Series
From chaos to control: mastering the art of orphaned teams cleanup and prevention
1: Introducing orphaned teams
2: Strategies for managing orphaned teams (you are reading this article)
Strategies for managing orphaned teams
In the first half of this two-part series (Introducing Orphaned Teams), we looked at how teams become orphaned, and we explored the information security and compliance risks they pose. It remains necessary to understand the options for dealing with the orphaned teams that might exist in your organisation.
To effectively avoid the creation of orphaned teams and other security risks, organizations must adopt a comprehensive information security management strategy. Stakeholders must facilitate a culture of accountability and governance that permeates all levels of the organization. By doing so, they ensure that the management of teams is not only a technical matter but also a business priority that is integral to the organization's information security risk management strategy and compliance efforts.
Reducing the risk of creating orphaned teams
For teams with a sole owner, Microsoft proactively safeguards against orphaned teams by preventing demotion of the sole owner to Member status, restricting their ability to leave the team until a new owner is designated, as well as disabling the owner removal option within the Teams Admin portal. However, in a broader sense, your organization should establish comprehensive policies and procedures that should encompass preventive strategies to significantly reduce the likelihood of forming orphaned teams. This will require implementation of procedures to monitor team membership; leveraging automation to facilitate continuous monitoring of the Microsoft Teams environment. This enables the dynamic reassignment of ownership, deletion, and archiving of teams as needed, ensuring a well-organized Microsoft Teams environment.
Here are several policies and procedures that can help your organisation reduce the risk of creating orphaned teams:
- Multiple ownership policy: Organizations should mandate that every team has a minimum of two owners. This dual-ownership model ensures that if one owner leaves the company or changes roles, the team still has a designated manager whilst searching for a replacement owner.
- Regular access reviews: Owners should regularly review the ownership and membership of teams. This allows them to effectively oversee and manage who has access to their teams, allowing them to reflect changes in their teams for members that have left, changed roles or no longer require access to their teams.
- Regular activity audits: Implement routine scans of teams to monitor ownership and activity levels. Activity indicators such as the frequency of posts, meetings, file uploads, and member engagement can indicate a team's health. Teams that show a decline in these indicators could trigger a review to assess if they are at risk of becoming orphaned, or dormant and abandoned for that matter. These reviews should be periodically triggered across all teams in the organisation.
- Automated alerts and workflows: Use of automated monitoring tools to generate alerts and notifications when a Team falls below the minimum ownership or activity thresholds. These alerts and notifications can initiate workflows for IT or governance teams to take corrective action, such as prompting existing members for ownership or starting the archival process.
- Ownership succession planning: encourage teams to have succession plans for owners. This can involve periodic reviews of team roles and responsibilities, and a clear process for transitioning ownership when team members are offboarded or change roles within the organization.
By utilizing these policies and procedures, organizations can effectively monitor and manage their Microsoft Teams environments, reducing the risks associated with orphaned teams and ensuring a more secure and efficient collaborative space. These policies and procedures ensure that orphaned teams, teams that are no longer needed, and teams that are at risk of becoming orphaned are quickly identified and corrective actions taken.
Cleanup strategies for orphaned teams
When it comes to cleaning up orphaned teams in Microsoft Teams, it is essential to have a clear and systematic approach. The cleanup process should be careful to preserve important data and knowledge, while removing clutter and potential security risks. Here are several strategies along with steps for their implementation:
Monitoring and preventing orphaned teams
Regular activity audits and cleanup cycles
An organization can set up a routine cleanup cycle, such as monthly, quarterly, or biannually, to review and manage Microsoft Teams, tailored to its size and dynamics. The cleanup process involves scheduled meetings between IT and compliance teams to assess the status of teams, using reports and dashboards from the Microsoft Teams admin center to spot inactive or orphaned teams. Based on the review, each team can be archived, deleted, assigned a new owner, or have an active member promoted.
Teams that are at risk of becoming ownerless
Promoting team members as owners:
Team owners can assign additional owners to help manage the team effectively. These owners can be assigned by adding new team members, or by promoting existing team members.
Follow these steps to designate a new owner within the Teams app from existing team members:
- Open the Team: Launch the Teams app and navigate to the team that requires a new owner.
- Access team options: Click on the ellipsis (…) next to the team’s name.
- Access team settings: Go to the team’s settings by selecting "Manage team".
- Modify member roles: Go to the “Members” tab, and in the "Members and guests" section, locate the member you wish to promote.
- Change member role: Click on the member’s current role and change it from “Member” to “Owner”.
These steps will ensure the designated member is successfully promoted to an owner, enhancing team management, compliance and continuity.
Adding new team owners:
Team owners can also alternatively follow these steps to designate a new owner within the Teams app by adding new members:
- Open the team: Launch the Teams app and navigate to the team that requires a new owner.
- Access team options: Click on the ellipsis (…) next to the team’s name.
- Access team settings: Go to the team’s settings by selecting "Manage team".
- Add members: Go to the “Members” tab and select the "Add members" option.
- Select members to add: Use the filter to locate the member you wish to add and set their role from “Member” to “Owner”.
Teams that are no longer needed
Deleting a team
When a team is no longer needed, and its content is not required for future reference, it can be deleted. When you delete a team, team activity in standard and private channels (and associated site collections), files, and chats are also deleted.
Team owners can follow these steps to permanently delete a team within the Teams application:
- Navigate to the team: Open the Teams application and go to the team you wish to delete.
- Access team options: Click on the ellipsis (…) next to the team’s name.
- Delete the team: Select “Delete team” to remove it permanently.
- Confirm deletion: Confirm that you want to permanently delete the team.
These steps will help you ensure the team is removed safely and efficiently from Microsoft Teams.
Archiving a team (administrators need to do this)
When a team is no longer needed for active use, but its contents are required for future reference, it can be archived. When you archive a team, all activity for that team ceases. Archiving a team also archives private channels in the team and their associated site collections. However, you can still add or remove members and update roles and you can still view all the team activity in standard and private channels, files, and chats.
Follow these steps to archive a team within the Teams admin center:
- Access the admin center: Go to the Microsoft Teams admin center at https://admin.teams.microsoft.com/teams/manage.
- Select a team: Click on the name of the team you want to archive.
- Initiate archiving: Choose "Archive". A confirmation message will appear to verify your action.
- Set SharePoint to read-only: To prevent team members from editing the content in the SharePoint site. and Wiki tab associated with the team, check the option "Make the SharePoint site read-only for team members".
These steps ensure the team is archived effectively, securing its content from further modifications while keeping it accessible for reference.
Team expiration and renewal
Microsoft Teams allows teams to have an expiration date. This is useful for teams that are created for short-term collaboration. For example, a team created to oversee an office migration that is expected to conclude within a couple of weeks. Microsoft 365 group expiration policy can be used to automatically clean up unused teams. Team owners receive a notification for team renewal 30 days, 15 days and 1 day before the team's expiration date. Upon expiration, the group is "soft-deleted" and almost all of its associated services (the mailbox, Planner, SharePoint site, team, etc.) are also deleted, whilst remaining recoverable for up to 30 days.
Teams that are ownerless (administrators need to do this)
Assigning team owners
Teams without active ownership should have new owners assigned who can manage the team moving forward. In Microsoft Teams, if a team ends up without any owners, typically only someone with higher administrative privileges can manage the team ownership. This role is generally filled by a Global Administrator or Teams Administrator or someone with equivalent rights within the organization's IT department.
- Access the admin center: Go to the Microsoft Teams admin center at https://admin.teams.microsoft.com/teams/manage.
- Select a team: Click on the name of the team you want to manage to navigate to the details page for the team.
- Add owners: Choose "Add owners" to begin the wizard for adding the desired owners for this team
- Additional actions: From this details page it is also possible to delete, archive, and add members to the team
By implementing these cleanup strategies, organizations can maintain a more organized, efficient, and secure Microsoft Teams environment.
Conclusion
These strategies should be part of a broader Microsoft Teams governance plan that is communicated clearly to all team members and integrated into the organization's regular operational processes. This involves enforcing multiple and minimum ownership requirements, conducting regular performance scans, and establishing clear ownership succession plans.
While Microsoft Teams provides some useful features and tools, access to Microsoft 365 administrative portals is often restricted, and many users would not be able to easily navigate through all the options or understand the implications of all the available choices. By adopting self-service governance and compliance tools such as EasyLife 365 Collaboration; organisations can provide end users with a set of simple, purpose-built, intuitive tools to manage the lifecycles of their mail resources and ensure compliance with organisational policies. Going beyond the standard features provided by Microsoft, EasyLife 365 Collaboration provides numerous innovative policy controls that can be configured and applied to all resources.
Moreover, the integration of automated governance and compliance tools, such as EasyLife 365 Collaboration, can significantly streamline implementation of both, preventive and corrective strategies. EasyLife 365 Collaboration can automate the oversight process, ensuring that teams are consistently monitored and managed according to best practices. Such automation not only minimizes the risks associated with orphaned Teams but also enhances overall efficiency, allowing organizations to maintain a secure, compliant, and organized collaborative environment.