The goal of creating a governance is to define roles, responsibilities, polices and processes for how the organization should work in order to achieve it’s goals.
For many organizations the task of defining a governance is often overlooked, and the word “governance” is first mentioned after implementation of the Microsoft 365 platform. By then the business has already started working with all the great new features.
So, is it too late to define you governance then? Absolutely not, it is never too late, but you may need to do more work in order to enforce implementation of the governance if you start out late in the implementation process. Nevertheless you will do yourself a great favor by giving the governance implementation a high priority.
How to get started with Microsoft 365 governance
Before you start defining your Microsoft 365 governance you need to ask yourself a few questions which should help you determine what should be included in the final product.
Here are some examples:
- Who are your users?
- Administrators
- Internal users
- External users / partners
- How are these users working together or as an individual?
- Do you have an overview of current and future work processes or do you need to do pre-analysis first?
- Which Microsoft 365 services do you plan to implement?
- Personal (e.g. Outlook/Exchange, OneDrive)?
- Collaboration (e.g. MS Teams, SharePoint, Yammer)?
- What is your top 3 priorities for the use of Microsoft 365?
- Examples:
- Security and compliance
- Process improvement
- Collaboration
The reason why it is important to go through the above exercise is that it gives you an indication of what needs to be described and how. For example, when you have identified your involved users and their current work processes (you can create uses cases to describe this), you instantly have a baseline for describing, and even improving, how the users should work in the future Microsoft 365 setup.
Remember, the governance definition is also a description of how the users must use the available Microsoft 365 services in certain business scenarios (What tool to use when?). When having that description and implementation in place, you ensure a higher level of compliance and streamlined processes.
While the Microsoft 365 platform involves a lot of available services (suggestion: take a look at the M365 periodic table made by jumpto365.com), you may want to create an overall governance that covers all your selected services. And then split your governance description into sub-areas covering each individual service (e.g. OneDrive, MS Teams, SharePoint) as these may have different settings and policies.
In general it is a matter of describing: Who? When? What? and How?
What to include
There are some common areas that your would normally include in your governance structure. How detailed you would like to describe these areas is up to you, but start out with some simple descriptions – you can always expand at a later time.
A normal governance document would at least include these areas:
- Roles and responsibilities – describing who are the actors involved in the implementation of Microsoft 365 and what can they do within each area.
- Common use case scenarios – describing the overall business requirements which needs to be solved.
- Solution description – a description on how the business requirements must be solved – which Microsoft 365 tool/service when? E.g. for sharing documents with externals you may prefer using SharePoint Online or MS Teams as the primary service. It is always a good exercise to demonstrate how already defined user requirements can be carried out by using a specific Microsoft 365 service.
- Security – How is security handled and enforced. E.g. how is identity management and access to data handled.
- Information management – How is data handled and maintained (tip: look at my article about retention policies and Microsoft’s Information governance).
- Life-cycle management – Describe the process of how your Microsoft 365 applications will be provisioned, maintained and archived/deleted.