Technical Readiness

and Governance
Microsoft 365 Adoption Guide | Supplemental Resources

Date 01-22-19
© Copyright Microsoft Corporation. All rights reserved.
Core technical talent activities with stakeholders:

o Security reviews

o Network planning

o Service management

o Client rollout

o Governance models

o Support readiness

o Feedback models
Ready your help desk

Make sure your help desk is equipped with the information

it needs to support your end users.
Use this guide to help get your help desk ready to
troubleshoot any Microsoft 365 issues or questions your
users might have.

http://aka.ms/helpdeskready
Company
Info sharing
(Outer loop)

Hub site

Division +

Team site Team site Communication site Teamwork

Team
 Microsoft 365 groups is a membership service

1 User creates new group

for collaboration 2 Group identity created in
Azure Active Directory 3 Group experience populated
in app of choice

Microsoft 365 Application Azure Active Directory Microsoft 365 Application

Identity, Resource URLs,
Owners, Members

One Identity Federated Resources Loose coupling

Azure Active Directory (AAD) is the master for Microsoft 365 services extend with their data Services notify each other of changes to a
group identity and membership across Microsoft (group messaging, SharePoint Team Site, group (creation, deletion, updates).
365 (Exchange, SharePoint, etc.) OneNote, Planner)
 Hub Portal /
Communication
sites

Community Authoritative
file

Conversation Team file

Chat OneDrive file

Conversations Content
 Business
• Accomplish business goals as simply
as possible – if it’s too hard, find an
easier way
• Limit business disruption

Security officer Employee

• Get out of my way
• Prevent data leaks and breaches
• Make it easy for me to get my work
• Protect high-value information done quickly

IT • Let me share easily

Legal IT admin
• Manage the increasing volume of data
• Comply with retention
• Keep up with changing services & threats
• Support eDiscovery
 Solution Discovery Security Container and content
governance governance governance governance
o Support self-service o Require classification o Limit reach o Manage group/site
creation for containers o Enforce policy ownership
o Use lifecycle o Scan with data loss o Use conditional access o Review external
management prevention (DLP) membership
o Use Information Rights
Management (IRM) o Use IT services
Expiration Policy

Admin configuration

o Set expiration timeline

o Notification intervals are set automatically

o Set fallback email address for ownerless groups

o Apply policy to selected groups

Group Expiration Policy

Configure Microsoft 365 groups
expiration
Group Owner
o Renew expired groups

o Restore expired groups that were soft deleted

Teams renewal notice Outlook renewal notice Outlook restore notice

Apply the policy to selective groups

Admin Tool
Azure AD PowerShell
o Supported in V1 release​

Azure AD portal
o Supported in V1 release​

Azure Information Protection (AIP)
End users label and classify
o Apply protection to a file based on its
label​
o Prevent external people not in
protection policy from opening a file
Detect
Protect content
Data loss protection (DLP) Protecting the Group
Automatic detection and protection o Run jobs to change Team
settings based on Team
o Detect and prevent oversharing classification​
o Block sharing based on patterns in file o Unified labels will bring this
to Microsoft 365 groups​
o Manage DLP policies across Microsoft
365 workloads
Information protection lifecycle
Classify Protect Monitor
 The unique workstyle of every group

Outlook SharePoint Yammer Microsoft Teams

Email & calendar Intranet & Connect across Hub for teamwork
content management the organization

Microsoft 365 groups Security and compliance

Single team membership across Centralized policy management
apps and services

Membership service for Centrally managed

Extensible
Microsoft 365 teamwork apps and governed
 Self-service as a collaboration enabler
IT Objective: Empower employees while protecting content, remaining compliant and holding employees accountable.

Create awareness Protect assets Enable self-service

We generate excitement about We will empower our employees Employees can create collaborative
culture change and collaborative while validating & protecting assets spaces through self-service tasks and a
tools in various ways consistent environment

Outlook Yammer Microsoft Teams SharePoint

Modern Communities of interest and High velocity collaboration Library for shared files and
distribution lists executive engagement intranet sites
 Microsoft 365 groups

Teams Yammer Outlook

Choose conversation
mode Focused teamwork Community and discovery Targeted and direct

o Iterate quickly on a project with
your team
Choose nature of o Work with team files and
collaboration collaborate on deliverables
o People you work with regularly
on core projects
o Create a community of practice
o Crowdsource ideas and foster
interactive conversations
o People you connect with openly
across the organization
o Share updates with your group
o Upgrade your DL to a group
inbox with shared assets
o People who require targeted
communications

Consider Private or directed audience,

Private group; small to medium Public group—
group size and tracked communications, team
project team or org Communities or large org
openness working offline

SharePoint Planner Skype Power BI

Empower employees
o Support self-service creation
o Use lifecycle management

Identify valuable content

o Require classification for containers
o Scan with data loss prevention (DLP)

o Limit reach

Protect assets
o Enforce policy
o Use conditional access
o Use Information Rights Management (IRM)

o Manage group/site ownership

Ensure accountability o Review external membership

o Use IT services
 Replace labels with your own

Highly Confidential
The most critical data for organization. Share only with named recipients.

General
Daily work product used and shared throughout organization, like personal settings and ZIP Codes. Share
throughout organization internally.
Device

Identity Data

Location
 Microsoft 365 groups

Access
Microsoft 365 data
Invited member

SharePoint Teams

Targeted guest
What are the triggers?
Hub sites
Factors for defining group: Public communities
Company
o Right security boundary

o Appropriate classification Tier 1 sites

o Topic relevant to group
Division Modern sites

Includes effective set of

members: Tier 2 sites
Targeted communities
o Active participant Department
o Stakeholder
Tier 3 Teams or
o Informed SharePoint sites

Workgroup

Many workgroups, few divisions