 Hey everybody, this is Christian Buckley, Microsoft Regional Director and Office Apps and Services MVP. I'm also the founder and CEO of Collab Talk LLC based in Lehigh, Utah, and I'm here today talking about best practices for Microsoft 365 content governance. This content comes to you from as a webinar that I did about a month ago for Redmond Magazine and Ignite. Ignite, you might be familiar with, they are a governance and content management solution. They're a Microsoft partner. They're one of the native solutions that you can find in Microsoft Teams if you go to link other cloud storage, and you'll see Ignite with an E and become familiar with that. There's also an E-book that I did with Ignite, that's available out there. I'll share the link in a second. But the basis of this recording is that people always want to have like, what's that prescriptive list of things that I should go and do with my content governance? Obviously, the answer to that, the question is always, it depends. It depends on what are the rules and regulations that you're being held by, what are the standards that you follow, what are your information management practices within your organization. But through my experience working back since the early 90s with information management and project management program, product related technologies, got into knowledge management, found my way into SharePoint, almost 30 years of history in the knowledge management, information management space. These are some of the best practices which I've gone and implemented in organizations, change management techniques, and best practices that I just wanted to share with you in this lightweight video, if not for my long drag on beginning care. All right. Well, let's just get started here. All right. So title slide. All right. Let's jump through. So here is the link to the e-book that I wrote for Ignite Managing Content Sprawl Microsoft 365, where I go into much more detail around a lot of what I'm going to be talking about in this short video. So definitely go and download that. It's a free download, easy to find this just a link to the Ignite website. All right. Let's jump into it. What are we talking about here? So in Microsoft 365, and all tied to that Office 365 group, you of course have every time you create a new Microsoft team team, or a SharePoint team site, or a Yammer community, or whatever that asset is, it creates an Office 365 group. This is an Azure AD security group, and then it goes in provisions, different assets, and depending on where you're creating that. If you're creating in SharePoint team site, or Microsoft Teams, or elsewhere, it'll create the group. It'll create a number of assets of these shared assets, but it'll create different collections of each of these assets. Microsoft, however, is moving towards this idea that no matter where you go and create a Microsoft 365 group, it'll create all of these different assets. I don't know the roadmap, the timeline for getting there, but that's the direction that they're moving. So you have things like you could have a SharePoint team site, a Teams team, OneDrive of course is part of that, shared calendar and email capability through exchange, Yammer community, Planner board, as well as Power BI workspace. So all of those things which are generated, or could be generated when you create an Office 365 group. So with all of that going on, you're creating all these assets. People are uploading content, they're collaborating, there's conversations which are stored in the exchange portion of Teams, for example, and then you have the documents which are SharePoint centric or OneDrive centric, which is really just SharePoint under the hood. And so with all of that content being generated by your organization, you then have to manage those things. Now successful organizations that knowledge management, information management, they have long held strategies around how they're managing that, metadata content types, how they're the life cycle of the content that they're creating. But I, back in business school had a classmate who shared this nugget of wisdom out there about talking about governance, of governance of systems, of enterprise systems. He said governance should be guidelines to live by, not rules to die by. What that means is, do what makes sense for your organization. You know the compliance and security standards which you must adhere to. And on the other side of that, you have end users who are trying to get work done. So you have to be aware of, here are our standards that are keeping our people from collaborating the way that they want to. And then end users need to be aware of, hey, I need to go get stuff done, but I need to be compliant. I need to be secure. It needs to be done within a managed way, within our organization. And governance is what happens in between those two extremes. So a healthy governance strategy is one that promotes productivity so that end user focus and collaboration, making sure people are working together while maintaining the security compliance and the regulatory requirements of your organization. We can't break the law. We need to have standards in place so that we are able to securely manage our intellectual property. So what a good governance strategy provides. So first is that vision. What are we trying to do here? That shared understanding. Here's our constraints. Here's what we have to do. Here's what's needed so that people can be productive. And we want to work together. We want all these pieces working together. And so you have that shared understanding that people aren't gonna push back against the rules, understanding that this is why and the IT organization, whoever runs the collaboration systems understands that this is what people are actually trying to accomplish to get their work done. The second part is visibility. So there needs to be visibility into the planning. Here are the rules. Here's the tools that we have out there, the features that we're working on, new additions, integrations, customizations, automation, all of those things but provide visibility into that action plan. The number one driver of shadow IT effort. So people going outside of the rules of IT and going and using their own credit card to go buy some third party unsupported, potentially unsecure cloud solution. They're doing that because they're trying to get their work done and they have no idea of what the progress is of the request that they put in two months ago to have these features added. So you have to have that visibility into what's happening. Measurement is another critical piece here especially for adoption and engagement to understand what are people actually doing and are we being successful at this? For a lot of organizations, looking at things at a high level like our productivity score is nice but they really want to dig into the granular level of what are the successful organizations, teams, product teams, project teams, communities doing within our organization and how can we replicate that? You can't manage what you do not measure. So you need to understand what are we trying to accomplish? How are we measuring success? What does that success look like? And then of course is that fourth pillar there of the accountability. So who is the sponsorship change? Who makes the decisions at the end of the day that chain of command so that we know that, hey, can we realize that this is our compliance rule that's in place? Here's what we're actually trying to accomplish as a business. Do we need to change that rule? Do we need to force a change in the business? So somebody has to, a managing body, a governance board for example, has to make the decisions when decisions have to be made. Somebody needs to be going in there and saying, here's how we make these decisions and then be transparent, make that visible to people within the system. So best practices just very quick and I cover more of this within the e-book at that high level. There really comes down to three areas. So prevention is number one. So how do you properly structure the environment so that you are keeping people within those guide rails that guide the guidance, they're keeping them in a, you're working in a functional way, getting the work that they need done, but in a supported way. And you do that through things like provisioning, creating templates that are approved, naming conventions, the information architectures so that you make sure that your content is searchable, findable across these different parts of the system and then that people are properly trained. So there's so much that you can do up front so that when I go in to create a new team site or Microsoft Teams that I want to be a team owner for my new project that maybe there's templates in place like is it a product related project? Is it a customer related or an initiative related effort? So you might have three different templates that have different apps that are available that have direct links to have tabs within Teams already created or navigation already created within SharePoint. So that's, you just take some of the guesswork and build that consistency, build that structure right into that creation process when people are creating new assets. The second area is the proactive administration. It's the management, the community management of what's going on. And you have a lot of people that have this title of like customer success or community manager titles. It's really a focus on what people are doing the adoption and engagement, looking at the data, the analytics from this maybe building a center of excellence. I love that concept of the COE so that what are the best practices for collaborating together. And instead of when you see people start going down the path of the shadow IT where they're going outside of what you've gone and built is it something where you need to educate them on, hey, what you need to accomplish the features are actually there. Let me redirect you over to this or let's work on training there or it may be a conversation where you're doing something now that's not supported why are you doing that? Oh, okay. What you need is not currently supported by the system. So let's allow you to do this but do it in a managed way that's that governance activity. So it's a conversation between the business and the IT side of the house that allowing people to accomplish the work that they need to get done but you do that rather than through the slapping of hands of when people go slightly astray and instead it's more of a redirect or that shared you're developing that shared understanding what are you trying to accomplish? How can I help you get your job done? The third area is the continuous management. So here's more of the structure that you put in that's about ongoing operations optimizing the system and it's that change management mechanism that you put in place in the background. So the retention policies, what is our archival policies, the data cleanup and minimization, feature updates when they come out, site explorations, reviewing new applications as people the request that might come in and approve those and then the overall change management process. So it's the machine part of everything else that we're talking about here. Having a process in place, again, maybe it's that governance formal governance body that goes and makes changes to the templates into the provisioning process or into the guidance for the community managers that are part of the day-to-day proactive administration but you have, these are the three major pillars. Now, where people start it's always the number one question people say, yeah, but how do I actually go in and get started? And when do I start? Well, the number one recommendations or best practices start now. I mean, there's rarely a time where you are in a green field environment where everything's brand new, everybody's new to that system, you're rolling it out, you have absolutely no idea and so you're gonna do everything to the best of your abilities correctly right up front. It never happens. What happens is that there's a hot mess, there's been an IP breach somewhere and somebody up the food chain says, you know what, we need to go in and enact some stricter governance policies around there. So that's just the reality is it's generally there's already this sprawl of content in dozens of different, you might have dozens or even hundreds of different teams and team sites and communities that you're jumping in between and it's getting confusing for people and you need to go and clean up and I'll tell you that no matter what technology platform you're working on, it's always the story. And so that's why prevention, the proactive and the ongoing active maintenance are so important to kind of keep things under reins. So start now, build the plan as you go. So again, there are best practices that are out there, what's the best practice for me and for my organization may not be a best practice for your organization. So you have to take that with a grain of salt there. And so build a plan, go out with the information that you have. Here's what we're trying to accomplish, make it transparent, again, feedback from people within the organization, but build that plan as you go and iterate as you learn. Third one, create an internal user group around your collaboration platform, whether you're building a portal and intranet, whether you're rolling out Microsoft Teams or SharePoint or Yammer or whatever it is, whatever the scope of that activity is, create a user group, create feedback mechanisms for average end users to get more involved. I love the idea of creating a champions program and having a user group is a great way to identify those people or help them to self-identify who's passionate about the platform and helping others and will get more involved. And you need to have these utilities, have things like a user group for those people to be able to identify themselves and to really kind of prove that they are out there going above and beyond their own day-to-day jobs in helping other people. Those are the people that you want to really support. So user groups I'm a huge fan of and I love those things, especially the different kind of training methods or sharing methods. One of my favorites was just allowing people just to kind of open table, share what they've been doing. And they often learn like, hey, we tried to do the same thing. Here's where you're going down the wrong path. Here's what we did differently or you may just inspire others say, hey, that's a fantastic idea. I need to go and expand on my ticketing system in my organization and build something similar. So having that conversation internally is only going to provide value to your company. Clearly define the roles and responsibilities. And so having, and if all you have is IT is building and supporting this and end users down below, you might have different tiers in between. You might have, in Microsoft Teams speak, you might have the team owners and then you might have experts that are within a business unit who are above those teams owners may be actually be part of that provisioning approval process. So they may be people that are champions that have been identified, they're more passionate about the technology and they're trusted, they've gone through a certain amount of training. And so for their division, you might have people who have a role to approve the new requests are coming in. So that IT is not burdened with making all those decisions. So understand kind of the hierarchy, the decision makers at each level and clearly define those roles and the responsibilities of people that are part of that governing body, whether it's a formal governing body or it's an informal disperse across the organization. Document your regulatory compliance and security requirements. And you may already have done this if you say that, hey, we really don't have any regulatory compliance rules. Every industry has them, every organization should have them, especially around the life cycle of your intellectual property. I learned this lesson very early in my career when I was 19 years old, was a runner for a law firm, 19, 20 years old. And so I managed a lot of their physical documents and I was lectured a number of times of the importance of disposing of documents when their lifespan was over and then it needed to be done within seven days of that expiration and the process that I went to through those paper documents. But I learned that lesson and I'm just shocked that how many organizations just keep your content in perpetuity. They just lives forever and can cause confusion, can bog down the search experience and then there could be other issues with legal issues around keeping content, especially around customer information. And if there's personal information, that's part of that. So I mean, there's a lot of reasons why you need to go in and understand and have documented what are the rules, what do we need to adhere to because they also change on a regular basis. So just being aware of like what happened with GDPR in Europe. So be aware of the changes that are happening and how they impact your organization. And that'll help dictate then how the governance body needs to look at and manage all of their activities. The sixth one here, outlining your information architecture, understand the nuances between the workloads. So this is beyond just the naming convention. So content that is more short-term, collaborative, get a project completed. So like a lot of the activities and the conversation, the sharing that happens within Microsoft Teams is very different from what you then go in and move into SharePoint into the long-term storage that content. You might shut down a team as an active place where people are working together, but you have the content that's created, the formal documentation for a project or a project that might be archived inside of SharePoint and be accessible through, except through requests to a limited number of people in the organization. So figure out what that is. And then for all the content that's going into the system as well, what's the tagging process? What are the content types that are associated with that? What are the, because that's gonna allow you to go in there and start to set up the automation. If you are taking a lot of invoices, for example, invoices need to be tagged to the department, to the individual, to the customer, to a bunch of different things so that it can be surfaced as needed, when needed, and added into those automated activities. So understand the differences between your information architecture of content that is in your Teams and versus your SharePoint over in the portal that may not be associated with Team or might be sitting across multiple Teams and because the rules might be slightly different there. Be aware of how your information architecture, metadata, and tags will be managed. Who is managing these things? Who's going and ensuring that people are tagging content properly so they can be identified, so that you can be compliant with these various assets? So have the process for managing that. Also, this goes back to roles and responsibilities. Who owns that? What are their roles? How often are they going in and auditing and checking on this? Or do you wait until you know that there's been a day to breach and then just go backwards as far as possible? It's better to be proactive about these things and have owners that are dispersed across the organization, but they need to know what their roles are. They need to know what rules and guidelines they need to follow. I am a big fan of number eight of creating a governance site in that cross-functional team. I've run those in very large organizations. I've run them in small and startup situations where again, we were just being very proactive but creating just tons of documentation, tons of content. And now with so much of our content being in conversation and in video assets, it's even more important that we are clear of what our guidelines are for managing each of those different content types and having then those best practices all documented in place where we can go and have a conversation about it. We don't want is the governance activities bogging down collaboration. You have, there's been a move over the last decade to flatten all of our systems as far as permissions and ease of use or in order to make it easier to go and collaborate with anyone, anywhere, anytime. But we can't do that, flatten that structure while not obeying the compliance security and governance rules and policies procedures. So having a place where you can go in there and talk about, hey, here's what the policy is. We meet on a weekly basis, a monthly basis, whatever it is to go through and say, here, how are we adhering? Here's our last audit. Here's what's going on here. Here's the rules that are changing. So how does this impact our sites and our teams and our projects? And so having those discussions and allowing people to, going back to the visibility issue having, giving people a voice within that process and then also making it transparent. Here's what the governance body has decided around this. Here's what we need to change. Here's how it's impacting our provisioning process. And we need to have two approvals now for the creation of a new SharePoint team site, for example. So having that place where people can go to ask questions and have that discussion. Number nine is enlisting your employees. You cannot ask people to adhere to follow a program, a set of policies, guidelines if they don't have that voice and who better understands the content and the work that's being done than the people that are creating the content and doing the work. So involve them in that process. Maybe make that a rotating responsibility or develop a champion's program so that people can self-select that they get involved more with the governance aspect of these systems. And then finally, always err on the side of over communication. And so that's, it's hard for a lot of organizations but people start saying, hey, I had no idea where are these things, why weren't we notified these changes were going to be made? This impacts how we're running our projects. If you hear those kinds of comments then you're not communicating enough. So you need to err on the side of over communication meaning creating a new site so people can see if you have that centralized governance site and have that news piece out there. So people are able to consume information about the change management process about the status of auditing of systems. If they're able to see stats and leaderboards to understand how other people are collaborating across all the technology. I love this idea of having visibility into where people are collaborating, how they're collaborating and then sharing best practices with each other as a community. And then sharing that information out there it's just going to improve everybody's collaboration the quality of the collaboration that's happening across the organization. I know that's a lot to run through in a short video here. Again, if you'd like to get more information about this topic, definitely go download the free ebook that's from Ignite. It's worthwhile, it's short read but some great insights there that should help you get started especially around the three pillars of prevention, proactive management and the continuous management activities. So definitely go take a look. And once again, my name is Christian Buckley Microsoft RD and MVP. And if you'd like to follow me on Twitter you can find me at Buckley Planet it's also buckleyplanet.com is my blog but definitely go take a look at that. And of course, follow me out on YouTube as collab talk. It's my company and thanks a lot for watching the video.