Perhaps the least sexy part of Microsoft Teams is the creation and management of policies.
Nobody talks about them and lots of businesses make them up as they go along.
While this might be okay in small businesses, if you’ve got users in the hundreds or thousands, a lack of Teams policy strategy can cause countless changes, duplicated work, and incorrect access.
In this blog post, we introduce 10 Microsoft Teams policy best practices so you can take them and make them your own. While we appreciate every business is different, the basics apply to everyone.
What are Microsoft Teams policies?
Microsoft Teams policies are control mechanisms that enable which settings, features, teams, and channels are available to users and groups.
For example, one set of users may be allowed to create private channels but not shared channels. If your governance policy dictates that HR should only have access to employees and not contractors, you’d need to toggle off the Create shared channels policy.
By default, the following Teams policies are turned on:
- Manage a Project
- Manage an Event
- Onboard Employees
- Adopt Office 365
- Organize Help Desk
- Incident Response
- Crisis Communications
- Manage a Store
- Bank Branch
- Patient Care
- Quality and Safety
- Retail for Managers
If you don’t wish to grant certain users access to all these (or the additional policies that aren’t turned on by default), you need to make changes manually in the Teams Admin Center.
How do you apply Teams policies?
To apply Teams policies, you need access the Teams Admin Center (TAC). Here, you can search for group policies and make changes or open a user account and enable/disable certain policies.
Once logged in, make sure you choose Teams then Teams policies. You can then choose the global policy for all users or start creating custom policies to apply to specific users.
If you choose not to create a custom policy, all users will get the global policy by default.
When making changes to Team policies, Microsoft warns that changes can take up to 24 hours to take effect.
To create a custom Teams policy, choose Add in the Teams policies section:
Give it a name, a description, and choose the type of channel permissions you wish users with this policy to have. When you’re done, make sure you click Save.
Aside from these basic policy settings, you can choose from a wide range of policies and permissions to grant a user (or group of users).
These are grouped by Microsoft as follows:
|A policy package in Microsoft Teams is a collection of predefined policies and settings you can assign to users who have similar roles in your organization.
|A meeting policy is used to control the features that are available to meeting participants for meetings scheduled by users in your organization. Meeting policies include the following topics.
– Audio and video policies
– Content and screen sharing policies
– Participants, guests, and access policies
– General policies
|Voice and calling policies
|Voice and calling policies manage these settings through teams such as emergency calling, call routing, and caller ID.
|App policies are used to control applications in Microsoft Teams. Admins can allow or block which apps users can install, pin applications to a user’s Teams app bar, and install application on behalf of your users.
|Messaging policies control chat and channel feature availability.
Within each of these policy packages, you get access to itemized policies like:
- App Setup
- Audio Conferencing
- Call Hold
- Call Park
- Compliance Recording
- Emergency Calling
- Emergency Call Routing
- Enhanced Encryption
- IP Phone
- Meeting Broadcast
- Room Video Tele Conferencing
- Survivable Branch Appliance
- Video Interop Service
- Voice Applications
- Meeting Branding
- Dial Plan
Assigning a policy to a user or multiple users
When you have created a custom policy, you can assign it to a user or group of users.
Again, in the TAC, you can choose Users then Manage users then click on your chosen user or users (using the checkboxes on the left-hand side).
Once you have selected everyone to edit, hit Edit Settings in the top left-hand corner, then select the policy you wish to change.
Select the policy from the drop-down list, using the name you created previously.
Assigning Teams policies to groups
If you have pre-configured a Microsoft 365 group, a security group, or a distribution list, you can assign policies to these instead of finding individual users.
Microsoft recommends using this type of policy assignment for groups of 50,000 or more when a blanket restriction needs to be applied, for example.
Unlike user policy assignments, group policies are applied immediately.
10 Microsoft Teams policy best practices
When you’re creating and managing policies in Microsoft Teams, make sure you’re abiding by these best practices.
1 – Naming conventions
Consistent naming conventions are key for training, knowledge, and consistency of application.
Consistency = quicker understanding and faster administration.
It starts with making sure your policy names are humanly understandable and meaningful to other admins. This means everyone can understand what each policy is for without having to consult documentation to discover the meaning.
For example, avoid using DX1A_MRP_NC (which might make sense in your head) and instead use No_Recording_Rooms_Grimsby.
Notice the underscores? They’re there for a reason.
It pays off in the long run to avoid using hyphens and instead use underscores to break words up.
When applying policies by PowerShell, they are easier to implement. If you forget to quote the policy name, PowerShell won’t treat it as a PowerShell command like it would with a hyphen.
For better compatibility with poorly created scripts, hyphens are your new best friend.
2 – Set your global defaults
By default, all features (except for ones that require Teams Premium) are on in Microsoft Teams. If you don’t want this to be the case, choose your minimum experience for any licensed user and modify the global policies in each policy category to meet your desired minimum.
Setting a new global policy will remove the bulk of your changes needed over time.
This way, even if they aren’t assigned a phone number, they can still call emergency services.
3 – Create policies based on business need rather than department need
They say personalization is the key to success. Not so much when it comes to Teams policies.
if you create policies targeted towards a department or job title, you’ll create more admin workload that is unnecessarily complicated to deploy. Instead of creating “Sales Meeting Policy”, look at the features objectively as to the purpose of the policy.
For instance, if it is to force record all meetings on meeting start, this could be reusable across departments. There’s no need to have a “force_record_meeting_sales” policy when the policy can be “force_record”.
Creating policies based on features and use cases means they are reusable across your business. In turn, this means fewer policies containing the same feature sets to manage.
4 – Use the description field
Use the description field to annotate the policy and its intended purpose. This is a free text entry attribute where you can explain in human language what the purpose is, who the policy is for, who to assign it to, etc.
When used correctly, it’s a great mini documentation tool that is available in PowerShell and the TAC. When you have a great description, you reduce time referencing other documentation and speed up provisioning tasks.
5 – Take regular backups
Exporting policies to JSON or XML using Get-Cs[policy] | Export-CliXML will take a backup of the policy object. If something happens and you don’t know what has changed, you can import from the XML file directly.
Policies don’t typically change often, so do this once every three to six months as a maintenance task.
6 – Update your documentation
Whenever you change or add a policy, make it procedure to update your internal documentation and share that a change has been made. Your support team must know why a policy has been changed or applied so they are armed with the rationale if a ticket comes in.
If you’ve created a new policy that needs to be applied as a matter of course for a certain cohort, then those making the changes need to be aware of this. Otherwise, they’re going to be applying outdated policies that could mean you’re not compliant with a certain security certification or they’re getting the incorrect Teams experience compared to the one the business has designed for them.
7 – Document policy changes
When you’ve made a change to a policy, as well as updating your documentation, make sure you create a change request and log that the policy has been updated. For bonus points, and for the sake of everyone else who may access this documentation, include the reason for the change too.
This ensures future challenges as to what and why things have changed are found easily.
8 – Don’t create policies for policy’s sake
Step back and survey your experience objectives and the different layers of user needs within your business, not just at the department level.
Look for commonalities across business functions and then design your policy sets. This way, you get fewer policies for maximum effectiveness. The more granular you are, the more expensive your Teams admin tasks become (in terms of time spent, resources used, and potential errors made).
Sometimes, a user having access to a feature is less of a business risk than taking the feature away from them.
9 – Create early adopter/test policies
You may have seen the What’s New in Microsoft Teams update articles. There are monthly feature releases and sometimes new policy controls even more frequently.
Before rolling them out to your users, evaluate the features with test policies targeting early adopters. With that knowledge, decide which setting to apply to which policy targeting which cohort.
The alternative is rolling out new, untested policies that may cause a headache and a ton of support tickets.
10 – Create new policy versions rather than updating existing ones
When dealing with large policy changes that contain more than one feature change, it’s best to create a new policy and leave the old one untouched.
This way, you can migrate users to the new policy version as needed, but also give you an easy way to recover from an error.
Using the Orto policy migration tool, you can create a new policy and migrate all users matching that user persona from one to another in a single click.
This removes the chance of leaving one important setting behind when changing multiple items in a policy. If you do make a mistake, you can revert using the same Migrate button.
Follow these Microsoft Teams policy best practices for a happier life
When it comes to Teams administration, a well-oiled, well-documented, well-named support function is a happy support function.
Everyone knows what’s been changed, why policies have been created, and when it all happened.
If you’re tasked with policy management in your business, send these 10 best practices to your team so you can start working together instead of in the dark.