Microsoft 365 security

Microsoft Teams best practices for the new administrator

Some days I think it’s Microsoft Teams’ world and it’s just letting the rest of us live in it. Microsoft Teams came shooting out of the gate a couple of years ago and shows no signs of slowing down. If your organization uses Office 365, or even looks in Office 365’s general direction, it’s not…

Some days I think it’s Microsoft Teams’ world and it’s just letting the rest of us live in it. Microsoft Teams came shooting out of the gate a couple of years ago and shows no signs of slowing down. If your organization uses Office 365, or even looks in Office 365’s general direction, it’s not “if”, but “when” you’re going to roll out Microsoft Teams. The implementation of Teams is even more certain in this era of remote work.

If you’re like me and have been focused on one of the other Office 365 technologies for a long time, getting your arms around Teams can feel a bit daunting. As I’ve worked with customers, I’ve found myself telling them some of the same things as we’ve discussed Microsoft Teams. I thought I’d document some of those sage words of wisdom and share these Microsoft Teams Best Practices with you.

Turn Microsoft Teams On

My first bit of advice to aspiring Microsoft Teams Admins is to just turn it on. It seems a bit scary, but the sooner you roll up your sleeves and get your hands dirty, the sooner you’ll achieve Teams Nirvana, or at least a lesser level of Teams Unhappiness. Baby steps and all of that. Microsoft recently announced that they were shutting off Skype for Business in July 2021, so the clock is ticking.

Getting Started Microsoft Teams


Of course, you don’t want to unleash this on your whole organization at once, that would just be crazy. But after you’ve read up on it a bit, license a few trusted folks for it and kick the tires. You know how your organization works, start thinking about how to leverage Teams to get those tasks done. This experience, especially if you haven’t used Teams much, will be invaluable as you start to define the policies around Teams and you start helping your end-users adopt it. Microsoft has some good documentation to get you started.

Don’t Forget About Office 365 Groups

In this blog post, I talk about the relationship between Teams and Groups. While you can create a Team without associating it with a Group, it’s a bad idea. It’s like making a peanut butter sandwich without jelly. Bert, without Ernie. Batman, without Robin. You get the idea.

Creating an Office 365 Group when you create your Team is not only less work, but it also helps you keep in mind how all these products fit together and how your users should use them. It will also help you with your governance in several facets. It reminds you that each Team, like each Office 365 Group, needs multiple owners, things like that.

Teamify an Existing Office 365 Group


If you do have any Teams that are not Group connected don’t worry, you can fix that. It’s possible to “Teamify” an existing Office 365 Group, if you have the appropriate permissions. The Teams and Office 365 train is coming. It’s better to get onboard than getting run over by it.

Prevent the Mess

Microsoft’s vision of Teams and Office 365 in general, is that it grows organically. That users are able to spin up and spin down Teams and Groups as they need them, without interrupting IT. And while I can agree their philosophy has merit, there are a whole lot of ways that users can make a mess of it unintentionally. Fortunately, Microsoft has been in the Enterprise Collaboration space for a while, so they know how this story goes. They have built-in a lot of guardrails to help admins control Teams and to make sure it conforms to their specific company’s needs.

Controlling information is a huge topic, but I find myself covering a couple of parts more often than others. The first is around message policies. These are settings that help an admin control what kinds of messages users can post in Teams. The list of knobs and switches is long, so I won’t go over all of them, but it covers things like whether a user can post giphys, memes, or stickers. It controls how URLs are handled and whether users can delete or edit their own messages. Different companies and industries have rules over communication, so it’s important to know those settings exist.

Controlling Access to Your Teams Channels

A somewhat related topic is controlling who outside of your organization can access your Teams channels. You can give both external access and guest access to a Teams channel. They sound similar, but they are a bit different. If you want to be able to grant anyone from an external company to your Teams environment, that’s External Access. You can set a policy that says your users can invite anyone from to a Teams channel. Guest Access is allowing single user access without opening up the floodgates for their coworkers to also be added.

Microsoft Teams External Access


These are some of the many controls that let you, the admin, manage who can access your data and what they can do while they’re in there. Both of these, message polices and sharing policies are examples of some of the proactive steps you can take and you can change them any time as your business needs change and as your understanding of the product gets better.

Monitoring and Reporting

We just covered some proactive steps you shouldn’t forget to investigate, there are also some good reactive things you can do too. After I talk to my customers about what Teams is and how people use it, they get a bit nervous about how to keep tabs on how big it’s getting and how it’s being used. In my opinion, the reporting and monitoring tools built into Office 365 aren’t where they should be. They lack ease of use, for starters. It’s still too tough for admins to easily discover the information they want in a quick manner.

Syskit Security Manager Office 365 Groups and Microsoft Teams

List all Office 365 Groups and Microsoft Teams per user with SysKit Security Manager.

But, where there are gaps, there are noble third parties, ready to step in and fill those gaps, and this is no exception. I may be a bit biased, but I’m a frequent advocate for SysKit’s Office 365 products. For this particular itch, SysKit Security Manager scratches it just right. It gives admins a fighting chance at keeping up on how Teams, and other Office 365 resources, like Groups, are growing in their organization and also lets them change things in one easy to use location. Having that information in one place makes it easy for admins to see what’s going on and reach out to people before problems get too bad.

[legacy-product-disclaimer new-product-id=”15405″]

Don’t Forget About Non-Chat Uses of Teams

When most of us think of Teams we think about it being a real-time chat and funny meme delivery platform. And while that’s a noble purpose, it can do so much more. There are the obvious extra-chat uses of Teams, like file storage. Those are easily accessible from the tab links across the top of the client. Connecting to SharePoint to store files isn’t the only integration trick Teams has up its sleeve. For example, you can add tabs to connect to sundry other technologies, Microsoft and otherwise.

You can host a OneNote file in Teams or it can come from Evernote, Teams doesn’t care. Teams allows you to even leverage an existing web page and host it in the Teams client. Microsoft has the vision that Teams will be the client your users spend the majority of their day in. With the deep integration they’ve baked into it, they may see that vision come to fruition.

Oh, the Clients!

Microsoft Teams Multiple Devices Platforms

Speaking of all of the amazing things you can do with the Teams client, one of them is running it on a whole host of platforms. It will obviously run on Windows and MacOS, and that’s primarily where you’ll use it. But it’s also quite happy to run on Android and iOS devices too. This means you can use Teams on your phone to join voice meetings or use the Teams client on your tablet to chat or join full audio/video meetings. Teams also has a quite capable web client for times when you can’t install the full client on a machine, like when you’re visiting Aunt Betty over the holidays and you don’t want to miss that crucial stand-up.

It’s also very handy when you need to be logged into Teams with multiple identities or keep up on multiple conversations at once. Right now, the Teams client doesn’t support multiple tenants or multiple identities very well. The web client is a good way to cope with that clumsiness while Microsoft works on it. If you do have many identities that you use to connect to Teams, or any other Office 365 product, consider using the method I talk about in this blog post, How to Connect to with Multiple Office 365 Accounts in your Browser without Losing Your Damned Mind. When you’re planning your Teams rollout, don’t forget to include the flexibility that all the clients provide.

Your Pal and Mine, PowerShell

It’s not a client, per se, but you also need PowerShell to get the most out of Teams. You’ll need PowerShell to configure and tweak Teams to get it to behave the way you’d like. It’s how you configure Teams for external users, how you connect it to POTS, and so on. You can also use it in your day to day activities as you’re creating Teams (and Office 365 Groups) or managing the Teams you already have. PowerShell makes these management tasks easy, fast, and very consistently reproducible. That’s the good news.

The bad news is that the PowerShell landscape is a bit confusing at the moment.  There will be some clumsy fumbling around in the dark as you start using it to manage Teams. I currently use a combination of four PowerShell modules when I’m working with Teams; PnP PowerShell, Skype for Business Online, Microsoft Teams  0.9.6, and Microsoft Teams current version. This handy blog post outlines the modules I use for all of my adventures in Office 365, along with their latest version.

Teams and Office 365 Components

I need each of these modules because of how heavily Teams leans on other Office 365 components. Also because of how things in the background are always changing. The Teams Module itself makes sense, but why an old version too? The module changed how it authenticates after version 0.9.6 and there are scenarios where one makes sense over the other. Some legacy settings are still only available in the Skype for Business module, so I have to keep that one around too. If you haven’t installed that one before, take a drink and plan on it taking a while. It usually requires a reboot too, for whatever reason and a fair amount of swearing.

Finally, the PnP PowerShell is invaluable and it’s the easiest way I’ve found to connect to the Microsoft Graph and work with Groups membership. When it comes to PowerShell, my advice is to have these modules installed before you need them. That way when something comes up that needs them, you’re ready to go.

Keep Up-To-Date with Office 365 Changes

At some point during every Office 365 migration or rollout I do, I see the customer’s realization of just how big Office 365 is, and how fast it changes. The question “How am I supposed to keep up with this?” is often asked. That’s inevitably followed by a big sigh and the customer banging their head on the table. I got that question enough that I wrote it up in blog post, How to Keep up with Office 365 Changes. While you should read that post thoroughly and maybe even out loud, I will sum it up a bit here.

There are several places that you need to hit regularly to keep your finger on Office 365’s pulse. The Microsoft 365 Admin Center is one. There’s a Message Center where new functionality is announced and you can sign up for email updates as well. Microsoft publishes the Office 365 Roadmap as a way to tell us what new features are coming and which ones they’ve delivered. They publish some information on the Tech Community, which is also a good place to see general Office 365 questions answered.

Microsoft Targeted Release Validation


Finally, having a tenant set to Targeted Release will help you get your hands on the new functionality early so you can start to play with it as soon as possible. None of those places are specific to Teams, but when you’re adopting Teams it is a good idea to make sure you add those links to your bookmarks if they aren’t there already.


Teams can seem a bit overwhelming and just flat out annoying at times. With these tips, and a few hours behind the wheel you’ll be able to bend it to your will. You may even enjoy yourself in the process. And this is just a shortlist of the tricks I use to keep Teams in check. Once you get comfortable with it there are many more tools and techniques you can use to get the most out of Microsoft Teams and keep your users happy at the same time.

Subscribe to our Newsletter

Related Posts