What areas should be addressed in Office 365 Governance Plans?

I have previously written some articles on how to manage governance in Office 365. Many people have read these articles and contacted me to get to know more about the subject. I have previously described how to use Microsoft Teams as a tool for Office 365 Governance, but I have not previously mentioned so much about the governance plans that are more or less the heart of the concept.

The general confusion

confusion-311388_1280

When you ask someone about what governance is, you always get different answers. If, as a consultant, you get a assignment from a customer and the assignment is to implement governance for office 365,  it is therefore appropriate to first clarify what the client and I mean by governance so that we make sure that we mean the same thing. Some say it is about technical documentation, some think it is just about security, others think it is about how to provision/roll out solutions and services.
There is no given answer for what Office 365 Governance is and how it should be handled. The answer almost always becomes (like so many other times) “It Depends”.

 

My definition

definition-390785_1920
My personal definition of Governance is to have a holistic perspective to identify, manage and have good control over the services you use. If you are about to get started with governance for Office 365, it is important not to overdo it from the beginning. It is important to start with what is most important and not least to take control of what you are required to have control over. Once you have got the most important and basic in place, you can expand the scope and level of detail gradually.

 

How to get started

running-498257_1920

To map an organization’s current situation, requirements and goals, you need an overview of what it is that needs to be mapped. I therefore developed a comprehensive manuscript that I would use in my work meetings. This manuscript contains all the questions I need answers to in order to provide good advice and the input I need to be able to document the areas in the Governance Plans. Governance plans (service documentation) are central. It is in these that one can, when needed / inquired, quickly find the facts. Therefore, it is also important that they do not become too extensive but are short and concise so that you can easily find what you are looking for and that they not only remain lying, but that someone is unable to update them as services, requirements, needs and settings change.

 

Which areas should you focus on?

lens-1209823_1920 (1)

There are not many templates on complete governance plans available online. I have therefore compiled a list below of the areas / points I always go through with the companies I help. Based on these points that provide suggestions on content in the overall governance plan as well as a governance plan for a service (e.g. Microsoft Teams), you can build your own meeting manuscript and Governance plans.

Start from these points and build your own reasoning and order on the questions so that you get a good flow in the meetings. Build the governance plans with an introductory description per point and then document the answers clearly

 

Superior Office 365 governance plan

(common and superior to all the services of the organization’s Tenant)

  • Office 365 values and benefits
  • Ownership
  • Interaction Rules and Digital Wizard
  • Updates change management
  • Basic overview of the services used
  • Licenses
  • Control of access to the services
  • Security and management
  • Risk-and vulnerability analysis
  • DPIA
  • Device Management
  • Securing Devices
  • Software Management
  • User Management
  • Securing users and administrators
  • Service Access Management
  • Securing Information
  • Confidentiality, integrity and accessibility
  • Compliance
  • Responsibility
  • Routines
  • Training and User Adoption
  • Support

 

Governance plan

(One for each Service in Office 365)

  • Purpose / business value
  • Ownership, roles and responsibilities
  • Provisioning
  • Access Control
  • Sharing
  • Confidentiality, integrity and accessibility
  • Retention, Storage and deletion
  • Archiving
  • Monitoring and Alerts
  • Backup and restore
  • Reporting
  • Regular reviews

 

Hope this post can be of benefit to you and good luck with your work with Office 365 Governance.

If you think this lists should be changed or supplemented with other areas or if you have any comments on my working method or the technical solution, please feel free to contact me with direct message on Twitter or LinkedIn.contact-us-2993000_1920

Best Regards, Magnus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.