To ensure you’re taking full advantage of the policy management functionality of our PowerSuite software, we’ve created this Microsoft Teams Policies Best Practices series of blog posts. The Policies Best Practices series is aimed at introducing you to recently released collaboration features and how to use them for advanced governance of Microsoft Teams. We’ll cover common use cases and Microsoft Teams policies best practices — in this case, adaptive scopes.
So far, we’ve covered some key Microsoft Teams governance policies around controlling guest access and team ownership. We’ve also done a deep dive into defining naming conventions to make it easier for end users to find the teams they need.
For this installment in the Policy Series, we’re going to take a closer look at one of our advanced governance tools: adaptive scopes. Adaptive scopes allow you to apply policies to a group of teams that meet particular criteria, like department membership or a small number of owners. The mixture of ease-of-use and flexibility offered by adaptive scopes will take your policy creation to the next level.
First, we’ll define adaptive scopes and why they’re important. Then, we’ll cover some common use cases before diving in to how these can be used within PowerSuite for more flexible policies.
What are Adaptive Scopes?
A scope defines which areas of your Microsoft Teams environment a policy applies to. When we think about scoping a policy, typically we consider the teams for which a particular policy is relevant. In some cases, however, a policy may be relevant to specific users rather than teams. Previously, the scopes available within PowerSuite were limited to tenant-wide, an individual team, or a pre-defined group of teams. One of the most common cases for IT is wanting to apply a policy to a group of teams based on characteristics of those teams rather than a static list.
Adaptive scopes allow you to configure a custom blend of filters to achieve this increased flexibility. What makes them adaptive is that they are dynamically updated. For instance, you define an adaptive scope for all teams with exactly one owner. A team initially within this scope gains an owner, pushing it outside of the scope. On the other hand, a team outside of the scope with two owners loses one of them and is now covered by the scope.
Adaptive scopes allow for the appropriate application of policies, rather than a “one-size-fits-all” approach offered by more rigid native Teams administration console tools. This added flexibility helps IT and InfoSec teams apply policies more strategically, targeting areas of higher risk or meeting key country-based regulations. This more strategic approach prevents IT from limiting the capabilities of all end users to meet these types of requirements, ensuring a safe and productive Microsoft Teams environment.
While Microsoft does offer limited support for some policies scoped by team sensitivity labels, PowerSuite’s adaptive scopes offer more options, covering not only team sensitivity but many other key metrics, like guests, members, and privacy. For organizations just getting started on sensitivity labeling, PowerSuite provides significant advantages.
Best Practices and Use Cases for Adaptive Scopes
With an understanding of adaptive scopes and their value, let’s dive in to how to use them. Given their dynamic updates, adaptive scopes are good for tracking teams or users that meet a set of criteria. They are not well-suited for tracking the same set of teams over time. Static scopes (also available in PowerSuite) are better for this type of tracking.
Given the high degree of flexibility, there are many different example use cases for adaptive scopes. We’ve identified a few common ones to get you started:
- Apply Policies by Geography or Department: Different locations and different departments often require different policies. PowerSuite’s adaptive scopes allow you to meet these requirements, like ensuring all teams with members in Europe in the consulting department follow a unique naming convention.
- Different Rules for Inactive Versus Active Teams: It’s common to want to take different actions based on whether or not a team is active or how long it’s been inactive. PowerSuite lets you apply a policy that tackles teams that have been inactive for 60 days (or whichever time period you specify) and have no owners.
- Targeted Team Sprawl Clean-Up: When end users first use Microsoft Teams, the first impulse of the motivated user is to create a test team. One interesting method we’ve seen to reduce team sprawl is an adaptive scope aimed at all teams whose names contain the word “test.”
- Removing Unnecessary Guests: Reducing risk exposure is often a top goal for InfoSec when it comes to Microsoft Teams, and tackling guest access is a good place to start. However, it can be difficult to know which guests are no longer needed. Adaptive scopes can be used to target guests who are not contributing, as they’re on inactive teams. These guests can be removed from the inactive teams, while preserving guests on active ones.
Advanced Microsoft Teams Governance Policies with Adaptive Scopes
While adaptive scopes are very useful when combined with PowerSuite’s existing, template-based policies, we’ve also introduced advanced policies for even more flexibility. Where the template-based policies are like a paint-by-numbers, advanced policies are a blank canvas. Where templates guide you to creating a specific type of policy, advanced policies allow for greater customization. Advanced policies identify compliance issues based solely on the adaptive scope associated with them rather than pre-determined rules. This makes them incredibly flexible and powerful. These advanced policies will soon support enforcement workflows, thus associating the adaptive scope with a series of IT-defined actions.
There are some Microsoft Teams policies best practices when it comes to advanced policies. They’re best suited for policies that are relatively unique to your organization, or they can be used to get to a greater level of granularity. For instance, many IT teams have different methods of dealing with teams with no owners versus teams with one owner. While a minimum owners policy would group these two cases together, advanced policies can be used to target each individually.
Connect with a Consultant
Don’t let information security concerns keep you up at night. Work with us to take the necessary steps to secure your workplace collaboration platform with our Security Rightrack offering.
To create an advanced policy, define the scope first within PowerSuite policy management. Then, start the process of creating a policy as you typically would. Just choose “Advanced Policy” when selecting the policy type. In this way, you can define highly customized policies that will continue to adapt as your Microsoft Teams environment evolves.
Take Control of Collaboration Security and Governance
PowerSuite’s Policy Management solution set provides advanced governance capabilities for Microsoft Teams. Take control of collaboration security and governance, with end-user productivity. Our industry-leading software does it all, with insight-driven security analytics for issue discovery.
Not sure where to start? Our Collaboration Security and Governance RightTrackTM consulting engagement sets you up for success.
We hope that this installment of the Microsoft Teams Policies Best Practices series has helped you reevaluate Microsoft Teams policies best practices for your organization. Stay tuned for the next installment where we’ll drill into the details of enforcement workflows!