Helpful Resources
Microsoft Teams is an institutional tool for meetings, collaboration, file sharing, messaging, and more. Teams is built on top of other Microsoft 365 services like SharePoint, OneDrive, and Exchange. Implementing Teams governance is important for operational reasons, such as preventing sprawl, but also for managing privacy and security. While Vanderbilt University Information Technology manages the governance backend of Teams, users need to implement Teams management to make sure they’re getting the most out of the platform.
Know the difference between a Team, Channel, and Chat
Be thoughtful about whether a new Team should be created, if it should be a Channel within a Team, or could be handled via Chat.
You’ve decided you need a new Team or Channel. Here are some best practices to consider for managing your Team or Channel’s lifecycle: Create, Maintain, Expire.
- By default, anyone at Vanderbilt can create a new Team or Channel. When the number gets out of control, it can become complicated and hard to find info.
- Establish expectations early, such as outlining criteria for when a new Team should be created vs. making it a Channel within an existing Team.
- Limit who can create to a few individuals for your area.
- Consider establishing an approval process to ensure creation follows your area’s overall expectations and needs.
- Define and apply a consistent naming convention. Names imply meaning and serve as a key navigational guide. Names should uniquely identify your group and its purpose. Prevent confusion with these naming do’s and don’ts:
Naming Example:
- Select an appropriate Team or Channel privacy level.
- Public: Anyone within the institution can join. Only select this if all data should be shared with everyone.
- Private: Membership can be controlled by Team Owners and access limited.
Data Classification Level Description Team/Channel Privacy Level Level 1 Public Data that is intended for public release or distribution. Public or Private Level 2 Institutional Use Only Data that is private and should not be available to the non-VU individuals without permission. Private Level 3 Restricted Data that must be kept confidential by law or contract or should not be shared with unauthorized persons. Private Level 4 Critical Data that is protected by regulation and requires bespoke security implementation. N/A - Not allowed in Teams Note: A Team’s privacy level can be changed by the owner at any time; however, a Channel’s privacy cannot be changed once set.
- Ensure there is more than 1 Owner per Team to help manage, moderate, and avoid orphaned Teams. As a general rule, the larger the membership, the more Owners it should have.
- Manage the overall maintenance of your Teams and Channels to ensure practices and security are being upheld.
- Similar to other collaborative platforms, Teams use is subject to continuous security monitoring. Where necessary, it may be accessed to disrupt malicious activity/intrusion or to comply with legal discovery requirements as outlined in the Security Incident Response Policy.
- When the work of a Team has run its course, it is important to remove it to prevent sprawl. Owners should proactively delete a Team or Channel when it is no longer needed, such as after a project has ended. If files stored in the Team are still needed, Owners should transfer them prior to deletion to an appropriate location such as OneDrive.
- Any Team that has been inactive (i.e., no visits) for 365 days will be automatically archived and Owners notified with renewal instructions. Member access and data is retained during archival. If the archived Team is not renewed within 30 days, it will be automatically deleted including any files or data in it.
Not sure how to start?
Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.