With the FIFA World Cup just two weeks away, I thought I’d use it as an opportunity for the perfect Microsoft Teams analogy for getting it right. If you are considering implementing Teams into your organization, you’re probably coming from one of two angles; existing Office365 consumer, or greenfield deployment. Whichever, route you are coming from, the principles for enablement are the same, the challenges are not. Microsoft Teams is becoming the shop window for Office 365 and because it leverages all the benefits of Office 365 and its partnership with Azure features, simply deploying Teams into an organization may turn out to be more complex than you’d originally think. So, I have created my starting 11 that will challenge for the World Cup of Teams Adoption.
Office365 Groups – Goalkeeper
Keeping the own goals out of the net, Office 365 Groups are the foundation of a good Teams technology Team. Without Office 365 Groups, there is no Team. Careful selection of how you manage these groups from the outset can determine whether you’re set up to win or lose in terms of a program success. Before you enable Teams, decide on your Group management strategy, who is going to be in charge of group creation? Everyone, or just a few? Groups surface in Exchange, SharePoint, Yammer and basically anywhere in Office 365, so controlling Group creation sprawl is fundamental to Teams rollout.
Choosing centralized management required Azure AD P1 licence, otherwise anyone can create groups. That’s not saying that domain user group creation is not a valid strategy, that’s adopted by many businesses at the moment and proving successful. However, they have only been successful because of proper planning and awareness training. When choosing which model you are going to enable with, ask yourself the following questions:
- Why do you want to restrict group creation? Is it due to a business requirement? Or is it an administration worry?
- What do you hope managed group creation will achieve and does this actually hinder what the business is trying to achieve by rolling out Teams?
- Who is going to manage the approved creators group? Will that person be notified by standard business process when a creator leaves?
- How does your decision here affect what is currently rolled out to SharePoint, Exchange, Yammer etc?
Choosing the correct strategy here is fundamental to more than just Teams, but your user’s entire Office 365 experience.
Compliance – Defender
This has never been more prevalent with the introduction of GDPR in Europe, businesses can no longer bury their head in the sand, they are now accountable for data governance. Teams promotes collaboration where data is shared, stored and more accessible than ever before. Add in the implications of Guest Access and whether they should be able to access the same information held in Team documents means that the compliance requirements are that much more important. Consider your compliance story, GDPR almost mandates that Azure Information Protection and Rights Management is deployed and data is properly classified and restricted. In addition, retention of sensitive data needs to be designed and configured. Its not necessarily mandatory before you roll out Teams, but it is fundamental to the Teams substrate and legislation.
Identity Management – Defender
Again, underpinning Teams enablement, we have Azure AD and identity management with single sign on or same sign on, self service password reset etc. A fundamental basic to all Office 365, how are your users going to authenticate with Office 365 and what that experience is going to look like for the user. Getting this right from the outset means a consistent sign in experience for your users. Are you going to use Azure AD for authentication, or are you going to use on-premises ADFS?
Mobility – Defender
The cloud enables us to access information at our fingertips, on demand from anywhere on pretty much any modern device with a strong enough signal. What apps are you going to support on them? Just Teams? Or OneDrive, Outlook, Office etc.? and how are you going to manage them? Using MDM and MAM built in to Office 365 with the Intune and mobile app management policies users can be given access to mobile apps to boost productivity, while the business maintains control of its data, by enforcing device wiping technology to any compromised mobile device, BYOD or company supplied.
Security – Defender
Completing the defence line up is Office 365 Security. Here you need to consider how you are going to protect access to your services and data. Using Office 365 services such as multi-factor authentication protects unauthorized sign-ins, this can be backed up with Azure AD conditional access which can provide a more granular policy on how access is granted, for instance, require MFA for sign-ins external to your network, or outside your country. It also provides intelligence into where sign ins are sourcing from, for instance, if a user signed into Office 365 from a UK IP address at 2pm and then signed in from a Australian IP address at 4pm, it probably isn’t the same person, so additional authentication challenges can be enforced on the Australian sign in attempt.
In addition to sign in protection, Office 365 provides a Secure Score where your tenant is assessed in accordance to Microsoft secure recommendations. Here you can use the information as proactive action to securing the transit of your data out of your tenant by applying rules that prevent documents or email body contents that contain sensitive data from being sent to email addresses outside your organization, or at all if needs be.
Advanced Threat Protection from Azure can also report on vulnerabilities found within your on-premises and device infrastructure. Cloud App Security can be used to show where data has potentially crossed boundaries between Office 365 and other cloud apps such as drop box, Google Drive etc. Again, as Teams uses Office 365 applications, ensuring data and identity security is paramount to Teams success.
OneDrive – Midfield
OneDrive for Business is critical to file sharing in Teams from a Peer to Peer perspective and sharing content within a meeting. Without OD4B, Teams functionality is reduced. When a user shares a file, its uploaded to their OD4B and shared out to the participant. OneDrive sharing policies restrict who this can be shared with, so If your OD4B implementation restricts sharing to only internal people, then when you try and share with a federated user, it’s not going to work. Data in OneDrive will also be classified and protected by the Compliance strategy put in place. Is the business ready for OneDrive at the same time as Teams? It needs to be.
Exchange Online – Midfield
Exchange Online is required for calendaring and scheduling meetings. Without a mailbox the user is not able to schedule private meetings in Teams. Exchange Server 2016 CU3+ on-premises will work for this if the user is homed on-premises. Exchange Online is also required for legal hold, retention and full ediscovery capabilities. Is the business ready for this?
Skype for Business Online – Midfield
We know that SfBO is on death row. However, SfBO as a service is still present in Teams and controls all audio, video and conferencing capabilities. Currently until Teams reaches complete parity with traditional SfBO, you may still require the configuration of SfBO to meet some UC workloads. Teams is still dependent on SfBO for some workloads, such as common area phones, meeting room devices, 3PIP phones and interoperability. Skype for Business Server cannot be used in conjunction with Teams as a joined up service.
SharePoint Online – Midfield
Central to the entire collaboration element of Teams SharePoint Online is a mandatory requirement. SharePoint on-premises is not supported. Although Team sharepoint sites are created upon Team creation there may be some considerations that the business needs to understand, especially about the type of data, who will have access and the potential leakage points. These will be protected by Security and Compliance if properly deployed, but businesses may want to migrate data into a Team SharePoint site after creation, or they may want files to be organically produced. Either way, what is required by the business?
Apps – Midfield
Apps, today everything is about Apps and Bots. You have a problem? There is an app for that. You want to know the answer to a question? There is a bot for that. If it takes 2 or more Apps to do what you want, and then need to tie them all together, there is a flow for that. Need to ingest data into a Team from an external source like social media, there is a connector for that. And so on. Teams has an array of apps and bots that can be used to enhance a Teams capability. If there isn’t an app or a bot for what you want to achieve, then build one for free and use Azure to host it. Apps make Teams extensible and far more interesting and exciting. However, having access to all these apps and bots seems great, but exactly what does the business need them for? What problem or business process are you trying to solve for a specific Team? You need to understand BPM in order to design why a particular app should be used in a Team and why you need a Flow to complete a business logic. How do you teach a business unit, or team with that BU to use these apps and flows to the fullest potential? Do you allow apps at all? Are there any compliance implications for using a particular app or not? Does it introduce data risk?
However you feel about apps, they will be fundamental to a Teams productivity and BPM, the issue is discovering what the implications are for the business and how you drive the correct use into a Team within the business. Do you set up weekly lab sessions where users can come and tell you their problems they’d like solving and lab out scenarios using apps, flows, connectors etc.? as one idea for example.
Teams – Striker
Teams is the 100 million dollar striker, the one that is going to score all the goals and win the adoption world cup for your business. Teams is the one that puts the ball in the back of the net and enables you to bask in the glory of victory and maybe a bonus or two as a result? However, Teams will only ever be what you expect for $100m striker if you build a team around it. This team is what we have spoken about in this post, all the services of Office 365 properly designed and implemented with a focus that Teams will be the play maker, the one that always gets printed on posters or tattooed onto someone’s back during a drunken stag do. In reality Teams is the poster-boy or girl, but the real heroes in the Team are the other 10 players supporting it and the management of that Team as well. Get that right and Teams will be a success.
So, there we are, that is my Teams World Cup squad, my top 11 picks that I will put against any opposition. A bit of light hearted relevant analogy but the point I am making is pertinent to a success deployment of Teams within any organization. Make sure you lay proper foundations for Teams to build on top of. If you don’t, it may become harder to retro-fix issues as a result.