Taming orphaned workspaces in Microsoft 365

In episode one of our video series, Increase Visibility to Unleash your Microsoft 365 Potential, Microsoft MVPs Vlad Catrinescu and Drew Madelung discuss Taming Orphaned Workspaces. They dive into the concept of orphaned workspaces within Microsoft 365 and the steps to identify, manage, and prevent them from becoming orphaned.

To have the full experience, watch the entire episode below. We’ve also highlighted some of the key points in this blog post.

Understanding Microsoft 365 Workspaces

Workspaces refer to collaborative spaces within Microsoft 365, including Microsoft Teams, SharePoint Online, Viva Engage, and OneDrive. Microsoft 365 groups are the foundation behind most of these workspaces, acting as cross-application membership services.

You need to understand how workspaces work so you can understand how to tame and manage them. Think about these brand names (Teams, SharePoint Online, Viva Engage) as a workspace versus just a product. That will help dictate what makes these things tick and what makes it an orphaned workspace.

Microsoft 365 Groups and roles

Microsoft 365 groups play a crucial role in managing ownership of workspaces. Groups have different roles, such as members and owners, with specific permissions. Groups have been around for years, but it is the key to managing the ownership of your workspaces. Ownership management is essential for controlling permissions and collaboration within Teams, SharePoint, and Viva Engage.

OneDrive does not use Microsoft 365 groups. There’s no risk of having an orphaned group here or an orphaned OneDrive site because there is actually a whole separate process for account management, OneDrive retention, and OneDrive ownership.

Even if we understand the concept of an M365 group, each M365 group can be different. For example, an M365 group that you create from Viva Engage will be different than an M365 group that you create from Teams. The one from Viva Engage will not have a shared mailbox, and cannot have a Microsoft Teams team attached. The one you create from Teams cannot have a Viva Engage community attached to it. So even if it’s an M365 group, they are still all a bit different.

Where you create the workspace will dictate the capabilities that you have for that workspace.

Taming orphaned workspaces

An orphaned workspace occurs when a Microsoft 365 group, which backs Teams or SharePoint, has no owner. Orphaned workspaces can result in collaboration challenges and restrict activities such as adding users, managing private channels, changing team settings, or archiving/deleting teams.

Admins can always enter the group and change permissions, but the goal is to empower business users to be able to continue operating seamlessly instead of blocking their collaboration.

Exceptions

Non-group backed sites

Communication sites, classic sites, or if you use the STS#3 template, are without Microsoft 365 group association and can also become orphaned.

Groups with no members

Workspaces with no members pose a different challenge and should also be considered for handling in a similar context.

Disabled or inactive users

Orphaned workspaces can occur if an owner becomes inactive or their account is disabled.

Preventive measures

Ownerless policy

A built-in ownerless policy allows organizations to automatically ask potential new group owners to add themselves. Notifications are sent to active members, asking them to volunteer as owners.

Ownerless policy configuration

Configuration involves specifying who can receive ownership notifications, the number of members to notify, sender details, and message content. The policy can be set up in the Microsoft 365 admin center under org settings.

Additional considerations

• Orphaned workspaces are triggered when accounts are deleted or removed from the organization.
• The Teams admin center allows administrators to view teams with no owners.
• Organizations can leverage auditing logs and custom scripts to address specific scenarios.

Custom solutions

• Organizations might choose to build custom solutions using PowerShell scripts or third-party tools such as Syskit Point to address more complex scenarios.
• Managing group creation can also be a preventive measure to reduce the likelihood of orphaned workspaces. The fewer groups you have, the less likely you are to have owner-less groups. You can limit group creation to specific people or if you want to go down more of a custom route, enforcing team owners, you can do that using provisioning.

Conclusion

It’s important to understand Microsoft 365 groups, roles, and the potential risks of orphaned workspaces. Implementing preventive measures, such as the ownerless policy, and considering custom solutions can help organizations effectively manage and mitigate the challenges associated with orphaned workspaces in their Microsoft 365 environment.

There are third-party options such as Syskit Point where you can easily create an Orphaned Resources Report and identify all orphaned Microsoft 365 Groups and Teams. The Syskit Point dashboard will automatically let you know if it detects any orphaned workspaces in your environment. With Syskit Point, you can manage orphaned workspace owners, remove orphaned users, discover all inactive content, and keep your Microsoft 365 environment well-organized.

In the next episode

Next up in our Increase Visibility to Unleash your Microsoft 365 Potential video series, Vlad and Drew will take a look at orphaned users and all the ways to detect, manage, and tame them.