To help you take full advantage of the policy management capabilities in our PowerSuite software, we’ve created this Microsoft Teams Policies Best Practices series of blog posts. The Policies Best Practices series is aimed at introducing you to recently released collaboration security and governance (CSG) features and how to use them for advanced governance of Microsoft Teams. We’ll cover common use cases and Microsoft Teams policies best practices.
So far, we’ve covered some key Microsoft Teams governance policies:
- How to properly use naming conventions to make it easier for end users to find the teams they need.
- How to flexible apply policies to a subset of relevant teams with adaptive scopes.
For this installment in the Policy Series, we’re going to explore flexible enforcement workflows to create compliance workflow automation. These automated workflows allow you to specify a series of actions that should occur in response to a policy violation. Multiple workflows can be created, and the same workflow can be assigned to multiple policies. These enforcement workflows will help you right-size enforcement actions based on the severity of a violation.
First, we’ll go over key features of enforcement workflows. Then, we’ll cover some Microsoft Teams policies best practices for designing workflows, before giving you some tips and tricks for creating and using automated workflows in PowerSuite.
What Are Flexible Enforcement Workflows?
Flexible enforcement workflows allow PowerSuite users to define a series of actions that occur automatically upon a policy violation. These workflows can specify an immediate correction of the issue or they can include a gradual process of nudging end users towards making their teams compliant. Compliance workflow automation enables teams to respond appropriately based on the severity of the violation. While native administration tools (from Microsoft, Zoom or Slack) are limited to more rigid, fully on or off enforcement, PowerSuite’s flexible workflows help IT and InfoSec teams balance the tradeoffs of security and end-user productivity.
Today, PowerSuite’s workflows support email-based inform actions for team owners, service desk emails, and webhooks into Microsoft PowerAutomate for a variety of corrective actions. Emails can be partially customized using PowerSuite’s Configuration dashboard, under End-User Communication. Over time, more actions will be incorporated natively into PowerSuite. PowerSuite’s workflows also offer the option to require IT approval before initiating an action. This feature is valuable for testing out new workflows, as well as for an extra check before taking an irreversible action.
Microsoft Teams Policies Best Practices for Designing Compliance Workflow Automation
There are a number of Microsoft Teams policies best practices to keep in mind when designing a workflow. Having the end goal of the workflow determined prior to building it out is key. If there are existing manual steps that IT takes to resolve compliance issues, these can also be helpful in constructing a more automated version. Here are three best practices to get you started in creating workflows:
- Escalate: Good workflows should build towards compliance. For instance, IT teams often add an action to send a first notice to the relevant team owner to prompt them to resolve an issue. Many times this will be followed up by a more urgent final notice, giving some time for a response before allowing the definitive resolution action to occur. A final step here is to send a notification to the end user that the action has been taken.
- Set Delays: Inserting appropriate delays between actions helps end users take resolution actions themselves or gives them the time to request an exception. For less urgent issues, delays are good for ensuring users are empowered to make corrections without feeling that heavy-handed enforcement is in play. This approach increases IT and end-user harmony.
- Approve Actions: Requiring an approval before an action occurs helps IT avoid major missteps. In production workflows, approvals are valuable before more drastic actions, like removing a guest or archiving a team. In testing a new workflow, they’re essential for helping you ensure the workflow behaves as expected.
Tips for Using Workflows in PowerSuite
With the framework for an automated compliance workflow in mind, it’s time to start implementing it in PowerSuite. You can create workflows on the Policy Management dashboard within the Workflows page. Once you’ve created a workflow, you’ll need to associate it with one or more policies. This should be done on the Manage Policies page of the Policy Management dashboard. You can edit existing policies to add the workflow, or you can create a new policy, adding the workflow as the final step in the policy creation wizard.
Before deploying a new workflow, it’s wise to test it well. Modifying a policy’s scope to cover a significantly smaller number of test teams is a good way to do this, especially when combined with requiring an approval at each step of the workflow. This ensures the workflow behaves as expected before it is fully released.
A key component of compliance workflow automation in PowerSuite is the ability to use webhooks. Webhooks offer significant flexibility in being able to integrate with many different software services (e.g. ServiceNow, etc.). PowerSuite includes a number of pre-built actions executed using PowerAutomate. This approach prevents PowerSuite from requiring extensive permissions for added security for our customers. PowerSuite users can also design even more intricate PowerAutomate flows that can be triggered by PowerSuite.
After deploying a new workflow, it’s important to measure success and the workflow’s impact on your Microsoft Teams environment. One Microsoft Teams policies best practice is to track compliance. This can be done within the Policy Management dashboard on the Compliance Report page, which shows the organization’s overall Team Compliance as well as key trends in the number of active issues. If your workflow relates to a particular initiative, the PowerSuite Security Analytics dashboard is a helpful resource for measuring impact in that category.
Automated workflows for flexible enforcement are a key puzzle piece to securing and organizing your Microsoft Teams environment. They help you customize the response to a violation, taking a commonsense approach to collaboration security and governance. PowerSuite provides the tools you need to balance risk with end-user effectiveness.
Take Control of Collaboration Security and Governance with Compliance Workflow Automation
PowerSuite’s Policy Management solution set provides advanced governance capabilities for Microsoft Teams. Reach flexible control of collaboration security and governance with our industry-leading software.
Not sure where to start? Our Collaboration Security and Governance RightTrackTM consulting engagement sets you up for success.
We hope that this installment of the Microsoft Teams Policies Best Practices series has helped you reevaluate Microsoft Teams policies best practices for your organization. Stay tuned for the next installment where we’ll talk about the exciting world of lifecycle management!