Microsoft Teams Governance Capabilities

AGAT Software team

In this post we will explore Microsoft Teams Governance Capabilities in detail. What is it possible to see and which actions are possible to do from the admin portal.

Companies are facing more challenges on their communications, mostly due to the unprecedented transformation of business to partial or fully remote. Unified communications professionals need to make sure that their UC Vendor is up to the governance standards of each individual company.

Here is our detailed list of Microsoft Teams Governance capabilities:

To open the Admin Center for MS Teams go to → https://admin.teams.microsoft.com/

Teams and Channels

See list of Teams including :

  • Amount of Standard Channels
  • Amount of private Channels
  • Amount of team members
  • Amount of owners
  • Amount of Guests
  • Privacy Status of channel/team (Public/Private)
  • Status (Active/Archived)
  • Team Description 
  • Classification – Sensitivity labels for Microsoft Teams
  • group ID
  • Expiration Date

Add Teams including

  • Name
  • Description
  • Team Owners
  • Privacy Status

See members of each Teams including

  • Display Name
  • User Name
  • Title
  • Location 
  • Role (Member/Guest)

Channel Actions

  • Add Members
  • Remove Members
  • Change Roles (member to Owner and vice versa)

Channels – list of channels in each team including 

  • Name 
  • Description
  • Type (private/Standard)
  • Auto Pin (shows if the channel is pinned to the channel list. A standard channel can be pinned under the team, but private channels can’t)

View Channel Settings (cannot edit)

Conversations 

  • Allow editing of sent messages
  • Allow deleting of sent messages

Channels

  • Team members can add channels or edit existing ones
  • Team members can add, edit or remove tabs 
  • Team members can add, edit or remove connectors
  • Team members can add, edit or remove apps
  • Team members can add private channels or edit existing ones

Teams Apps

Manage Apps including

List of Apps with meta data and possible actions: 

  • Upload
  • Allow
  • Block
  • Add to Team
  • Customize

App Policies

For these categories:

  • MS Apps | Third party Apps | Custom Apps
    • Allow All Apps
    • Allow Specific Apps and Block all others (whitelist)
    • Block Specific apps and allow all others (blacklist)
    • Block all apps

Org-Wide Settings

External Access

  • Turn on/off external communication with Skype for Business and Teams users 
  • Create lists of allowed and disallowed external domains 

Guest Access

  • Turn on /off Guest access in Teams (Org Wide)
  • Manage settings for Guests

SphereShield Governance

AGAT offers through SphereShield unique Advanced governance capabilites for a variety of industries and scenarios

Creation and Ownership

  • Which Groups/Users are allowed to create Teams
  • Which Groups/Users are allowed to create Channels
  • Which Groups/Users are allowed to be Teams Owners

Save your tenant from future problems by establishing who can create teams and channels. Avoid future team/channel clogging.

Adding users (internal and external) and permissions

  • Which Groups/Users are allowed to add users to Teams
  • Which Groups/Users are allowed to add Guests to Teams
  • Which Groups/Users are permited Guest Access to other tenants

A common example is that usually, companies find Guest users in Teams they should not belong to. Not only that but many times a company can have teams dedicated to upper management where middle management employees should not appear.

Regarding Guest access, a common scenario of data leak, is when employees are part of other MS Teams tenants and freely message and share files.

For more information, take a look at these articles:

Microsoft Teams Guests Explained
-How To Prevent Users From Becoming Guests In An External Office 365 Tenant.
Microsoft Teams Dlp Limitations: Controlling Users When Being Guests Outside The Organization.

File Uploading

  • Which Groups/Users are allowed to upload files to OneDrive / SharePoint
  • Which Groups/Users are allowed to upload files to MS Teams

Data is an extremely important, if not the most, valuable asset for any company. The fact that employees can access it and instantly share on collaboration platforms such as MS Teams, should raise a flag to have a system to control it and prevent any undesirable scenario. Also for other regulation (or internal policy) purposes, it may be necessary to restrict file uploading capabilities to a limited amount of users.

Block Joining Anonymously to meetings


For more information on SphereShield Governance capabilities, contact us today. A specialist will happily answer all your request.