Enforce rules for MS Teams templates

Microsoft Teams offers several templates to help with the creation of a new team. But to what extent do these templates provide a framework to control the teams creation? Users can make additional changes after creating a team to work around limitations.

We point out the advantages and disadvantages of the native MS Teams templates. We also show you how to enforce rules and policies and delegate administration. This is possible with Teams templates from my-IAM TeamSpace – even beyond the capabilities of the team owner.

Standard templates in MS Teams can be changed

Quick creation of new teams without guidelines

If a company decides to open up the creation of new teams in MS Teams to users, there are limited controls in place.

First of all, Microsoft offers a number of native templates to help create a team, such as templates for project management, help desk organization and more.

Users choose the template that best suits their needs. However, only some essential things are predefined in these templates, such as:

• a selection of channels
• a selection of apps

Then the user decides whether it should be a private, public or organization-wide team, gives the team a name and a description – and it is created. When deciding what type of team it should be, the visibility and availability of the team to others is set at the same time. Private teams are not visible for all non-members and cannot be found in the MS Teams search.

It is also possible to create a team without a template. With a few quick bits of information, this is done.

In summary, it can already be stated at this point: The native template of MS Teams has the purpose of quickly setting up a team with suitable default settings. However, it does not contain any hard guidelines.

Set policies in the Entra ID portal

Now, Microsoft offers the option to establish certain policies that make Teams creation not quite so permissive. For this, an administrator must define the settings in the Microsoft Teams Admin Center and in the Entra ID Portal.

Using the group naming policies, it is possible to set an expiration date, block words, and add prefixes or suffixes that automatically appear in the team name when the team is created. However, the choice of attributes is limited here. Also, tests have shown that only one naming policy can be set, which then applies to all groups.

Please also read our article “Define Teams naming policies“.

Users can change templates in MS Teams

The question now is: can the user make further adjustments? Basically yes. Once the team is created, users (team owners) can further customize the teams.

As soon as the team appears in the Teams overview, an owner can customize the team’s members, channels, settings, tabs, and other elements. This includes member and guest permissions:

A team owner can allow his guests to create or even delete channels. The possibilities for customization are manifold and give the owner a lot of freedom.

Advantages and risks of MS Teams templates at a glance

The advantages of creating new teams with the native Microsoft templates are:

• Speed = Users simply select the appropriate template and create a new team in a few steps.
• Simplicity = There are no complicated prompts that require background knowledge.
• Customizability = Templates provide a predefined structure. Team owners can make individual adjustments afterwards and configure their team according to their own judgement.

On the other hand, there are also risks that drive many companies to disable the teams creation:

• Lack of transparency = If all users continuously create new teams, there will soon be more teams than employees.
• Redundant teams = If too many teams are created, it often happens in practice that teams are created twice and then not used.
• Orphaned teams = If a team owner leaves the company and does not appoint a new owner, the company temporarily loses control over the management of the team. If local IT managers in branch offices or business units do not have access to the Teams Admin Center, teams become orphaned. For example, the team’s content and files may become obsolete or irrelevant, and new members will not know how to access the team.
• Insufficient group naming policies = The naming conventions in Teams apply equally to all groups. Differentiation between templates or teams categories is not feasible. Therefore, enforcing strict guidelines in team naming is not really possible.
• Secuity risks = The MS Teams templates may contain pre-configured settings and permissions that may not comply with an organization’s security policy (e.g., allow guest access or not). This may result in confidential information being disclosed to unauthorized users or security breaches. The team owner can change all settings and channels that originate from the template afterwards.
• Lack of consistency = Templates are only standardized in their creation. They do not contain hard rules. Thus, it is not ensured that all teams from one template will remain the same.

The level of security provided by an MS Teams template ultimately depends on how it is used and configured.

Enforce hard rules for Teams templates with my-IAM TeamSpace

Site conditions and naming rules

If a company wants to implement hard rules when creating new teams, my-IAM TeamSpace comes to the rescue. The cloud solution is directly integrated with MS Teams and serves as a tool to enforce stricter policies.

Organizations can manage team creation entirely through my-IAM TeamSpace and allow access to the app to differently trained groups of people.

Go directly to my-IAM TeamSpace

First of all, it is possible to create different categories as templates, similar to MS Teams. Depending on the selection of the category, different settings appear, which can be configured as desired. A whole bundle of MS Teams settings can be hidden behind a button or a setting.

The categories (TeamSpace templates) are characterized by individual and advanced settings. For example, it is possible to assign one or more location(s) or business unit(s) to a new team during creation, which will affect the visibility of the team.

In the example below, selecting the locations “Dresden” and “Hamburg” means that only the local helpdesks/IT units in these two locations can see and edit this team.

The TeamSpace categories also include the naming conventions. Words and special characters can be blocked here, and prefixes and suffixes can be defined, so that the team name is formed with strict specifications as a result. A difference to MS Teams settings is that

• all attributes can be defined as values 
• different naming policies can be defined per template.

A major added value of TeamSpace templates are the multi-value combinations in naming. This means that selecting multiple locations can potentially have an impact on the name. It depends on what is configured in the category. For example, one can define the suffix with “-{Location}” or “_{Branch}”. The value in the brackets {} will then be replaced with the value in the “Location” field, or if multiple locations are selected, then the value will be replaced with “Multi”.

In addition, a timeline can be added to each team, after which the team is archived or deleted.

Visibility and security of the teams

The visibility and security controllers are at the heart of my-IAM TeamSpace. The controllers define who can see, edit, and collaborate with a team. Through these sliders, companies have the ability to granularly determine who is allowed to do what with teams. This is done in advance via a detailed configuration that maps all the different scenarios.

Depending on the team category, the visibility and security settings differ. The intermediate levels of the slider can be configured individually. So in this case the setting:

• Visibility “Department” = The team is visible only to employees of the department and team members.
• Security “Standard” = Data and content accessible to defined group of people (internal & external).
• External guests are allowed based on the predefined security setting.

When moving the security controller, the guest access changes in this case:

• Visibility “Department” = The team is visible only to employees of the department and team members.
• Security “Restricted” = Data and content accessible to defined group of people (internal) .
• External guests are not allowed.

Consequently, with my-IAM TeamSpace, security settings are strengthened and compliance specifications are set directly during team creation.

Summary

The native templates in Teams are helpful for creating new teams quickly, but leave the door open for changes. Security issues or unified category-based teams is not something organizations can expect. Setting policies across admin centers and portals requires a good understanding of the various options Microsoft offers. However, these are often not sufficient.

With my-IAM TeamSpace, you take charge of MS Teams authorization management with an assertive tool and establish strict rules that take effect immediately for team owners and members.

Contact us if you are not satisfied with MS Teams templates and want a more customized solution.

Contact us today