MS-700 Managing Microsoft Teams Objective 1.3: Plan and Implement Governance for Teams
MS-700 Exam Focus: This objective covers the comprehensive governance framework for Microsoft Teams. Understanding lifecycle management, policy configuration, and administrative controls is essential for maintaining organized, secure, and compliant Teams environments. Master these concepts for both exam success and real-world Teams governance administration.
Introduction to Teams Governance
Microsoft Teams governance encompasses the policies, procedures, and controls that ensure Teams environments remain organized, secure, and aligned with organizational objectives. Effective governance is crucial for managing the lifecycle of teams, controlling content storage, implementing policies, and maintaining administrative control over the Teams ecosystem. This governance framework works closely with security and compliance settings to create a comprehensive management approach.
Teams governance involves multiple interconnected components:
- Lifecycle Management: Controlling the creation, maintenance, and retirement of teams
- Content Governance: Managing where and how Teams content is stored and accessed
- Policy Management: Implementing and enforcing organizational policies
- Access Control: Managing user and group permissions and access
- Administrative Operations: Performing maintenance and troubleshooting tasks
- Automation and Integration: Using PowerShell and Microsoft Graph for management
Identify Licensing Requirements for Lifecycle Management of Teams
Teams lifecycle management features are distributed across different Microsoft 365 license tiers. Understanding licensing requirements is essential for planning governance implementation and ensuring access to necessary lifecycle management capabilities.
Lifecycle Management License Requirements
Different aspects of Teams lifecycle management require specific license levels, with advanced features typically requiring higher-tier licenses.
Lifecycle Management Features by License:
- Basic Team Management: Available in all Microsoft 365 plans
- Policy Packages: Requires Microsoft 365 E3 or higher
- Advanced Group Management: Requires Microsoft 365 E3 or higher
- Access Reviews: Requires Microsoft 365 E5 or Azure AD Premium P2
- Advanced PowerShell/Graph: Available with appropriate admin licenses
- Audit and Compliance: Requires Microsoft 365 E3 or higher
Microsoft 365 Group Licensing
Since Teams are built on Microsoft 365 Groups, understanding Group licensing is essential for Teams lifecycle management.
| Feature | Business Standard | E3 | E5 |
|---|---|---|---|
| Group Creation | ✓ | ✓ | ✓ |
| Expiration Policies | ✗ | ✓ | ✓ |
| Naming Policies | ✗ | ✓ | ✓ |
| Access Reviews | ✗ | ✗ | ✓ |
| Advanced Analytics | ✗ | Limited | ✓ |
Identify Where Teams Stores Content
Understanding where Teams stores content is crucial for governance, compliance, and data management. Teams content is distributed across multiple Microsoft 365 services, each with specific storage characteristics and management requirements.
Teams Content Storage Architecture
Teams content is stored across various Microsoft 365 services, with different types of content stored in different locations.
Teams Content Storage Locations:
- SharePoint Online: Files, documents, and shared content
- Exchange Online: Chat messages, meeting recordings, and email integration
- OneDrive for Business: Personal files and private content
- Stream: Meeting recordings and video content
- Azure Blob Storage: Media files and large attachments
- Microsoft Graph: Metadata and configuration information
Content Type Storage Mapping
Different types of Teams content are stored in specific locations, each with unique characteristics and management requirements.
Content Storage by Type:
- Channel Messages: Stored in Exchange Online as group conversations
- Private Chat Messages: Stored in Exchange Online as individual mailboxes
- Files and Documents: Stored in SharePoint Online document libraries
- Meeting Recordings: Stored in Stream (or OneDrive/SharePoint for new recordings)
- Wiki Content: Stored in SharePoint Online as wiki pages
- App Data: Stored according to third-party app configurations
- Meeting Transcripts: Stored in Exchange Online
- Call History: Stored in Exchange Online
Storage Implications for Governance
Understanding content storage locations is essential for implementing effective governance policies and compliance measures.
Governance Considerations:
- Retention Policies: Must be applied across all storage locations
- Backup and Recovery: Requires coordination across multiple services
- Compliance Monitoring: Must monitor all content storage locations
- Data Loss Prevention: Policies must cover all storage types
- Access Control: Permissions must be managed across all services
- Audit and Reporting: Must aggregate data from multiple sources
Plan and Manage Update Policies
Update policies in Teams control how and when Teams clients receive updates. Proper update policy management ensures consistent user experiences while maintaining security and compatibility.
Types of Update Policies
Teams supports different types of update policies that control various aspects of the update process.
Update Policy Types:
- Client Update Policies: Control Teams desktop client updates
- Mobile Update Policies: Manage mobile app update behavior
- Web Update Policies: Control web client update frequency
- Feature Update Policies: Control rollout of new features
- Security Update Policies: Manage critical security updates
- Preview Update Policies: Control access to preview features
Update Policy Configuration
Update policies can be configured to meet organizational requirements for stability, security, and feature adoption.
Update Policy Settings:
- Update Channel: Current, Monthly Enterprise, or Targeted Release
- Update Frequency: Automatic, scheduled, or manual updates
- Rollout Strategy: Immediate, gradual, or staged deployment
- Feature Flags: Control access to new or experimental features
- Rollback Options: Configure automatic or manual rollback capabilities
- Notification Settings: Control user notifications about updates
Update Policy Best Practices
Effective update policy management requires balancing security, stability, and user experience considerations.
Update Management Best Practices:
- Staged Rollouts: Deploy updates gradually to minimize risk
- Testing Environments: Test updates in controlled environments first
- Communication: Inform users about upcoming updates and changes
- Monitoring: Monitor update deployment and user impact
- Rollback Planning: Prepare rollback procedures for problematic updates
- Documentation: Maintain records of update policies and procedures
Create and Manage Policy Packages in Teams
Policy packages in Teams provide a convenient way to bundle multiple policies together for consistent application across users or groups. This simplifies policy management and ensures consistent user experiences.
Policy Package Components
Policy packages can include various types of Teams policies, allowing administrators to create comprehensive policy sets for different user scenarios.
Policy Package Types:
- Messaging Policies: Control chat and messaging features
- Meeting Policies: Manage meeting settings and capabilities
- Calling Policies: Control calling features and restrictions
- Live Events Policies: Manage live event settings
- App Setup Policies: Control app installation and configuration
- Teams Update Policies: Manage client update behavior
Creating Policy Packages
Policy packages are created through the Teams admin center and can be customized to meet specific organizational requirements.
Policy Package Creation Process:
- Define Package Purpose: Identify the target user group and requirements
- Select Base Policies: Choose existing policies or create new ones
- Configure Settings: Customize policy settings for the target scenario
- Test Package: Validate the policy package with pilot users
- Deploy Package: Assign the package to target users or groups
- Monitor and Adjust: Monitor effectiveness and make adjustments as needed
Built-in Policy Packages
Microsoft provides several built-in policy packages designed for common organizational scenarios.
Microsoft Built-in Policy Packages:
- Global (Org-wide default): Default policies for all users
- Education (Student): Policies designed for educational institutions
- Education (Teacher): Enhanced policies for educators
- Healthcare (Clinical Worker): Policies for healthcare professionals
- Healthcare (Information Worker): Policies for healthcare admin staff
- Government (GCC): Policies for government cloud environments
- Government (GCC High): Enhanced security policies for high-security environments
Plan and Configure Policy Assignment for Users and Groups
Policy assignment in Teams determines which users receive which policies. Effective policy assignment ensures appropriate access control while maintaining administrative efficiency.
Policy Assignment Methods
Teams supports multiple methods for assigning policies to users and groups, each with specific advantages and use cases.
Policy Assignment Approaches:
- Individual User Assignment: Assign policies directly to specific users
- Group-Based Assignment: Assign policies to security groups or distribution lists
- Policy Package Assignment: Assign bundled policies through policy packages
- Bulk Assignment: Use PowerShell or admin center for bulk operations
- Dynamic Assignment: Use Azure AD dynamic groups for automatic assignment
- Hierarchical Assignment: Use organizational hierarchy for policy inheritance
Policy Assignment Best Practices
Effective policy assignment requires careful planning and ongoing management to ensure optimal user experiences and security.
Assignment Best Practices:
- Group-Based Management: Use groups for easier policy management
- Documentation: Maintain clear documentation of policy assignments
- Regular Review: Periodically review and update policy assignments
- Testing: Test policy changes with pilot groups before organization-wide deployment
- Monitoring: Monitor policy effectiveness and user impact
- Automation: Use automation tools for consistent policy assignment
Configure Settings for Microsoft 365 Group Creation
Microsoft 365 Group creation settings control who can create groups and teams, and under what conditions. These settings are essential for maintaining governance and preventing unauthorized team proliferation.
Group Creation Control Options
Microsoft 365 provides several options for controlling group creation, each with specific implications for governance and user experience.
Group Creation Control Methods:
- User-Level Controls: Control which users can create groups
- Group-Level Controls: Control creation of specific group types
- Domain-Level Controls: Restrict group creation to specific domains
- Approval Workflows: Require approval for group creation
- Template-Based Creation: Provide pre-configured group templates
- Self-Service Creation: Allow users to create groups with restrictions
Group Creation Policy Configuration
Group creation policies can be configured through Azure AD and Microsoft 365 admin centers to meet organizational governance requirements.
Configuration Options:
- Creation Permissions: Define who can create groups and teams
- Creation Restrictions: Set limits on group creation frequency
- Naming Requirements: Enforce naming conventions and restrictions
- Classification Requirements: Require sensitivity labels or classifications
- Owner Requirements: Define minimum owner requirements
- Approval Processes: Configure approval workflows for group creation
Configure an Expiration Policy for Microsoft 365 Groups
Expiration policies for Microsoft 365 Groups help organizations manage the lifecycle of groups and teams by automatically removing inactive or unused groups. This helps maintain a clean and organized Teams environment.
Expiration Policy Components
Group expiration policies consist of several configurable components that determine when and how groups are expired.
Expiration Policy Settings:
- Expiration Period: Define how long groups remain active (30-3650 days)
- Renewal Period: Set how often groups can be renewed
- Notification Schedule: Configure when owners are notified of expiration
- Grace Period: Define additional time after expiration before deletion
- Exclusion Rules: Exclude specific groups from expiration policies
- Automatic Renewal: Configure automatic renewal based on activity
Expiration Policy Workflow
Understanding the expiration policy workflow helps administrators configure appropriate settings and manage the expiration process effectively.
Expiration Workflow Steps:
- Initial Notification: Owners receive first expiration notification
- Renewal Period: Owners can renew the group during this period
- Final Notification: Final warning before expiration
- Expiration: Group becomes inactive but not deleted
- Grace Period: Additional time for recovery if needed
- Deletion: Group and associated resources are permanently deleted
Expiration Policy Best Practices
Effective expiration policy management requires careful configuration and ongoing monitoring to balance cleanup with business continuity.
Expiration Policy Best Practices:
- Start Conservative: Begin with longer expiration periods
- Monitor Impact: Track renewal rates and user feedback
- Exclude Critical Groups: Exclude essential business groups from expiration
- Clear Communication: Educate users about expiration policies
- Regular Review: Periodically review and adjust expiration settings
- Backup Procedures: Ensure important data is backed up before expiration
Configure a Naming Policy for Microsoft 365 Groups
Naming policies for Microsoft 365 Groups help organizations maintain consistent naming conventions and prevent inappropriate or confusing group names. These policies are essential for maintaining organized and professional Teams environments.
Naming Policy Components
Group naming policies consist of several configurable components that enforce naming conventions and restrictions.
Naming Policy Elements:
- Prefixes and Suffixes: Add required text to group names
- Custom Blocked Words: Prevent use of inappropriate or reserved words
- Attribute-Based Naming: Use Azure AD attributes in naming
- Character Restrictions: Limit allowed characters and length
- Language Restrictions: Control language and character sets
- Validation Rules: Define custom validation logic
Naming Policy Configuration
Naming policies are configured through Azure AD and can be customized to meet specific organizational requirements.
Configuration Options:
- Static Prefixes/Suffixes: Add fixed text to all group names
- Dynamic Attributes: Use user or group attributes in naming
- Blocked Word Lists: Define words that cannot be used in names
- Character Sets: Restrict allowed characters and symbols
- Length Limits: Set minimum and maximum name lengths
- Validation Messages: Provide clear error messages for violations
Naming Policy Examples
Understanding common naming policy patterns helps administrators design effective policies for their organizations.
Common Naming Policy Patterns:
- Department-Based: "HR-ProjectName" or "IT-SupportTeam"
- Location-Based: "NYC-Marketing" or "LON-Sales"
- Project-Based: "PRJ-ProjectName-Year" or "INIT-InitiativeName"
- Function-Based: "TEAM-FunctionName" or "GRP-GroupPurpose"
- Hierarchical: "DEPT-SUBDEPT-TeamName" or "DIV-UNIT-Group"
- Compliance-Based: "SEC-Confidential" or "PUB-Public"
Archive, Delete, or Unarchive Teams
Teams lifecycle management includes the ability to archive, delete, and restore teams. Understanding these operations is essential for maintaining organized Teams environments and managing team lifecycles effectively.
Team Archiving
Archiving teams preserves team content while making it read-only and removing it from active team lists.
Team Archiving Characteristics:
- Read-Only Access: Archived teams become read-only for all members
- Content Preservation: All team content is preserved and accessible
- Search Availability: Archived team content remains searchable
- Storage Impact: Archived teams continue to consume storage
- Restoration Capability: Archived teams can be restored to active status
- Administrative Access: Admins retain full access to archived teams
Team Deletion
Deleting teams permanently removes the team and its associated Microsoft 365 Group, with a grace period for recovery.
Team Deletion Process:
- Soft Delete: Teams are initially soft-deleted with recovery options
- Grace Period: 30-day recovery period for deleted teams
- Content Deletion: All team content is deleted after grace period
- Group Deletion: Associated Microsoft 365 Group is also deleted
- SharePoint Cleanup: Associated SharePoint site is deleted
- Exchange Cleanup: Associated Exchange resources are deleted
Team Restoration
Teams can be restored from both archived and deleted states, with different procedures and limitations for each scenario.
Restoration Scenarios:
- Archive Restoration: Restore archived teams to active status
- Soft Delete Recovery: Recover teams within 30-day grace period
- Content Recovery: Restore specific content from deleted teams
- Group Recovery: Recover associated Microsoft 365 Groups
- SharePoint Recovery: Restore associated SharePoint sites
- Permission Recovery: Restore team membership and permissions
Restore or Troubleshoot Microsoft 365 Group Deletion
Microsoft 365 Group deletion troubleshooting involves understanding the deletion process, recovery options, and common issues that can occur during group lifecycle management.
Group Deletion Troubleshooting
Understanding common group deletion issues and their solutions helps administrators effectively manage group lifecycles.
Common Deletion Issues:
- Permission Errors: Insufficient permissions to delete groups
- Dependency Conflicts: Groups with active dependencies cannot be deleted
- Policy Restrictions: Naming or expiration policies preventing deletion
- Sync Issues: On-premises synchronization conflicts
- Retention Policies: Retention policies preventing deletion
- Administrative Locks: Administrative locks preventing deletion
Group Recovery Procedures
Microsoft 365 Groups can be recovered from various deletion scenarios using different methods and tools.
Recovery Methods:
- Admin Center Recovery: Use Microsoft 365 admin center for recovery
- PowerShell Recovery: Use PowerShell cmdlets for advanced recovery
- Azure AD Recovery: Recover groups through Azure AD portal
- Exchange Recovery: Recover through Exchange admin center
- SharePoint Recovery: Restore associated SharePoint sites
- Third-Party Tools: Use specialized recovery tools if needed
Identify When to Use Microsoft Entra Access Reviews for Teams and Groups
Microsoft Entra Access Reviews provide a systematic way to review and manage access to Teams and Microsoft 365 Groups. Understanding when and how to use access reviews is essential for maintaining proper access control and compliance.
Access Review Use Cases
Access reviews are particularly valuable in specific scenarios where regular access validation is required.
Access Review Scenarios:
- Compliance Requirements: Meet regulatory compliance requirements
- Employee Lifecycle: Review access during role changes or departures
- Project-Based Access: Review temporary project team access
- Privileged Access: Regular review of administrative access
- External Access: Review guest user access to teams and groups
- Risk Management: Identify and remediate excessive access
Access Review Configuration
Access reviews can be configured for different types of access and review scenarios.
Access Review Types:
- Group Membership Reviews: Review who has access to specific groups
- Application Access Reviews: Review access to Teams and other applications
- Role Assignment Reviews: Review administrative role assignments
- Guest Access Reviews: Review external user access
- Self-Service Reviews: Allow users to review their own access
- Manager Reviews: Have managers review their team's access
Access Review Best Practices
Effective access review implementation requires careful planning and ongoing management.
Access Review Best Practices:
- Regular Schedule: Establish regular review cycles
- Clear Instructions: Provide clear guidance to reviewers
- Automated Reminders: Use automated reminders for reviews
- Escalation Procedures: Define escalation for overdue reviews
- Documentation: Maintain records of review decisions
- Continuous Improvement: Regularly improve review processes
Perform Operations for Teams Using PowerShell and Microsoft Graph
PowerShell and Microsoft Graph provide powerful automation capabilities for Teams administration. Understanding these tools is essential for efficient Teams management and automation of governance tasks.
PowerShell for Teams Administration
PowerShell provides comprehensive cmdlets for Teams administration, enabling automation of common administrative tasks.
PowerShell Teams Modules:
- MicrosoftTeams Module: Core Teams administration cmdlets
- AzureAD Module: Microsoft 365 Group management
- SharePointPnPPowerShellOnline: SharePoint integration
- ExchangeOnlineManagement: Exchange integration
- Microsoft.Graph Module: Microsoft Graph integration
- SkypeOnlineConnector: Legacy Skype for Business integration
Common PowerShell Operations
PowerShell enables automation of many common Teams administration tasks.
PowerShell Use Cases:
- Bulk Policy Assignment: Assign policies to multiple users
- Team Creation: Create teams from templates or scripts
- User Management: Bulk user operations and reporting
- Policy Management: Create and configure policies programmatically
- Reporting: Generate custom reports and analytics
- Compliance Operations: Automate compliance and governance tasks
Microsoft Graph for Teams
Microsoft Graph provides a unified API for accessing Teams and Microsoft 365 data, enabling custom applications and advanced automation scenarios.
Microsoft Graph Capabilities:
- Teams API: Manage teams, channels, and memberships
- Chat API: Access and manage chat conversations
- Meetings API: Manage meetings and meeting recordings
- Apps API: Manage Teams applications and bots
- Compliance API: Access compliance and audit data
- Analytics API: Retrieve usage and activity data
Automation Best Practices
Effective automation requires careful planning and adherence to best practices for security and reliability.
Automation Best Practices:
- Error Handling: Implement comprehensive error handling
- Logging: Maintain detailed logs of automated operations
- Testing: Test scripts thoroughly before production use
- Security: Use appropriate authentication and authorization
- Documentation: Document scripts and their purposes
- Version Control: Use version control for script management
Exam Preparation Tips
For the MS-700 exam, focus on understanding the relationships between different governance components and be able to identify appropriate solutions for specific governance scenarios.
Key Exam Points:
- Understand licensing requirements for different governance features
- Know where different types of Teams content are stored
- Understand update policy configuration and management
- Know how to create and manage policy packages
- Understand policy assignment methods and best practices
- Know how to configure Microsoft 365 Group creation settings
- Understand expiration and naming policy configuration
- Know how to archive, delete, and restore teams
- Understand Microsoft 365 Group deletion troubleshooting
- Know when to use access reviews for teams and groups
- Understand PowerShell and Microsoft Graph capabilities for Teams
Real-World Implementation Considerations
In practice, implementing Teams governance requires balancing organizational control with user productivity. Successful governance implementations consider both technical capabilities and organizational culture.
Remember that governance is an ongoing process that requires regular review, updates, and user education. A comprehensive understanding of Teams governance features provides the foundation for building well-organized, secure, and compliant Teams environments that support organizational objectives while maintaining administrative control.
Summary
Teams governance encompasses lifecycle management, content storage understanding, policy configuration, access control, and administrative operations. Understanding these components enables administrators to implement comprehensive governance frameworks that maintain organized, secure, and compliant Teams environments while supporting productive collaboration and efficient administration.
Written by Joe De Coppi - Last Updated September 15, 2025