Skip to content
November 23, 2021

Enhanced Compliance with Orchestry’s Group and SharePoint Options

Group and SharePoint controls are pivotal in maintaining a compliant digital workplace that leverages Microsoft 365. Let us take a look at how you can achieve compliance in your Microsoft 365 environment with Orchestry’s exciting features around Group and SharePoint sharing options.

Who Can Create Microsoft Teams, Sites and Groups?

What organizations are looking for is to put a limit on the creation of Microsoft Teams teams, SharePoint Hub/Communication Sites and Microsoft 365 Groups (hereon referred to as Workspaces) to gain better control of user activity. This is really apparent for organizations that have faced significant Microsoft Teams’ challenges. Organizations want to have the ability to limit Microsoft Teams team creations to IT groups, or a particular set of individuals in the organization, so that creation can be managed centrally.

Limiting teams’ creation in MS Teams can therefore aid in controlling sprawl. With limitations in place, end users can go through an approval process through Orchestry or other third-party tools to enforce structure and help lift the additional load off of IT professionals.

Admins have three clear options: (1) allow everyone, (2) no one, or (3) a particular Azure Active Directory group to create Workspaces. The Azure Active Directory option is becoming an increasingly common way for organizations to establish restrictions.

Controlling Creation with Microsoft OOTB Features

If you choose to allow everyone to create Workspaces, you’ll need some sort of additional governance policies in place. Microsoft 365 has some out-of-the-box (OOTB) capabilities that help create limitations. You can configure controls through Azure AD (Active Directory) via PowerShell and update settings in a bunch of different places within Microsoft 365. Another, somewhat easier route, is to ensure you deliver adequate training in Microsoft Teams so that end-users know all aspects of the platform and are more aware of the consequences of sprawl and duplication.

Workspace Creation Controls with Orchestry

With Orchestry you also gain valuable Workspace creation controls. Orchestry delivers a ton of capabilities and controls around the provisioning of new Workspaces. You can control everything from who, what to when Workspaces are created.

  • Who – Define who can create teams and sites. You can restrict some people to see only a subset of all the Workspace templates available. For example, if you want only Project managers to be able to request a Project Workspace template in Orchestry then all you need to do is set up a template in such a way so that those in the Azure Active Directory Group can see it and others can’t. Microsoft Teams has recently added this to their capabilities too.
microsoft 365 compliance in Orchestry - template permissions
Image: Controlling Workspace Template Visbility for Users in Orchestry.
  • What – This determines the level of permissions granted to users to control what they can do within Workspaces. Control features they can add as part of the request process, and control certain parts of the Workspace that are available to them, such as channels, tabs, SharePoint Site, documents, Planner, Lists, etc.
  • When – Monitor when a Workspace is provisioned through an approval process and also keep an eye on when changes are made to existing Workspaces. This is an effective way to keep all concerned parties updated on new Workspaces and major changes to existing Workspaces.

Setting Minimum Owners and Minimum Members

Orphan teams in Microsoft Teams is a huge issue for many organizations. It occurs when a user requested a team and is the owner of that team, but if that owner leaves the organization, then no one can continue using the Microsoft Teams team without IT getting involved.

A simple fix to this is to have a minimum of two owners for every Microsoft Teams team!

Another problem organizations face is a lack of visibility. Here comes the concept of default owners, with the ability to set default owners/members based on the Workspace requested, organizations can ensure that the right people are aware of new Workspaces. For example, you can set PMOs are default members or owners of Project Management Workspaces.

OOTB Microsoft capabilities are limited when it comes to setting minimum owners and members. With OOTB features of MS Teams, the user who requests a team becomes the owner and any changes can only be made post provisioning with custom code or PowerShell.

On the other hand, when provisioning a Workspace with Orchestry, you will come across permissions like having minimum owner and members that can be pre-determined for each template.

Microsoft 365 compliance in Orchestry - setting owners and members
Image: Setting Workspace Minimum Owners and Members in Orchestry

Controlling Guest Access and Group Sharing

Guest access is another control concern that organizations often battle. Unfortunately, the ability to control guest access on a group-by-group basis is not available OOTB in Microsoft Teams unless you are using Microsoft 365 Sensitivity Labels.

If you are looking to implement sensitivity labels in your Microsoft 365 environment, hear all about it from Microsoft 365 MVP, Joanne C. Klein: https://www.orchestry.com/event/sensitivity-labels-microsoft-365-what-how-and-why-to-inform-and-engage/

Within Microsoft 365, there are only two options – either guest access is enabled or disabled and the setting applies to all Groups and Workspaces. Unfortunately, the only way to maintain internal and external teams in the same environment with OOTB features is through custom code post provisioning or by using PowerShell.

Workspace Group Options from Orchestry

Now, most organizations want to be able to control guest access based on the Workspace template or use case. Microsoft 365 Group options determine what type of Workspaces you are provisioning, making it an important configuration setting in the Microsoft platform. Therefore, allowing users to choose if guest access is available when creating a new Workspace or not is critical.

With Orchestry you can allow guest access on a Workspace-by-Workspace basis and set it to suit your needs.

Microsoft 365 compliance in orchestry - group configuration options
Image: Orchestry's Microsoft 365 Group Configuration Option on a Workspace-by-Workspace Basis.

Let’s take a look at how comprehensive Microsoft 365 Group options are within Orchestry:

microsoft 365 compliance in orchestry - range of group options available for workspaces
Image: Microsoft 365 Compliance Group Options for Workspaces with Orchestry

SharePoint Document Sharing Options

Document sharing control in SharePoint and Microsoft Teams is somewhat limited within Microsoft. You can set the SharePoint sharing configuration but understand that it is set at the tenant level, so the same sharing options are applicable across all sites.

The primary requirement among organizations is to be able to control these options on a site-by-site basis. The ability to do this on such a granular level can only be achieved by updating settings manually in the admin center with Microsoft’s existing capabilities.

SharePoint Configurations with Orchestry

Orchestry now offers you the ability to better control your SharePoint sites and have sharing options available based on the type of template that you are using. These capabilities are useful for driving adoption and compliance.

Orchestry’s new SharePoint sharing options include:

  • External Sharing Options –
    • Anyone – Provisioning a public Workspace will function efficiently if sharing option is set to ‘anyone’ to keep all parties well-informed and updated.
    • New and Existing Guests – Every time someone tries to share something with this option configured, the external user will get a link and will have to answer verification questions, providing enhanced security.
    • Existing Guests – Only pre-determined guests will have access.
    • Only People in Your Organization – This is a good choice if you are provisioning an intranet site and do not want any external members to have access to it.
microsoft 365 compliance in orchestry - sharepoint configuration options
Image: SharePoint Sharing Options in Orchestry
  • Default Link Type – Access to links can be decided in three ways: (1) allow people with existing access, (2) allow only the people user specifies, or (3) allow everyone within your organization.
  • Default Link Permissions – You can allow members to either view or edit links.

With Orchestry you can even limit the domains you want people to share content on by allowing or blocking specific domains. Moreover, you can also set expiration to these ‘anyone’ links!

There is a lot of control that you can apply with Group and SharePoint configuration options. These capabilities really help automate that entire process of compliance.

Unparalleled Control with Orchestry

Orchestry aims to fulfill the needs of organizations and users that leverage Microsoft 365 and from our learnings, we understand the importance of compliance for them. Upon taking a closer look at what is already available out-of-the-box, Orchestry strives to fill the gaps in order to improve the management of your Microsoft 365 ecosystem.

Learn how Orchestry has added the support of Sensitivity Labels to empower workplaces with unmatched control capabilities. If you are interested in experiencing better compliance in your digital work environment, request free access to Orchestry and test it out for yourself!

Other posts you might be interested in

View All Posts