Andy Pettman

Adoption & Change Management Senior Consultant


The point of governance is to keep an organisation safe and legal, as a result you might be thinking that governance has no relevance to user adoption beyond data loss prevention. And to some extent you’d be right; I say ‘to some extent’ with the caveat that focusing only on information management misses the point of Microsoft 365 at its most transformational.

‘Digital transformation’ only happens when people get involved in changing their behaviour around technology; in fact, any transformation only happens when people change what they do currently to do something different.’

This can be as simple as using Teams or Yammer to send and broadcast messages around an organisation, rather than multi-recipient emails.

Or it can be as complex as using PowerApps and Power Automate to manage approval systems instead of moving a piece of paper around the office.

The transformation is not in the technology, it’s in how people use the technology.

But you’ve probably seen what happens when you just turn on an application without pondering the implications of doing so. The most common experience I come across is when Teams is turned on without even the minimum of technical governance such as naming conventions or expiration policies behind it.

So, because most organisations are only focused on getting through turning it all on, I thought it might be helpful to outline the 5 key reasons why I believe governance matters for user adoption and engagement.


1. Reducing sprawl

This is the most obvious of the governance reasons, and the one that most organisations will find themselves butting up against at some point in their Microsoft 365 journey. Typically, it occurs when organisations turn on Groups functionality within apps like Teams, SharePoint, Outlook, Yammer and Planner because they want to encourage people to collaborate. It’s a great idea, but without boundaries it quickly becomes messy and uncontrollable.

The impact is felt when users don’t know where they are in the Microsoft 365 suite and don’t have clear guidance about what they should save where, when and why.

When staff members can’t find what they need they start another group with the express purpose of creating something that may already exist elsewhere, duplicating effort and adding to the general confusion of mixed and changing messages.


2. Future proofing and planning

Ta da!! Trumpets sound and drum roll please, Microsoft 365 has now been turned on for our organisation …

Too often organisations think of this as a project, with a nice end date at which point the future is looking rosy.

And then a something changes; an application matures or morphs into something else; perhaps it even disappears completely as with StaffHub and Skype for Business Online.

As things change the requirements of staff to become more self-sufficient about understanding the technology they are using becomes ever more important. In order to be self-sufficient though, they need to be informed, updated and educated about the impact of the change.

Too often though organisations fail to remember that ‘staff’ includes the IT staff who have a part to play in managing the technical environment. For this group, governance means having a clearly defined plan and process to manage all future changes in Microsoft 365 that includes everything from system governance to the knowledge and learning for end-users. It also means clear knowledge and learning pathways that help them upskill in advance of the change taking place.

For that matter, having a team with dedicated time to manage change is essential in this environment; so, if you were thinking about disbanding your project team at the end of implementation, you might want to re-think that decision.


3. Minimising the peril of lost knowledge

Data loss prevention often focuses on the security and protection of confidential, commercially sensitive or personal information. Turning on the security and compliance tools that help your organisation do this is an essential step in the set-up of Microsoft 365.

But those tools don’t help when knowledge, information or data is lost to staff who need access to it because it is deleted, moved or archived, or they aren’t a member of the right permissions group. For example, vital information about contracts and clients is all too easily lost when the Team it was created in is deleted because it hasn’t been accessed for 12 months. Having a process that moves essential documents into safe storage, away from their working predecessors will help everyone know where to go to get definitive answers to crucial questions. And when users understand ‘Groups’ they quickly get to know what their boundaries are where they need to go to extend them.


4. Creating the ‘informed’ user

Back in the 1990’s there was a move in the wider health community to create the ‘informed patient’, that meant people who could fully participate in any decisions made about how to become and stay healthy.

I would argue that an essential part of Microsoft 365 governance is helping to create the ‘informed user’; someone who knows what they can do, where they can do it and what the consequences might be of doing something different.

It’s all too easy for staff to assume that because something is possible, they should do it. At one organisation I worked with this was thrown into sharp relief when a member of staff created a form for clients to fill in and stored it in OneDrive. Because they could share the form externally, they sent the form to their client who duly filled it in. The staff member then sent it to another client who, surprise, surprise saw the first client’s personal information! This was a data breach that had to be notified to the Information Commissioner. It only happened because that member of staff didn’t understand the difference between sharing a file that allowed editing vs sharing a file that was read-only.


5. Reducing the risks of shadow IT

When staff are thwarted in their attempts to get something done, they will often find alternative means. If your organisation doesn’t have clear guidance about how applications will be rolled out, or doesn’t consider governance of third-party applications, it’s all too easy to lose control over documents and data without realising they are gone.

To lessen the impact of shadow IT, staff need to know what’s acceptable and what’s not. Including this knowledge in your organisation’s adoption and engagement learning plans means that staff behaviour around shadow IT can be addressed by line managers and, if necessary, formal HR procedures, if that becomes necessary.

My belief is that governance is the core foundation your organisation needs before you can even begin realising the benefits of a suite of tools like Microsoft 365.

If you don’t address this, at some point you’ll be firefighting the technical impacts with all the consequent time and cost implications that this brings. When you do start with governance though, creating knowledge and learning plans, communication strategies and success measures is much easier and faster.