Introduction to Microsoft 365 provisioning

Whether you are a user, an admin, or a CTO, you have probably heard of provisioning in Microsoft 365, but what does it mean, and most importantly, why should you care?

In this section of the handbook, we will cover everything you need to know about provisioning Microsoft 365, from what it is, to different ways of customizing it, to common pitfalls and how to avoid them.

What is Microsoft 365 Provisioning (and why we need it)?

Technically speaking, Microsoft 365 provisioning is the process of creating and configuring digital workspaces and services across the Microsoft 365 ecosystem, such as Teams, SharePoint sites, Microsoft 365 Groups, and more, and making them available for use.

But in simpler terms, as a Microsoft 365 user, you’ve probably seen the option to create a new SharePoint site, a new Team, or a new Planner plan.  What you may not know is that by default, every team site you create will also create a shared mailbox in Exchange or a Microsoft Forms workspace.  

In addition to that, imagine you just left a meeting to kick off a new project, and everyone in the meeting goes on after and creates the “Project Alpha” workspace.  Some might create it from Teams, some from SharePoint, and some from Outlook, and in the end, you have 4 workspaces for the same project, none of them the same.

Now let’s take it to the next level. Every project workspace you create probably has the same requirements regarding how the home page looks, what lists, libraries, and even Teams channels you like to have to keep everything in check. Instead of creating a blank team site every time, or a blank team, every project workspace in your company could look the same and have everything you want there from the start.

Lastly, we all know that security is the number one priority for organizations, especially in the era of AI, where we need to make sure that Copilot only has access to the content you want it to have access to.  Imagine that when you create a new project site or a partner collaboration site, all the complicated security and external sharing settings that IT wants you to do are already there, and there is nothing for you to configure.

If we summarize, implementing a provisioning plan can help you solve:

• Workspace sprawl and duplication: With easy self-service creation, your tenant can quickly start to sprawl, leading to too many Teams/sites. Content and collaboration spaces can become duplicated and cluttered, with multiple groups created for similar purposes.
• Inconsistent naming: In an ungoverned environment, users might create workspaces with random or unclear names. A lack of naming conventions makes it hard to find things and enforce policies. (In fact, Microsoft recommends setting up naming standards and other governance rules before users start creating teams).
• Lack of ownership: Workspaces often get created without clear owners responsible for their upkeep. This can result in “ownerless” teams that linger on with no one managing membership or content – a situation that frustrates members due to the lack of ownership and control.
• Security/compliance risks: Inactive or abandoned teams can contain sensitive information that isn’t being monitored or properly disposed of. For example, without lifecycle policies, an unused team might retain confidential files that should be archived or deleted for compliance. For example, a lifecycle policy might archive a workspace 180 days after its last activity. 
• Operational overhead: The more sprawl and clutter in your Microsoft 365, the more work for IT. Uncontrolled growth leads to many inactive or redundant workspaces taking up storage and crowding your tenant, which in turn increases the maintenance workload on IT staff (time that could be spent on more critical tasks).

Who is responsible for provisioning?

Provisioning responsibilities typically involve a mix of IT and business roles, and they can vary by organization size and maturity:

• IT Administrators / M365 Service Owners: In many organizations, the IT department or designated Microsoft 365 admins oversee provisioning. They might handle all creation of Teams, sites, and groups (especially in smaller companies) or simply be responsible for creating the templates.  This ensures technical consistency and compliance with IT policies.
• Governance/Compliance Teams: These stakeholders define the rules and standards that provisioning must follow (for example, what templates to use, naming policies, approval requirements, data retention rules, etc.). They may not create each workspace or template themselves, but they ensure that when templates are created, they align with security and compliance policies.
• Department Leads or Power Users: In more federated models, certain business users are given the ability to request or even create new workspaces for their department or project. For instance, a marketing manager might be allowed to provision a new Team site using pre-approved templates. This delegated approach can lighten IT’s load and empower users – as long as there are checks in place.

Every organization strikes a balance. Some companies lock down Microsoft 365 so only IT can create things; others enable more self-service. For example, you might choose to let all employees create new Teams by default, or you might restrict that ability to a specific group (like department heads), or turn it off entirely so that only IT admins can do it. There’s no one-size-fits-all answer – it depends on your governance comfort level. The key is that somebody is accountable for what gets provisioned. If end users are creating workspaces, you may implement an approval workflow or use tools to enforce the rules automatically.

Next steps

That was a lot of information at a high level on why provisioning is important and who is responsible for it. In the next steps of this handbook, we will deep-dive into every aspect of provisioning, from what’s available out of the box to a complicated provisioning process with Power Automate, Azure Runbooks, and super cool custom templates.