1. Reducing sprawl
This is the most obvious of the governance reasons, and the one that most organisations will find themselves butting up against at some point in their Microsoft 365 journey. Typically, it occurs when organisations turn on Groups functionality within apps like Teams, SharePoint, Outlook, Yammer and Planner because they want to encourage people to collaborate. It’s a great idea, but without boundaries it quickly becomes messy and uncontrollable.
The impact is felt when users don’t know where they are in the Microsoft 365 suite and don’t have clear guidance about what they should save where, when and why.
When staff members can’t find what they need they start another group with the express purpose of creating something that may already exist elsewhere, duplicating effort and adding to the general confusion of mixed and changing messages.
2. Future proofing and planning
Ta da!! Trumpets sound and drum roll please, Microsoft 365 has now been turned on for our organisation …
Too often organisations think of this as a project, with a nice end date at which point the future is looking rosy.
And then a something changes; an application matures or morphs into something else; perhaps it even disappears completely as with StaffHub and Skype for Business Online.
As things change the requirements of staff to become more self-sufficient about understanding the technology they are using becomes ever more important. In order to be self-sufficient though, they need to be informed, updated and educated about the impact of the change.
Too often though organisations fail to remember that ‘staff’ includes the IT staff who have a part to play in managing the technical environment. For this group, governance means having a clearly defined plan and process to manage all future changes in Microsoft 365 that includes everything from system governance to the knowledge and learning for end-users. It also means clear knowledge and learning pathways that help them upskill in advance of the change taking place.
For that matter, having a team with dedicated time to manage change is essential in this environment; so, if you were thinking about disbanding your project team at the end of implementation, you might want to re-think that decision.
3. Minimising the peril of lost knowledge
Data loss prevention often focuses on the security and protection of confidential, commercially sensitive or personal information. Turning on the security and compliance tools that help your organisation do this is an essential step in the set-up of Microsoft 365.
But those tools don’t help when knowledge, information or data is lost to staff who need access to it because it is deleted, moved or archived, or they aren’t a member of the right permissions group. For example, vital information about contracts and clients is all too easily lost when the Team it was created in is deleted because it hasn’t been accessed for 12 months. Having a process that moves essential documents into safe storage, away from their working predecessors will help everyone know where to go to get definitive answers to crucial questions. And when users understand ‘Groups’ they quickly get to know what their boundaries are where they need to go to extend them.
4. Creating the ‘informed’ user
Back in the 1990’s there was a move in the wider health community to create the ‘informed patient’, that meant people who could fully participate in any decisions made about how to become and stay healthy.
I would argue that an essential part of Microsoft 365 governance is helping to create the ‘informed user’; someone who knows what they can do, where they can do it and what the consequences might be of doing something different.
It’s all too easy for staff to assume that because something is possible, they should do it. At one organisation I worked with this was thrown into sharp relief when a member of staff created a form for clients to fill in and stored it in OneDrive. Because they could share the form externally, they sent the form to their client who duly filled it in. The staff member then sent it to another client who, surprise, surprise saw the first client’s personal information! This was a data breach that had to be notified to the Information Commissioner. It only happened because that member of staff didn’t understand the difference between sharing a file that allowed editing vs sharing a file that was read-only.
5. Reducing the risks of shadow IT
When staff are thwarted in their attempts to get something done, they will often find alternative means. If your organisation doesn’t have clear guidance about how applications will be rolled out, or doesn’t consider governance of third-party applications, it’s all too easy to lose control over documents and data without realising they are gone.
To lessen the impact of shadow IT, staff need to know what’s acceptable and what’s not. Including this knowledge in your organisation’s adoption and engagement learning plans means that staff behaviour around shadow IT can be addressed by line managers and, if necessary, formal HR procedures, if that becomes necessary.
