在 Teams 中规划管理Plan for governance in Teams

Teams提供了一组丰富的工具,用于实现组织可能需要的任何管理功能。Teams provides a rich set of tools to implement any governance capabilities your organization might require. 本文指导 IT 专业人员提出正确的问题,以确定其监管要求以及如何满足这些要求。This article guides IT pros to ask the right questions to determine their requirements for governance, and how to meet them.

提示

观看以下会话,详细了解治理Microsoft Teams:治理、管理和Microsoft TeamsWatch the following session to learn about more about Governance in Microsoft Teams: Governance, management and lifecycle in Microsoft Teams

组和团队创建、命名、分类和来宾访问Group and team creation, naming, classification, and guest access

组织可能要求对团队的命名和分类方式、来宾是否可以添加为团队成员以及可以创建团队的严格控制。Your organization might require that you implement strict controls on how teams are named and classified, whether guests can be added as team members, and who can create teams. 可以使用 Azure AD Azure Active Directory (和敏感度) 配置这些区域。You can configure these areas by using Azure Active Directory (Azure AD) and sensitivity labels.


- - -
An icon depicting decision points 决策点Decision points
  • 组织是否需要团队的特定命名约定?Does your organization require a specific naming convention for teams?
  • 团队创建者是否需要能够将组织特定的分类分配给团队?Do team creators need the ability to assign organization-specific classifications to teams?
  • 是否需要限制按团队将来宾添加到团队的能力?Do you need to restrict the ability to add guests to teams on a per-team basis?
  • 组织是否需要限制可以创建团队的人?Does your organization require limiting who can create teams?
An icon depicting the next steps 后续步骤Next steps
  • 记录组织对团队创建、命名、分类和来宾访问的要求。Document your organization’s requirements for team creation, naming, classification, and guest access.
  • 计划实施这些要求作为实施计划的一Teams部分。Plan to implement these requirements as a part of your Teams rollout.
  • 沟通并发布策略Teams告知用户预期的行为。Communicate and publish your policies to inform Teams users of the behavior they can expect.

备注

限制组和团队创建可能会降低用户的工作效率,因为许多 Microsoft 365 Office 365 服务需要创建组才能让服务正常运行。Limiting group and team creation can slow your users’ productivity, because many Microsoft 365 and Office 365 services require that groups be created for the service to function. 有关其他信息,请导航到 并展开"为什么控制谁创建组Microsoft 365组"。For additional information, navigate to and expand Why control who creates Microsoft 365 Groups.

其他信息Additional information

确定要求后,可以使用 Azure AD 控件实现它们。After you’ve determined your requirements, you can implement them by using Azure AD controls. 有关如何实现这些设置的技术指南,请参阅:For technical guidance on how to implement these settings, see:

组和团队过期、保留和存档Group and team expiration, retention, and archiving

组织可能还需要设置过期、保留和存档团队的策略,以及将团队数据 (频道消息和频道) 。Your organization might have additional requirements for setting policies for expiration, retention, and archiving teams and teams data (channel messages and channel files). 可以将组过期策略配置为自动管理组的生命周期和保留策略以根据需要保留或删除信息,也可以存档团队 (将其设置为只读模式) 以保留不再处于活动状态的团队的时间点视图。You can configure group expiration policies to automatically manage the lifecycle of the group and retention policies to preserve or delete information as needed, and you can archive teams (set them to read-only mode) to preserve a point-in-time view of a team that’s no longer active. 请注意,存档的团队将继续应用过期策略,除非排除或续订,否则可能会被删除。Note that teams that are archived continue to have the expiration policy applied and may be deleted unless excluded or renewed.

- -
描述决策点的图标
决策点Decision points
  • 组织是否需要为团队指定到期日期?Does your organization require specifying an expiration date for teams?
  • 组织是否需要对团队应用特定的数据保留策略?Does your organization require specific data retention policies be applied to teams?
  • 您的组织是否期望能够存档非活动团队,以将内容保留为只读状态?Does your organization expect to require the ability to archive inactive teams to preserve the content in a read-only state?
描述后续步骤的图标
后续步骤Next steps
  • 记录组织对团队过期、数据保留和存档的要求。Document your organization’s requirements for team expiration, data retention, and archiving.
  • 在推出新计划过程中,计划Teams这些要求。Plan to implement these requirements as part of your Teams rollout.
  • 沟通并发布策略Teams告知用户预期的行为。Communicate and publish your policies to inform Teams users of the behavior they can expect.

提示

使用下表捕获组织的要求。Use the following table to capture your organization’s requirements.

功能Capability 详细信息Details 需要 Azure AD 高级版许可证Azure AD Premium license required 决定Decision
过期策略Expiration policy 通过设置过期Microsoft 365管理组生命周期。Manage the lifecycle of Microsoft 365 groups by setting an expiration policy. P1P1 TBDTBD
保留策略Retention policy 在安全与合规中心中设置保留策略,Teams保留或删除&数据。Retain or delete data for a specific time period by setting retention policies for Teams in the Security & compliance center. 注意:使用此功能需要获得 E3 Microsoft 365或Office 365 企业版许可。Note: Using this feature requires licensing of Microsoft 365 or Office 365 Enterprise E3 or above. 不支持No TBDTBD
存档和还原Archive and restore 当团队不再处于活动状态,但你想要保留该团队供参考或将来重新激活时,请将其存档。Archive a team when it’s no longer active but you want to keep it around for reference or to reactivate in the future. 不支持No TBDTBD

备注

组过期是 Azure AD 高级版功能。Group expiration is an Azure AD Premium feature. 若要提供此功能,租户必须具有 Azure AD 高级版订阅,以及配置设置和受影响组成员的管理员的许可证。For this feature to be available, your tenant must have a subscription to Azure AD Premium and licenses for the administrator who configures the settings and the members of the affected groups.

其他信息Additional information

有关如何实现这些设置的技术指南,请参阅:For technical guidance on how to implement these settings, see:

组和团队成员身份管理Group and team membership management

对于需要快速载入和下载或用户和来宾的团队来说,必须一致地管理基于项目的成员或受限组的成员。Consistently managing members of project based, or restricted groups are necessary for teams that require rapid onboarding and offboarding or users and guests. 您的组织可能还需要确保所有当前成员都有在团队中的业务理由。Your organization may also need to make sure all current members have the business justification to be in a team. 管理成员可能比较困难,因为团队所有者可以离开,并且用户在项目结束时或更改角色时通常不会自行离开组。Managing members can be hard because team owners can leave and users don’t usually leave groups on their own accord when a project ends or when they change roles. 管理组成员身份(允许用户根据需要获取访问权限,但确保组没有不当访问风险)最好的方法是通过两个区域流程:权利管理和访问评审。The best way to manage group membership that allows users to get access when needed but ensure the group doesn't have a risk of inappropriate access is through two district processes: entitlement management and access reviews.

权利 管理允许您委派给项目经理等人员,以将所需的所有资源(包括团队成员身份)收集到单个包中。Entitlement management allows you to delegate to someone, such as a project manager, to collect all the resources that are needed, including teams memberships, into a single package. 他们还可以定义谁可以提出请求:租户中的用户或其他连接的组织的用户。They can also define who can make requests: either users in your tenant or from other connected organizations. 项目经理将在电子邮件中收到访问请求,在 MyAccess 门户中批准或拒绝请求。The project manager will receive access requests in their email and approve or deny requests in the MyAccess portal. 管理员可以配置访问条件,以包括过期日期或期限,除非续订访问权限,否则将用户或来宾从团队中删除。Administrators can configure the conditions of access to include an expiry date or period by when the user or guest will be removed from the team unless access is renewed. 管理员还可以设置与团队关联的组,以参与访问评审。Administrators can also set up the groups associated with teams to take part in access reviews. 对于 访问评审,组所有者将收到定期提醒,提醒他们审阅团队成员。For access reviews, the group owners will receive regular reminders to review the members of a team. 访问评审包括建议,使组所有者可以更轻松地完成其常规证明过程。Access reviews include recommendations, which makes it easier for group owners to go through their regular attestation process.

- - -
An icon depicting decision points 决策点Decision points 组织是否需要一致的流程来管理一个或多个团队的成员身份?Does your organization require a consistent process for managing membership of one or more teams?
组织是否需要所有者或成员本身定期证明他们持续成为一个或多个团队的成员身份的理由?Does your organization require owners, or the members themselves, to justify their continued membership of one or more teams on a regular basis?
组织是否需要用户和来宾批准,以请求访问团队、组、SharePoint和应用等资源?Does your organization require approval for users and guests to request access to resources including teams, groups, SharePoint sites, and apps?
An icon depicting the next steps 下一步?Next steps? 记录每个团队或特定团队的成员资格到期的组织要求。Document your organizations requirements for each team or specific teams for membership expiry.
规划组织如何在访问包中将团队、SharePoint、网站和应用捆绑在一起。Plan how your organization can bundle teams, groups, SharePoint sites, and apps together in access packages.
规划哪些人员(例如请求者经理、项目经理、已连接组织的发起人或组织中安全主管)需要批准或拒绝访问请求。Plan which people, such as the requestor's manager, a project manager, a sponsor for a connected organization or a security officer in your organization will need to approve or deny access requests.

提示

使用下表捕获组织的要求。Use the following table to capture your organization’s requirements.

功能Capability 详细信息Details 需要 Azure AD 高级版许可证Azure AD Premium license required 决定Decision
访问评审Access reviews 设置访问评审,定期重新认证特定团队的成员身份Setup access reviews to recertify the membership of specific teams at regular interval P2P2 TBDTBD
权利管理Entitlement management 设置访问包以允许用户和来宾请求访问团队Setup access package to allow users and guests to request access to teams P2P2 TBDTBD

备注

为帮助你提前规划 ,请详细了解他们需要哪些许可证To help you plan ahead, learn more about what licenses they require.

其他信息Additional information

有关如何实现这些设置的技术指南,请参阅:For technical guidance on how to implement these settings, see:

Teams功能管理Teams feature management

治理和生命周期管理的另一个重要方面Teams是能够控制用户有权访问的功能。Another important aspect of governance and lifecycle management for Teams is the ability to control what features your users will have access to. 您可以在组织级别或Microsoft 365或Office 365管理消息、会议以及呼叫功能。You can manage messaging, meeting, and calling features, either at the Microsoft 365 or Office 365 organization level or per-user.

- -
描述决策点的图标
决策点Decision points
  • 组织是否需要限制Teams租户的功能?Does your organization require limiting Teams features for your entire tenant?
  • 组织是否需要限制Teams特定用户的功能?Does your organization require limiting Teams features for specific users?
描述后续步骤的图标
后续步骤Next steps
  • 记录组织在租户和用户Teams限制功能的要求。Document your organization’s requirements for limiting Teams features at the tenant and user level.
  • 计划在推出新计划过程中实现Teams要求。Plan to implement your specific requirements as part of your Teams rollout.
  • 沟通并发布策略Teams告知用户预期的行为。Communicate and publish your policies to inform Teams users of the behavior they can expect.

Teams功能管理重点区域Teams feature management focus areas

Teams策略提供精细的功能,用于控制消息传递、会议、呼叫和实时事件功能等。Teams provides granular capabilities for controlling messaging, meeting, calling, and live event features and more, via policies. 默认情况下,可以按组织要求将不同的策略应用到所有用户或按用户应用。Different policies can be applied to all users by default or per user as required by your organization.

有关所有设置的详细列表,包括有关如何为组织实施这些设置的技术指南,请参阅以下文章:For detailed lists of all settings, including technical guidance on how to implement them for your organization, see the following articles:

此外,您可以为频道设置审查,并授予特定用户的审查方功能,以便他们可以控制谁可以创建频道帖子并回复他们。Additionally, you can set up moderation for a channel and give moderator capabilities to certain users so that they can control who can create channel posts and respond to them. 有关详细信息,请参阅在 Microsoft Teams 中设置和管理频道审核。See Set up and manage channel moderation in Microsoft Teams for more information.

安全性和合规性Security and compliance

Teams基于 Microsoft 365 和 Office 365 的高级安全性和符合性功能,并支持审核和报告、符合性内容搜索、电子发现、法定保留和保留策略。Teams is built on the advanced security and compliance capabilities of Microsoft 365 and Office 365 and supports auditing and reporting, compliance content search, e-discovery, Legal Hold, and retention policies.

重要

如果组织有合规性和安全性要求,请查看安全与合规性概述一文(在安全与合规方面概述)中提供的有关Microsoft Teams。If your organization has compliance and security requirements, review the in-depth content provided about this topic in the article Overview of security and compliance in Microsoft Teams.

Teams 的管控快速入门Governance quick start for Teams

Microsoft 365安全与合规&指南Microsoft 365 licensing guidance for security & compliance