Running a Tight Ship: Controlling Microsoft Teams BRK3278 Running a Tight Ship: Controlling Microsoft Teams Tony Redmond @12Knocksinna

Tony Redmond Lead author for “Office 365 for IT Pros” eBook https://gum.co/O365IT/ MVP since 2004 Columnist for Petri.com https://www.petri.com/category/office/office-365

Goals for this session Talk about the effective management of the enterprise version of Teams Planning Deployment Management Guest Users Compliance Retention Auditing Excluding the transition from Skype for Business Online to Teams

Teams in a Nutshell Collaboration for up to 2,500 members built around personal chats and channel-based conversations within teams Has been called “Outlook for today” Built from Microsoft 365 components, including many Azure microservices Clients available for desktop, browser (no Safari), and mobile Dependencies on Exchange Online, SharePoint Online, and Azure Active Directory Supports MFA, conditional access

Teams Governance Lifecycle Deployment and Use Ongoing Management Compliance End of Life Review and Planning

Planning What do we want to achieve with Teams? Replace other collaboration platforms like Slack? Move away from email? Help people work together smarter? How will Teams interact and complement other technologies? SharePoint Yammer Email How will we measure success? Who’s responsible?

Planning Teams depends on Office 365 Groups and Azure Active Directory Everyone in a group shares equal access to group resources Office 365 Groups Policy controls aspects of team creation Naming, classifications, free or restricted creation of new teams Collaboration B2B policy controls guest access Expiration Policy controls when old teams expires Remember the licensing requirements for Azure AD Premium features, including 5:1 ratio for guests

Deployment Easy to create Teams and Channels, but think first, create later Private and Public Team classifications Effective use of SharePoint (Files) Avoid channel chaos with some basic etiquette and user training Topics and replies Formatting Usage reports

Ongoing Management Use Teams and Skype for Business Admin Console to manage users, etc. Add Apps, Bots, and Connectors Consider email access to channels Review audit log activity Monitor the transition from Email with usage reports

End of Life Expiration Policy Archiving Teams Removal – soft delete (can be recovered for 30 days) and hard delete (irrecoverable) Archiving Teams Set read-only (Manage Team) Remove all members (with PowerShell) Write your own code to check for obsolete teams (non-active) and remove them

Guest Users Guest access for all or some teams, depends on: Azure AD – must allow guests to be invited using Azure B2B Collaboration Office 365 Groups – must allow guests as group members SharePoint – must allow guests to access team sites Guests can access Teams, Planner, SharePoint – other apps? Add photos for guests Use IRM to protect sensitive content against guests

PowerShell Microsoft can’t to everything… so we have PowerShell Automation Management Reporting Different modules Teams Exchange Online (for Office 365 Groups – Set-UnifiedGroup etc.) Azure Active Directory (Set-AzureADGroup etc.) PowerShell doesn’t access user data – use the Graph instead

Compliance Records captured by Office 365 as Exchange items Personal chats – in the mailbox of chat participants Hybrid and guest users – in phantom mailboxes (shards) Channel conversations – in the team’s group mailbox Stored in the Team Chat sub-folder of Conversation Items Folder name is language-specific; folder type is “TeamChat”

Searching Compliance Records Compliance records are indexed and searchable Messages and call detail records One record per message in a chat or conversation Records for all channels in a team are in the same folder Records must be linked together to form complete conversation using the reply chain identifier For example 1529919175913 - Unix time stamp

Teams and Content Searches New-ComplianceSearch -Name "Teams Chat Scan" -Description "Search for Teams Chats about Finance" -IncludeUserAppContent $True -AllowNotFoundExchangeLocationsEnabled $True –ExchangeLocation All -ContentMatchQuery "Finance AND Kind:MicrosoftTeams"

Removing Offensive Material from Teams People can usually clean up their own mess, if you let users remove their items from channels Otherwise, it’s up to team owners No equivalent of Search-Mailbox cmdlet for Teams to scan all teams in a tenant for items matching specific criteria Offensive items might have been posted in several channels or personal chats Can run content search to discover offensive material and soft-purge items (up to 10) from mailboxes

Teams and Office 365 Retention Policies Retention policies specific for Teams – can’t cover other workloads Exchange Managed Folder Assistant processes mailboxes and removes compliance records Minimum retention period 7 days EXO synchronizes with Teams to remove items from chats and channels Eventually, removals are synchronized down to clients

Audit records Teams administrative actions are captured in Office 365 audit log Create, remove teams, channels, etc. User sign-on to Teams Viewed through Security and Compliance Center, Office 365 Cloud App Security, ISV products like Radar Reporting Use Search-UnifiedAuditLog cmdlet to bulk process audit items

In Summary – Success with Teams Know what you want to achieve and measure your progress Build a deployment and management plan, but be flexible Avoid adding teams and channels and channels until they are needed Manage the lifecycle Know about content searches and retention policies

Please evaluate this session Your feedback is important to us! 11/18/2018 12:42 AM Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/18/2018 12:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.