission options and integration features 

You can’t change the owner/member group through SharePoint, though you can use the visitor group and create new SharePoint security groups. Tabs, most apps (excl Planner), and connectors are supported, and each PC has an email address like normal channels. But PCs do not support bots, or scheduled channel meetings. 

More of MS channels here.

Files 

When you create a Teams “hub”, a SharePoint site is automatically created in the backend, which, in turn, creates a document library for each channel. Files uploaded in a Teams channel show up in the Files tab and are stored in a SharePoint document library. For files shared in private chat, they are uploaded to the sender’s OneDrive. Even though it looks like files are stored in Teams,  behind the scenes they’re always stored in SharePoint (for a Team) or OneDrive (for a private chat). 

There is no magic formula or template for the perfect file storage system. The secret is to figure out a system that works for your organisation. Here is a guide we built looking at nine best-practice tips to optimise file management > Best-practice information storage and management 

 

 

Rate this guide

Average: 5 (4 votes)

Status message

Thanks for rating this guide.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.