18 Feb Ensuring Microsoft Teams Governance when Guest Access is Automatically Turned On
Ensuring Microsoft Teams Governance
when Guest Access is Automatically Turned On
18 February 2021 · 4 min read
During the past year, organizations worldwide had to adapt to remote work. One way to facilitate this shift was deploying different collaboration platforms, such as Microsoft Teams.
Teams offers various features to help organizations conduct meetings, work on projects together, and even invite people from other organizations to collaborate. Until now, when an organization deployed Microsoft Teams, the ability to allow guest or external collaborator access was turned off. So, if your organization did not configure guest access manually or did not need outside collaborators, you were safe.
From February 2021, Microsoft announced that guest access will be automatically turned on for all new and existing tenants that did not configure it.
For many organizations, this change could have governance and compliance implications, especially if they work with sensitive data. Project and relationship-based organizations could be impacted because they work across thousands of projects each year with various clients. These include organizations in legal, finance, banking, retail, and more.
To ensure your governance program stays intact, here are a few tips on leveraging guest access securely.
Deploy Teams in phases
When new applications and platforms are deployed in an organization, you should be careful in enabling functionality. Making all features available immediately could create chaos and spark governance concerns. The same holds for Microsoft Teams too.
Best practices suggest deploying Teams in phases. Start with a pilot phase where your governance team has control over what is being created. Disabling the use of external applications, the ability for users to create Teams and Channels, and guest user access should be your priorities.
Microsoft also advises organizations, especially those in the legal industry, to deploy Teams in phases to maintain governance. For more tips on how to rapidly deploy Teams with governance, read our whitepaper here.
Engage in data classification
To start your journey towards enabling guest access, you need the ability to track users to particular projects, workspaces, Teams, Channels, folders, and documents across your collaboration systems. If you do not have any mechanisms to understand who is or should be working on a particular document and who should have access to a Team, then guest access will weaken your governance.
The way to know who should have access is by understanding context. Data context is enabled by assigning unique identifiers or rich metadata to projects, Teams, Channels, folders, and documents.
Currently, Teams has limited capabilities for metadata, so you will need technology to facilitate this process. Once you can assign rich metadata, like author, department, office, type of project, and more, to your content, you can then understand who should and should not have access, including internal and external users.
Implement zero-trust or need-to-know security to protect data
With rich metadata to provide context and track users to content across collaboration systems, including Microsoft Teams, your organization is ready to implement zero-trust policies and data loss prevention to protect data.
Such policies ensure that data is secured to only those who need to know. It allows an organization’s risk management team to grant access to an internal or external user for a particular document, Team, or Channel and then revoke it after a specific time, once access is no longer necessary.
Doing this manually across hundreds to thousands of projects across systems could result in human error and increased risk, so your organization should have the technology to automate the process. By automating access management, organizations strengthen governance and improve compliance.
Guest users can be automatically enrolled into the organization’s Teams tenant, and they will have access to only the Teams or Channels they need for successful collaboration. That is how your organization can start its journey to using Teams as a secure and governed extranet.
Apply new or existing ethical walls to Teams
Since your organization might already use other collaboration systems and ethical wall systems to ensure governance, carrying them over to Teams strengthens security and governance. Ethical walls will prevent users from being added to Teams and Channels that they do not need access to.
The ability to automatically apply ethical walls to Microsoft Teams and your other systems, such as the DMS, improves governance across systems, preventing guest users from accessing sensitive information. To leverage such capabilities, you should look for governance platforms, such as CAM, that enable integration with common ethical wall systems.
How Prosperoware Helps
Prosperoware CAM is a software-as-a-service (SaaS) enterprise platform that enables organizations to leverage their collaboration systems for digital transformation while improving governance. CAM allows organizations to enhance processes around management of office documents, improve adoption, and reduce risks related to privacy & cybersecurity.
CAM integrates with various collaboration systems, including Office 365 (Microsoft Teams, SharePoint Online, OneDrive, Planner, OneNote), File Shares, iManage, NetDocuments, HighQ, and more to come.
Our unique approach relies on adding context by applying rich metadata to identify projects, matters, engagements, etc., to workspaces, Teams, Channels, and folders in systems. This approach benefits end-users and the risk management team. Users can leverage critical metadata to locate content easily, while risk professionals can focus on data security and disposition instead of trying to determine its context.
Key CAM features:
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through human workflow using templates
- Rich, custom metadata for project or document context
- Unified directory for project location
- Provision internal & external users, manage permissions, and integrate with ethical wall systems
- Data Loss Prevention including activity monitoring and bulk security & metadata changes
- Set data disposition policies or apply litigation hold