Should You Build or Buy Microsoft 365 Governance?

Post Date: 02/09/2021
feature image

We’re living in a DIY age — especially now — where activities from breadmaking to home repair are mainstream. Should a self-built Microsoft 365 governance model also be on the list?

IT governance is the act of setting defined processes for safe and efficient IT use, and it’s a critical task for businesses.

After all, the powerful tools housed within Microsoft 365 offer countless ways to support remote work and advanced collaboration. But deployed out-of-the-box, they have limited capabilities to create customized end-user policies that protect sensitive data and reduce content sprawl, among other things.

This divide can hinder productivity: Forty percent of IT professionals spend four to eight hours per week doing routine Microsoft 365 governance tasks such as provisioning workspaces and managing content sprawl, according to a recent survey by the Association for Information and Image Management.

Why a Strong IT Governance Policy Matters

There’s simply no question that automated Microsoft 365 governance is key to safe and effective work. You might want to limit administrative rights to meet compliance standards, for instance, or who can close an obsolete Team. A tough but not rigid structure that includes some self-service functions is ideal.

Some administrators might assume they can just use Power Platform tools to automate and analyze data, but that’s only half the story (more on that later).

Often, the job is more easily said than done.

Ask yourself: does your own IT team have the knowledge — and the ongoing bandwidth — to build and maintain these provisioning systems? Are you prepared to handle frequent updates to Microsoft APIs? What about training for your users or maintaining support staff?

microsoft 365
Source: Association for Information and Image Management.

In the long run, time and cost implications can easily turn a well-intentioned effort into a burden. And worse, any resulting gaps could pose a substantial risk.

Because of these factors, businesses may consider a trusted third-party solution to handle the heavy lifting. These partnerships can bring not only peace of mind from an effective governance plan but also dedicated customer service, a strong user experience, and strategic positioning for whatever comes next.

Should You Build Your Own Microsoft 365 Governance Solution?

The idea sounds simple enough. Businesses with robust IT teams might seek to build their own automated management program. After all, they understand the challenges within their companies and have a good understanding of their user base and related needs.

The desire to establish a governance policy — no matter how it’s created — is an important first step.

Consider applications that operate within a successful governance policy framework: they have defined ownership that includes chains of responsibility, authority, and communication with measurement and control mechanisms in place. Without that protective layer, there’s little (if any) oversight over who is best suited to take actions such as creating a Group or a Team, sharing critical files, and deleting data.


READ MORE: Top 10 Considerations for Microsoft Teams Governance


Still, it may not take long for hurdles to arise within an in-house deployment (even if the initial rollout had no major hiccups).

These are only a few of the hurdles to a self-built approach:

  • It’s limited: Attempting to automate provisioning via Microsoft Power Platform with no licensing changes? By using Microsoft 365 as a data store, this approach simply isn’t scalable.
  • It’s demanding: Setting up PowerShell/API-driven integration with Power Platform and a SQL data store is free in Microsoft Dynamics, but continued maintenance is required.
  • It’s expensive: An end-to-end solution needs dedicated engineers and ongoing support staff to incorporate Microsoft API updates and to make other adaptations as your business evolves.

Make no mistake: governance is not a one-time project.

Imagine life down the road, six months to a year after your launch. With any of the above scenarios in play, it’s possible your IT staff will be inundated with service requests, security changes, or frustrated users (who might already have turned to shadow IT for help). The problem of settings and configuration changes to provisioned workspaces will persist. None of this is convenient, nor is it cheap.

Add to those concerns the issues of monitoring permission settings, generating reports to gauge risk or throttling due to high levels of scripting, and there’s good reason to consider a better alternative.

Value and Security of Third-Party Governance Solutions

Let’s consider a different scenario, one where your teams have the appropriate on-demand resources and a well-tailored (and highly adaptable) Microsoft 365 governance framework. Sounds great, right?

A solution such as AvePoint Cloud Governance can make that vision a reality.

Taking the guesswork — and the whack-a-mole-style upkeep — out of the equation allows your teams to work adhere to appropriate guidelines without systematic weaknesses and inconsistencies.

Even better, the partnership has other perks.

  • Personalized framework: Flexible self-service request processes with role-based access controls to provision, manage and handle lifecycles of Groups, sites, and Teams–and to expedite service requests
  • Custom navigation: Power Platform integration to build a custom user interface, if desired
  • Constant monitoring: Automatic deployment and monitoring of new policies for existing and new Microsoft 365 and SharePoint on-premises objects without throttling or negatively impacting users
  • Deep analytics: Focused dashboards to analyze permissions within the context of sensitivity and business requirements

microsoft 365

A focus on lifecycle management is just as important as provisioning. What happens, for instance, to the artifacts left behind (such as a SharePoint site and conversation history) when a Team no longer has reason to exist?

Without an automated solution, there are limited recertification options for Groups and Teams. And building your own takes substantial effort that must simultaneously meet the needs of systems, administrators, and your user base.

AvePoint Cloud Governance can handle it all.

This solution offers fully automated access reviews and attestations for Groups, sites, and Teams — including explicit permissions on individual files, which are at the root of most oversharing risks in Microsoft 365. A thorough review and update of workplace-level metadata and ownership is also part of the process.

As you plan or evolve your governance strategy, it’s important to not only consider the needs of today but the challenges and opportunities ahead. Collaboration and data management, as we all know, will only grow more complex. No matter how you procure it, having a framework that’s agile, attentive, and easy to use is critical to long-term success.


For more Microsoft 365 insights be sure to subscribe to our blog!

Murugan is a Senior Solutions Engineer at AvePoint.

View all posts by Murugan B.
Share this blog

Subscribe to our blog