What are the most overlooked aspects of governance in Microsoft 365?
Table of contents
There’s a lot of talk about governance in Microsoft 365, but what can we improve on? At ESPC 2024 in Stockholm, we asked Microsoft MVPs “What are the most overlooked aspects of governance in Microsoft 365?” Watch their answers in the compilation video below and their extended answers in this blog post.
Making sure that we’ve got secure tenants – Tony Redmond
The big issue of governance in Microsoft 365 is making sure that we’ve got secure tenants. The fact that we’ve still got nearly 50% of Microsoft 365 accounts logging on without multi-factor authentication is just a disgrace. So that’s the number one thing.
After that, it’s just a matter of people getting to know what’s actually running in their tenant. I don’t think people really realize it. Microsoft 365 is such a connected space. You’ve got SharePoint, OneDrive, Teams, Exchange, Planner, everything working together in a very tightly connected way. People just don’t realize that. So if they just go and focus on something like SharePoint and don’t take care of Exchange or Teams, they’re likely to overlook something. Getting hold of the overall picture is really important, and that will lead to better governance in Microsoft 365.
Having data and being able to action it – Richard Harbridge
I think one of the things with governance is we all talk about security, but we don’t talk about insecurity enough. How do we handle not just adoption like a service, but how do we help people make sense of this and improve and accelerate return on investment? Because again, in 2024, it was all about how do we get ready for AI? In 2025, it’s about how do we accelerate return on investment with AI? And hopefully we’re at the scaling and the realization levels of AI excellence.
So in those scenarios, for me, it’s about baselines and data. When you look at things like Viva now being included in Copilot Analytics, we see a real demand for more data, you know, understanding how are people, how many people are creating and modifying Excel documents as one layer. But then how many people are taking those and doing formatting? We’re doing data analysis. We’re doing different layers of activities. So having data and being able to action it or insights and being able to action it is the most underutilized aspect and the most important part of governance in Microsoft 365 today.
It’s not security and getting those patterns right. I would argue maybe like getting down to the document level of protection is really important, like content, in document-centric, lifecycle sensitivity. But I really think it’s this data gap that we have where we need richer data to make more informed decisions to make more effective return on investment priorities and prioritization in 2025. And that’s going to come from both third parties, and it’s going to come from Microsoft data sets that are just getting richer and richer in terms of understanding how people are using these tools and what that can tell us about how we can proactively help them use it better or avoid some risks.
Stale data in Microsoft 365 – Vlad Catrinescu
Well, so I say probably the most popular one is oversharing. So I’m not going to talk about that one. I’ll talk about another one that is a big problem not many people talk about, which is stale data. We’ve been accumulating so many sites, so much data in our tenant. And when you ask Copilot a question, Copilot will look at all the data in your tenant you have access to. If 80% of it is old and irrelevant, you have an 80% chance that Copilot will give you an old and irrelevant answer. So it’s not only good for your storage cost, but also for the quality of the Copilot answers you get back for you to get rid of old and stale data.
Security and permissions that we’ve had wrong – Emily Mancini
For many years we’ve been talking about the right permissions on sites and what levels we should put them. And right now Copilot is putting a huge highlight on any security and permissions that we’ve had wrong. And we’ve been oversharing for a little bit too long. Very often, your default tenant link behavior is going to break inheritance, and you’re sharing everywhere. So making sure that you look at the traditional structures and really be thoughtful about who should have access to what and why it’s important. Of course, we have a lot of great band aids like restricted access control and restriction site search to help us while we’re fixing that governance in Microsoft 365. But it’s really important to follow all those better practices that we’ve been talking about for years.
Definitely still permissions after all those years – Thomas Vochten
I think that the most overlooked one is definitely still permissions after all those years. Many people always talk about the proliferation of a lot of teams and everything, but for me, it is permissions, basically. That is the issue. People are members of different teams, members of different SharePoint sites, various groups, and groups get reused for different purposes. So to me, permissions management and permissions overview are still the most important problems with that.
Trying to have people keep permissions simple – Marc D Anderson
I think it’s permissions. You know, for years and years and years, we’ve all been kind of, well, a lot of us, a lot of us consultants at least, you know, been trying to keep people to keep trying to have people keep permissions simple because simple permissions are understandable permissions. And now with Copilot, it’s sort of shining a light on what permissions are open and what are not. That aspect of governance in Microsoft 365 is all of a sudden important to people, even though the issue still was there. I mean, it has been there for years when it comes to search.
So, governance in Microsoft 365 in the form of permissions on content, I think is probably the topic of the day. Microsoft is cranking out new tools all the time to help you understand, you know, are you oversharing? Are you undersharing? Do you have external access to content that you shouldn’t, etc? So just that fundamental idea, I think, is the number one thing that people are paying attention to right now.
Sharing of files – Knut Relbe-Moe
I think still, sharing of files is the most important one. You know, like people do oversharing, people send things to strangers. So for me, that is always the one that has the most need of attention.
Would you like to hear more?
It was great hearing what Microsoft MVPs had to say about the most overlooked aspects of governance in Microsoft 365. You can also check out other MVP videos about:
- Microsoft 365 in 2025: What will be the most transformative feature?
- Whether Copilot agents will help increase the adoption of Microsoft Copilot
- What is the most underrated feature of Microsoft Copilot?
- What does Microsoft 365 Governance mean to you?
Thank you to all the Microsoft MVPs for their insights!
