Getting Started with Microsoft 365 Governance

I know Halloween has come and gone, but I’d love for you to entertain a horrifying scenario for a moment. It’s March 15, 2020, and the United States has just gone into lockdown in response to the COVID-19 pandemic. The Empire State Building in New York City, the Prudential Center in Boston, Willis Tower in Chicago, and office buildings across the country have become vacant ghost towns. Millions of companies and organizations have to figure out overnight how to conduct business outside the walls of their office for the first time.

Now imagine cloud-based collaboration tools were never invented. There are no cloud storage solutions to safely share files across borders. There are no video meetings, digital whiteboards, or real-time document collaboration tools. There’s no instant messaging or internal message boards.

How does business get done? Can the world just completely stop for two years?

The US economy took some punches during the height of the COVID pandemic, but nothing like it would have if these incredible tools didn’t exist. I apologize for being hyperbolic, but did M365 save the world?

The Massive Growth of Microsoft 365

I know we’re all tired of reading about the massive shift to remote work over the last two years, but it’s necessary context to the real challenges we’re experiencing today. M365 has seen an explosion of new users and increased usage among existing users. For records managers, this presents unprecedented levels of complexity. According to a recent AIIM survey, 42% of respondents reported that the volume and variety of records within their M365 implementation are expanding too quickly to manage and protect properly.

Microsoft 365 is a powerful and flexible platform that allows users to collaborate in the cloud like never before. We absolutely don’t want to discourage that collaboration, but we need to strike a careful balance with control. Good governance ensures that security and management requirements can be met without sacrificing productivity.

Ten Tips for Applying Information Governance to Microsoft 365

Microsoft 365 applications control many aspects of how you create and use information in your organization. So it's vital that you have a governance structure for them. However, the significant increase in the volume, variety, and velocity of that information is changing the game for governance and compliance.

The only way to scale the oversight and control of content in M365 is to automate governance as much as possible and focus as much on defensible disposition as on retention, and as much on data extraction as data archiving.

Microsoft’s best practice recommendations take a cue from the Records and Information Governance industry’s own list. Some or all may seem familiar:

1. Talk to your users. Identify the people that use the collaboration features most and meet with them to understand their core business requirements and use case scenarios.

2. Balance risks and benefits. Review your business, regulatory, legal, and compliance needs and plan a solution that optimizes for all outcomes.

3. Adapt to different organizations and different types of content and scenarios. Consider the different needs of different groups or departments and different types of content, such as intranet content versus a user's OneDrive content.

4. Align to business priorities. Business goals will help you define how much time and energy you need to invest in governance.

5. Embed governance decisions directly in the solutions you create. Many governance decisions can be implemented by turning features in Microsoft 365 on and off.

6. Use a phased approach. Roll collaboration features out to a small group of users first. Get feedback from them, watch for help desk tickets, and update any needed settings or processes before proceeding to a larger group.

7. Reinforce with training. Adapt solutions such as Microsoft 365 learning pathways to ensure that your organization-specific expectations are reinforced with Microsoft-provided training.

8. Have a strategy for communicating governance policies and guidelines in your organization. Create a Microsoft 365 Adoption Center in a SharePoint communication site to share policies and procedures.

9. Define roles and responsibilities. Identify your governance core team and work through crucial governance decisions about provisioning and naming and external access first, and then work through the remaining decisions.

10. Revisit your decisions as business and technology change. Meet periodically to review new capabilities and new business expectations.

Microsoft 365 Governance Should Support Your Business Goals

At AIIM, we never recommend governance for governance’s sake. It’s critically important that your M365 governance plan aligns with and supports your business’ priorities and desired outcomes. The goal here should be to get as much bang for your buck out of M365 as possible, allowing you to improve collaboration across teams and reduce security risk at the same time (saving time and money in the long run).

Automating governance-related processes within your M365 tenant will go a long way toward achieving this goal in most cases, as it will reduce the day-in and day-out workload of your administrative team, reduce the number of errors made while applying your desired governance rules, and increase the frequency with which you can reasonably audit your system to ensure things are as they should be.