Microsoft Teams is one of the key collaboration platforms rolled out in O365 and is extensively in demand and adopted across multiple enterprises & organizations as an intelligent communications platform. The capability is so vast that Microsoft Teams going forward will become the single client experience and will be incorporating Skype for Business capabilities as well in a phased-in manner.
In this series of articles that I plan to author about Microsoft Teams to start with, my primary goal is NOT to discuss about the key capabilities in Microsoft Teams (which is already available & highlighted across the various Microsoft knowledge bases) but to highlight certain key considerations to be kept in mind if your organization is planning to roll out Microsoft Teams as a strategy, specifically from a Governance point of view in relation to a specific capability within Microsoft Teams.
Also, it is good to understand that Microsoft Teams is a capability that has an impact across various other O365 workloads like Azure AD, Exchange Online, SharePoint Online, One-Drive, Planner etc. and good Governance should address the changes that will happen across all these key workloads of O365.
Some of the Governance related questions that come to my mind are as below – and there are much more which I plan to consolidate and provide various articles about.
- While creating a Team, an O365 Group is created in Azure AD. Does your Organization need to follow any specific Governance on the naming convention for this?
- If there is a Team created with a specific name (Say HR Team) and there was already a team created with the same name, you end up with Two MS Teams with the same name and two O365 Groups with the same name. Do you wish to control this behavior?
- Do you wish to control the Information Architecture of your SharePoint Site Collections created as a result of creating Microsoft Teams?
- Have you enabled external users in your Azure AD and Teams? What if the Teams are to be deleted, and you want to remove these external guest users from Azure AD?
- Do you wish to allow External Apps & Bots in Microsoft Teams?
- Do you wish to allow Default Apps in Microsoft Teams?
- Do you want to expose creation of Teams to end users or do you wish to control the creation of Teams using a provisioning mechanism?
Governance is a key aspect of any capability that is planned to be deployed within an organization. Governance defined not only ensures that the specific platform adheres to various organizational policies and guidelines, but at the same time also addresses the risks and mitigations that needs to be addressed and prepared for before rolling out as well as maintaining the application as a part of the regular operations.
I will be primarily highlighting certain Key governance aspects and related technicalities to be kept in mind which you need to be prepared for. These are of course tied to specific features of Microsoft Teams and to start with, I will be discussing Microsoft Teams & Bots and how this capability impacts your Governance aspects.
As you might be aware, Microsoft Teams allows the end users to Chat with a specific Bot within your organization. If your Organization has decided to support Bots within Microsoft Teams, the end users can initiate a Chat conversation with the Bot as below. Also note that Microsoft Teams supports all the bots developed utilizing the Microsoft Bots framework SDK.
- Chat in this case is initiated with a Q&A Bot rolled out within the Organization.
As a note, I would be releasing another article shortly which talks about various Bots, Patterns etc. which is definitely an interesting area to explore. For now, I am assuming that you already have plans to support Bots within Microsoft Teams in your Organization and you already have Business & various teams working on developing custom Bots. Going forward, since Microsoft Teams will be your primary communications channel definitely it is a good idea to support Bots within Microsoft Teams but at the same time, it will be good to understand how this can impact your Governance.
So, now the question is “How do you enable Bots within Teams and what are the implications? “
For now, all the Administration related settings for Microsoft Teams are managed within the O365 Admin Center -> Settings->Services & Add-Ins.
Note that, very shortly this setting will be moved to another location; however the settings as such I presume will remain the same. The Apps section in this area is the primary focus which targets the support for Bots within Microsoft Teams.
Now let us examine various settings available here and the resulting implications for Governance.
Default Apps
These primarily I see as apps which are Microsoft Specific. If you have a specific consideration they need to be controlled, they can be selectively unchecked. However, this section provides you enough flexibility to choose what you want to support going forward in Teams and what you don’t want to. Based on your selection they are available for end users for search and installation within specific Channels. By default, the setting to add and remove apps is turned on for Members within the Team. This can be managed from within the specific Teams settings, in case you want Members to be prevented from adding these apps. This section though doesn’t control anything for Bots.
The next 2 settings are the key which controls the behavior of External Apps & Bots within Microsoft Teams.
Scenario 1
Allow External Apps in Microsoft Teams
With this setting only turned on, it provides you the opportunity to select specific third-party external apps which you want to control and expose within Microsoft Teams. Note that only turning on this setting allows end users to search for a specific Bot within your organization and make it available within the Teams interface. If not enabled, the Bots will not be searchable and retrievable within Teams.
At this point, you would also investigate if you really want to enable these third-party applications (or any specific ones only) since there will be Cost, Security, Maintainability issues etc. that need to be considered to arrive at the proper ones to be made available.
Note that at this point of time, the Bots are only available within Teams as a result of search but they are still in an In-active mode to interact with from the Chat window.
![Microsoft Teams]()
As you can see that the specific Bot is disabled for any interactions from the Chat window in Teams.
Scenario 2
Allow sideloading of external apps
This specific setting turned on with the above setting is the optimal setting which I could observe to make the Bots work in Microsoft Teams. In this situation, the Bots are available in Teams as well as enabled for interaction.
However, one of the issues of having enabled both these settings is that at this point in time, you don't have control to selectively enable External Apps in teams. In this situation, all the external apps are available to be searchable and can be added to the Teams & Channels. This I believe is a very big issue which impacts Governance, because on one side you need the Bots to be enabled and functional but on the other hand you don't have control to disable the 3rd party external apps (Selectively / All).
Scenario 3
Also, it is good to note that in a situation below as well the Bots are non-functional even though the external apps are non-discoverable and inactive.
Conclusion
Based on the above situations I believe that I have been able to provide you enough insights on the Optimal Setting that is required to enable Bots within your Microsoft Teams platform. But, Scenario 2 being optimal, you are also compromising on the external third-party apps which are now available to be searchable and installable within Teams without any control to either disable them all or selectively disable. This from a Governance point of view is a serious issue to be addressed.
One of the possible solutions I can think of is to disable the specific setting within the Microsoft Teams itself which by default is always on.
Note that this, however, can only be done after the Team has been created either during the provisioning process (if you plan to follow a customized provisioning process) or post creation of the team by the Team Owners as a part of their training and mandatory compliance they are supposed to follow.