Back to blog

Squashing ‘Teams Sprawl’ – How Nova’s Delegation and Policy Controls Empower Admins

Nov 26, 2019 by Natalie Frith

Teams Sprawl - End User Panicking

As more and more organizations continue to adopt Office 365, the adoption and popularity of Microsoft Teams is soaring. Recent numbers revealed by Microsoft report that Teams has hit 20M daily users, a 50% uptick in just four months. A collaborative cloud-based tool that seamlessly enables online meetings, the ability to chat with coworkers, make calls and upload files for sharing, once Teams is introduced it quickly tends to become a highly valuable tool, especially for remote workers and those working on projects together.

What is Teams Sprawl?

‘Teams Sprawl’ is what happens when people are allowed to create Teams on demand, with no oversight or planning—you end up with loads of seldom-used or dead Teams, empty channels, and data scattered all over chats, channels, and Files tabs.

How has the Teams architecture contributed to Teams Sprawl?

As most are aware, when a Team is created, you are creating an Office 365 Group as an object in Azure Active Directory, with an associated SharePoint site where each Team can upload and store data. The major caveat to this architecture is that even if the Team is deleted, the SharePoint site and all the subsequent data stays. Worse still, because many users first think of Teams as a tool for meetings and chat, when they create a new Team to discuss a topic or project, they don’t realize—and shouldn’t have to—what other objects are being created and stored.

Why are some organizations worried about Teams Sprawl?

Multiply a small amount of frustration and lost productivity across the whole organization and you can see the problem, especially given that the Teams search feature is more of a good idea than an actual feature at this point—people will frequently create a new Team to work together on something that already has an existing Team or channel.

Sidenote: Here is a blog post from our CTO Paul Robichaux from Thanksgiving last year, outlining how to maintain Microsoft Teams ‘peace and quiet’ over the holidays. It’s still relevant for 2019 and tackles a common issue for multi-national companies that celebrate different holidays. So, if you’re celebrating Thanksgiving this week, why not give it a read and get (or at least try to get) an uninterrupted break.

Teams Sprawl becomes much more complex when you consider certain scenarios that require confidential means of communication and collaboration. For example, Teams that involve Legal and Human Resource departments, especially during a merger or acquisition. Legal representatives, accounting, and negotiators may need a secured place to discuss and share details of the merger process and even come to final decisions. The need for a private channel to judiciously discuss and hash out issues and details is self-evident. Contracts, financial statements, and other such sensitive documents are most likely shared and uploaded to the associated SharePoint site. When the merger is complete, or the project has ended and the Team deleted, these documents are likely just “hanging out” on SharePoint unmonitored, with administrators unaware, which obviously poses a security risk. A solid governance plan should be implemented from the very inception of an Office 365/Teams adoption since SharePoint is involved. These governance measures are just one way to potentially mitigate the sprawl, secure internal data, and minimize risk.

That being said, Microsoft has muddied the waters even more with the Teams situation, by allowing just anyone to create their own Team by default. Richard Campbell from RunAsRadio poses the question – Is Microsoft unintentionally “creating rebellions” – giving the tools to the people before putting decent governance around them? In 2014 when Office 365 Groups were brand new, the idea was to tie them to SharePoint and get rid of public folders. But since by default anyone can create a Team, the scenario is alarmingly reminiscent of the aforementioned public folder fiasco that started in ‘96, rendering it nearly impossible to prevent an inevitable Teams Sprawl. And in the words of Microsoft MVP Tony Redmond – “we’re still dealing with that mess today.”

Why are some organizations embracing Teams Sprawl?

There is no doubt that Teams can be an extremely efficient and productive collaborative tool, when utilized properly. By enabling users with the capability to reasonably interface with each other to complete projects on time and come to group decisions, the business case for having the Teams tool is a no brainer. And isn’t adoption crucial to return on your IT investment? Adoption growth correlates value to the application, which equates to a successful platform rollout.

Shelly Avery also details some very specific examples where “we have seen where end-users innovated on their own because IT provided them with the right tool in the right way.” Here are just a few of her examples:

  • On-demand training via Teams meetings recording capabilities and MS Stream integration with Teams – reducing over 24 hours of work for 1 user
  • Meetings are automatically transcribed in Teams instead of having admins manually take meeting notes – countless hours of typing eliminates
  • Providing leadership with the ability to connect and engage with their broad team from top to bottom

Plus, if IT doesn’t supply users with the right tools from the get-go, ‘where there is a will there is a way.’ This can leave users to source out non-sanctioned tools to achieve their objectives, which can potentially result in a shadow IT fiasco.

How can administrators prevent and or manage Teams Sprawl?

Built-in Tools and Features

There are several ways to address this concern. At the Ignite conference a couple of weeks ago, Microsoft announced that they will be deploying support for private channels to Office 365. Essentially, a private channel will have restricted access and only be available to a select subset of team members, with its own secure document storage. By creating these private channels, this will hopefully alleviate the need for tenants to create additional outlying Teams.  The deployment is expected to reach all tenants worldwide by the end of November 2019.  Microsoft MVP Tony Redmond also notes that to accommodate the expected growth in sites caused by private channels, Microsoft has increased the maximum number of sites supported by an Office 365 tenant from 500,000 to two million. This is great news moving forward, but how can admins combat and clean up the sprawl that has already happened, is still happening, and can still happen?

Granted, you could just simply turn off the ability for users to create their own Teams. But if you do this, then the people who need to create the Teams must engage the IT department and handling their requests can tie up time and resources better spent on other IT-related tasks. That is unless you have an Office 365 management platform like Nova.

Let’s take a look at how the Quadrotech toolkit can help you sort through the sprawl minutia. First off, you need to identify whether or not you actually have a sprawl. A simple way to determine this is through Nova’s rich reporting capabilities, providing you will a full picture of your O365 environment in a single interface. The reporting engine used in Nova allows more data to be gathered from more places, more quickly; then that data is aggregated and displayed together. You’ll be able to quickly pinpoint an issue such as Teams sprawl, specify the source, and from there take whatever actions are necessary to purge or contain the sprawl.

Once you’ve gone through the steps to corral the initial sprawl problem, how can you prevent it from happening again in the future? There are some native tools with Office 365, albeit very limited. While Azure Active Directory and Office 365 do come with a set of admin roles that can be assigned to users in an organization, features like role-based access and delegation of admin permissions are only available at a very high level. Essentially, the Microsoft mentality behind this either lets “everyone do everything”, or “no one do anything” when it comes to these tools. And don’t you want users to be able to do some things some of the time?

That’s where third-party tools like Nova come in, with its robust Delegation and Policy Controls that efficiently empower admins. Quadrotech’s new Office 365 SaaS management platform, Nova is one of the only ways to have total visibility of the sprawl through the platform’s Delegation and Policy Control (DPC) features. Microsoft MVP Dominik Hoefling has written an independent Technical Review on Nova’s DPC features, and he states that “One of the fundamental components of the platform is Delegation and Policy Control…Organizations can reduce the administrative burden of managing an Office 365 tenant by assigning roles and responsibilities to selected users such as Helpdesk Operators, country-level Administrators, or even to end-users.”

During the initial set up of Nova’s DPC service, you can configure delegated admin permissions for users, tenant groups, and Organization Units so that delegated admins can perform daily administrative tasks within the platform. As an admin, you can configure Authorization Policies for virtually every task. When you configure Authorization Policy Actions, the key part of the process is assigning specific permissions to carry out admin tasks, also known as “actions,” to delegated admins. These actions are daily admin tasks such as creating, setting, changing, disabling, and deleting parameters for mailbox permissions, Office 365 Groups, Shared Mailboxes, and Teams, to name a few. For Groups and Teams, there are also actions available such as “Update Group” and “Add New Channel to Team.” Of course, some actions allow you to delegate the ability to create, manage, and remove Teams, channels, tabs, and Teams applications.

The delegated administration component to Nova is advantageous to organizations of any size, but it is EXTREMELY valuable to organizations with multiple service desks and help-desk departments. Additionally, admins are enabled to see and manage all users within their permissions. Again, it should be noted that this kind of delegation is nonexistent with Azure, Office 365 and Role-Based Access Control.

Lastly, if you inherited a sprawl due to a Merger & Acquisition, Quadrotech also offers a fast, powerful tenant to tenant migration solution called Cloud Commander that can help you eradicate the sprawl during the Teams migration process. Cloud Commander currently offers tenant migrations for Exchange Online, OneDrive for Business, SharePoint Online, and Microsoft Teams data.

For more information around the Nova platform and how it can streamline efficiencies within your organization, please contact us today.

To learn more about the five main pillars of Nova’s capabilities, check out our product brochure here.