Microsoft 365 Communityver1fromMS

Tell us about your PDF experience.
Microsoft 365 Community Content

Learn about Microsoft 365 from the community! All content is community generated.
Basics and Definitions
ｂ GET STARTED
Glossary
Follow Microsoft 365 on Social Media
Microsoft 365 Search Technologies
What is a Site Column?
What is a Content Type?
Groups in Microsoft 365 and Azure, and Which is Right for You
What kind of apps can you build on Microsoft 365?
Query String URL Tricks for SharePoint and Microsoft 365
Use the Government Cloud for SharePoint and Microsoft 365
Microsoft 365 Better Practices
ｄ TRAINING
Accessibility by Design
Content Type Propagation
OneDrive PC Folder Backup Benefits for End Users
Why Microsoft 365 adoption projects fail
Microsoft Teams Naming Best Practices
Maturity Model for Microsoft 365
ｄ TRAINING
Learn about the Maturity Model

SharePoint Better Practices
ｄ TRAINING
Site Builder/Owner - New Site Checklist
Versioning in SharePoint
Planning Permissions with Group-based SharePoint Sites when you're used to Regular
SharePoint Permissions
Importing Data
SharePoint Naming Guidelines
Why SharePoint Training is Important
Building great content for your Intranet
Identifying Your SharePoint Champions
Empowering Your SharePoint Champions
File Naming on an Intranet
Information Architecture
ｄ TRAINING
Information Architecture - Site Topology
Information Architecture - Managed Metadata vs Lookup columns
Living Large with Large Lists and Large Libraries
Creating Useful Views for Lists & Libraries
How Do Site Columns Become Managed Properties - Thus Available for Search?
Document Sets for Fast Legacy Process Automation
Taking Advantage of the Content Type Inheritance Model in SharePoint
List Formatting 101
Effective Communication
ｄ
ｄ TRAINING
The Principles of Communication
The Principles of Search
The Evolution of Company-wide Email Communication to SharePoint News
How to Share Org-Wide Communication in Microsoft 365
Making Better Decisions
ｐ CONCEPT
Team site vs Communication site - Which one should I choose?
List columns or Site columns - which one to choose?
Changing Microsoft Teams from private to public - What to expect in SharePoint
A Guided Tour Designed to Help You Select an Effective Navigation Strategy
Auto Apply Retention Labels in Office 365 Using Content Types and Metadata
Can Machine Learning be used to assign managed metadata attributes for items?
Designing your solution for scale
Should I store my files in Microsoft Teams or in SharePoint?
Defining a Power Platform Environment Strategy
What Task Management Tool is Right For Me
Useful Scenarios
ｐ CONCEPT
Library scenarios
Using site designs to manage project life cycles
Working with Cascading Lists in SharePoint and Power Apps
Document Lifecycle Scenarios
Power Automate - Send SharePoint files as attachments
How can I use Learning Pathways in my organization?
Advanced Highlighted Content Web Part
i h d h l f l ll b i
Using Shared Channels for External Collaboration
Using Shared Channels for Internal Collaboration
Automation
ｃ HOW-TO GUIDE
Working with modern client-side pages using PnP PowerShell
Should everyone create Teams? A Low Code Provisioning solution
Benefits of using PowerShell with SharePoint
Security
ｐ CONCEPT
Managing SharePoint Online Security: A Team Effort
Basic Security Set Up for Microsoft 365
Managing External Guests in SharePoint vs Teams
Teams Shared Channels for Admins
The Power Platform Data Loss Prevention (DLP) policies you should be considering on Day 1
In Preview
ｐ CONCEPT
Yet another Tool? Why you will probably love Project Moca aka Outlook Spaces
References
ｉ REFERENCE
Microsoft Office official documentation
FastTrack onboarding and adoption services
Find a SharePoint certified partner

d a S a e o t ce t ed pa t e
Visit the SharePoint community
Learn how to be a Community Contributor

Microsoft 365 Glossary
Article • 09/26/2022 • 80 minutes to read
７ Note
This is an open-source article with the community providing support for it. For
official Microsoft content, see Microsoft 365 documentation.
As with any technology, there are lots of terms we toss around to explain things. Just
understanding what each term means can be half the battle. Whether you are entirely
new to Microsoft 365 or have been using it for years, there are always new terms to
learn. The fact that Microsoft uses common English words for many capabilities can add
an additional layer of confusion.
This Glossary is an attempt to demystify some of the terms and acronyms we use every
day in working with the platform. See one missing? Feel free to add an Issue with what
you want added.
Also consider checking out the additional glossaries listed in the Additional Resources
section.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Access
Microsoft Access is a database program which is part of the Microsoft Office suite of
products.
Access Reviews
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently
manage group memberships, access to enterprise applications, and role assignments.
User's access can be reviewed on a regular basis to make sure only the right people
have continued access.
Accessibility
There is no limit to what people can achieve when technology reflects the diversity of all
who use it. Microsoft are dedicated to providing accessibility tools and features that
help people achieve more at home, school, and work.
Active Directory Federation Services (AD FS)

Active Directory Federation Service (AD FS) enables Federated Identity and Access
Management by securely sharing digital identity and entitlements rights across security
and enterprise boundaries. AD FS extends the ability to use single sign-on functionality
that is available within a single security or enterprise boundary to Internet-facing
applications to enable customers, partners, and suppliers a streamlined user experience
while accessing the web-based applications of an organization.
Activity Explorer
Activity explorer provides a historical view of activities on your labeled content. The
activity information is collected from the Microsoft 365 unified audit logs, transformed,
and made available in the Activity explorer UI. Activity explorer reports on up to 30 days
worth of data.
Adaptive Cards
Adaptive Cards are a platform-agnostic method of sharing and displaying blocks of
information without the complexity of customizing CSS or HTML to render them. You
author Adaptive Cards in JSON format, with integrations that cloud apps and services
can openly exchange. When delivered to a specific host, such as Microsoft Teams, the
JSON is transformed into native UI that automatically adapts to its host. Therefore,
process designers can now offer consistent UI patterns whenever they need to display
information as part of a business process/automation.
Adaptive Scopes (Retention)

Adaptive scopes as a new feature is currently in preview and subject to change. The
alternative option is a static scope, which provides the same behavior before adaptive
scopes were introduced and can be used if adaptive scopes don't meet your business
requirements.
Administrative units
Administrative units restrict permissions in a role to any portion of your organization
that you define. You could, for example, use administrative units to delegate the
Helpdesk Administrator role to regional support specialists, so they can manage users
only in the region that they support.
Advanced eDiscovery
The Advanced eDiscovery solution in Microsoft 365 builds on the existing Microsoft
eDiscovery and analytics capabilities. Advanced eDiscovery provides an end-to-end
workflow to preserve, collect, analyze, review, and export content that's responsive to
your organization's internal and external investigations.
Alert Policies
You can use the alert policy and alert dashboard tools in the Microsoft Purview
compliance portal or the Microsoft 365 Defender portal to create alert policies and then
view the alerts generated when users perform activities that match the conditions of an
alert policy.
Always on VPN
Always On VPN provides a single, cohesive solution for remote access and supports
domain-joined, nondomain-joined (workgroup), or Azure AD–joined devices, even
personally owned devices.
App
An App is a term in SharePoint that means a packaged extension or customization that
you can add to a site. An app can simply be a list that you add to a site to store
information, or it can be a package that installs web parts that are available to use on
pages, customizations that give you extra functionality within existing lists and libraries,
or it could be an entire application that runs outside of SharePoint but has the ability to
read and write back to your SharePoint site.
App Catalog
As a SharePoint or global admin in Microsoft 365, you can acquire solutions from the
SharePoint Store or distribute custom apps that can be used across SharePoint,
Microsoft Teams, and Viva Connections. The first step in acquiring solutions is to have an
App Catalog you can use to store and distribute solutions.
Application Customizer
See SharePoint Framework
Application Lifecycle Management (ALM)

Set of standards and processes to analyze, design, build, test and deploy a software
solution. Modern ALM typically is an iterative process which allows for the incremental
improvement and development and implementation of application features.
App Protection Policies

App protection policies (APP) are rules that ensure an organization's data remains safe
or contained in a managed app. A policy can be a rule that is enforced when the user
attempts to access or move "corporate" data, or a set of actions that are prohibited or
monitored when the user is inside the app. A managed app is an app that has app
protection policies applied to it, and can be managed by Intune.
Application Proxy
Azure Active Directory's Application Proxy provides secure remote access to on-
premises web applications. After a single sign-on to Azure AD, users can access both
cloud and on-premises applications through an external URL or an internal application
portal.
Attack Simulator
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2,
which includes Threat Investigation and Response capabilities, you can use Attack
simulation training in the Microsoft 365 Defender portal to run realistic attack scenarios
in your organization. These simulated attacks can help you identify and find vulnerable
users before a real attack impacts your bottom line.
Audit Log
Use the audit log search tool in Microsoft Purview compliance portal to search the
unified audit log to view user and administrator activity in your organization.
Authenticator App
The Microsoft Authenticator app provides an additional level of security to your Azure
AD work or school account or your Microsoft account and is available for Android and
iOS. With the Microsoft Authenticator app, users can authenticate in a passwordless way
during sign-in, or as an additional verification option during self-service password reset
(SSPR) or Azure AD Multi-Factor Authentication events.
Azure Active Directory (AAD)

Azure Active Directory is the Microsoft 365 source for all identity management, and
much more. For example, Microsoft 365 Groups and applications permissions are stored
in AAD.
Azure AD Connect
Azure AD Connect is an on-premises Microsoft application that's designed to meet and
accomplish your hybrid identity goals.
Azure AD Connect Cloud Sync

Azure AD Connect cloud sync is new offering from Microsoft designed to meet and
accomplish your hybrid identity goals for synchronization of users, groups and contacts
to Azure AD. It accomplishes this by using the Azure AD cloud provisioning agent
instead of the Azure AD Connect application. However, it can be used alongside Azure
AD Connect sync.
Azure Information Protection (AIP)

A cloud solution that supports labeling of documents and emails to classify and protect
information. Labeled items can be protected by encryption, marked with a watermark or
restricted to specific actions or users and is bound to the item. This cloud based solution
relies on Azure Rights Management Service (RMS) for enforcing restrictions.
Azure Marketplace
The Microsoft commercial marketplace is a catalog of solutions from our independent
software vendor (ISV) partners. As an ISV member of the Microsoft Partner Network, you
can create, publish, and manage your commercial marketplace offers in Partner Center.
Your solutions are listed together with our Microsoft solutions, connecting you to
businesses, organizations, and government agencies around the world.
Azure Virtual Desktop
Azure Virtual Desktop is a desktop and app virtualization service that runs on the cloud.
With Azure Virtual Desktop, you can set up a scalable and flexible environment.
B2B
Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature
within External Identities that lets you invite guest users to collaborate with your
organization.
B2C
Azure Active Directory B2C provides business-to-customer identity as a service. Your
customers use their preferred social, enterprise, or local account identities to get single
sign-on access to your applications and APIs.
Backup
Always a hot topic. There is no native traditional backup and restore capability within
Microsoft 365. The link to the left shows Microsoft’s stance in relation to backup of
Exchange Online as an example. Third-party products are available, but are they worth it,
and are they needed? The debate goes on.
Billing
Learn how to buy and manage business subscriptions, perform license management
tasks, and manage billing and payments for your business accounts with Microsoft.
Best Practices
Best practices for collaborating with Microsoft 365.
Bookings
Microsoft Bookings is for scheduling and managing appointments. Bookings includes a
web-based booking calendar and integrates with Outlook to optimize your staff’s
calendar and give your customers flexibility to book a time that works best for them.
Bring your own device (BYOD)

As you develop your strategy to enable employees to work remotely on their own
devices (BYOD), you need to make key decisions in the scenarios to enable BYOD and
how to protect your corporate data. Fortunately, EMS offers all of the capabilities you
need in a comprehensive set of solutions.
Business Premium (Microsoft 365)

Microsoft 365 Business Premium brings together best-in-class Office apps and powerful
cloud services with comprehensive security that helps protect your business against
advanced cyber threats.
Business Standard (Microsoft 365)

Get work done and increase efficiency with Microsoft 365. Collaborate in real time with
teamwork tools that are always up to date. Plus, get professional email and online
storage—all with built-in security to help keep your data safe.
Business Data Services (BDS)
Calendar
Calendars in Exchange Online mailboxes are available for users. Shared, Resource, and
Room mailbox calendars are also available.
Camel Case
In programming, Camel case is the practice of naming variables or controls by
capitalizing all words except the first, giving the name a look like a camel's hump.
Examples: iPad , intQuantity , myEmailAddress .
See Wikipedia . Also see Pascal Case
CAML (Collaborative Application Markup Language)

An XML fragment used by SharePoint to define the internal structure of sites, lists, fields,
views and content types, declaratively, also used to query data in SharePoint lists to
selectively retrieve data.
Channels
Channels in Microsoft Teams are dedicated sections within a team to keep conversations
organized by specific topics, projects, and disciplines! Files that you share in a channel
(on the Files tab) are stored in SharePoint.
Citizen Developer
A user whose job definition does not include any development activities and/or without
formal software development training, but who nevertheless creates new business
applications for consumption by others using development and runtime environments
sanctioned by corporate IT.
Classic SharePoint
Classic SharePoint refers to the user interface (UI) that was available starting in
SharePoint 2013 - what you might think of as the blue and white UI. Classic SharePoint
uses master pages and page layouts for content structuring. These capabilities were
built on the .NET framework.
Column Formatting
Column Formatting is a SharePoint feature that allows users to customize the display of
fields in Document Libraries and Lists. Colors, icons, images and other elements are used
to highlight content and improve the user experience. Links are used to make content
actionable.
Some columns types, like Date and Choice, include ready made design templates. All
column types allow for advanced formatting using JSON code.
Command Set
Communication Compliance
Protecting sensitive information and detecting and acting on workplace harassment
incidents is an important part of compliance with internal policies and standards.
Communication compliance in Microsoft 365 helps minimize these risks by helping you
quickly detect, capture, and take remediation actions for email and Microsoft Teams
communications. These include inappropriate communications containing profanity,
threats, and harassment and communications that share sensitive information inside and
outside of your organization.
Communication Site
A Communication Site is generally used to communicate from a smaller group to a
larger group. For this reason, Communication Sites are often used in Intranets.
Community
The Microsoft Technical Community is a wonderful place. If you are not using it then you
are truly missing out.
Compliance
If your organization needs to comply with legal or regulatory standards, start with the
link to the left to learn about compliance in Microsoft 365.
Compliance Center
The Microsoft Purview compliance portal provides easy access to the data and tools you
need to manage to your organization's compliance needs.
Conditional Access
Azure Active Directory (Azure AD) Conditional Access brings signals together, to make
decisions, and enforce organizational policies. Conditional Access is at the heart of the
new identity-driven control plane.
Content Delivery Network (CDN)

A content delivery network (CDN) is a distributed network of servers that can efficiently
deliver web content to users. CDNs' store cached content on edge servers in point-of-
presence (POP) locations that are close to end users, to minimize latency.
Content Explorer
The data classification content explorer allows you to natively view the items that were
summarized on the overview page from within the Microsoft Purview compliance portal.
Content Query Web Part

The Content Query Web Part (CQWP) is a web part available in Classic SharePoint that
allows rolling up of content across lists and sub sites. The content returned is limited to
only the site collection the web part is in. This web part has been replaced by the
Highlighted Content web part in Modern SharePoint which gets around the site
collection limitation.
Content Search
Use the Content search tool in the Microsoft Purview compliance portal to quickly find
email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations,
and instant messaging conversations.
Content Types
Content types help make it easy to provide consistency across a site. You create or
customize a content type with the characteristics that you want, such as a certain
template, specific metadata, and so on.
Content Type
See: What is a Content Type?
Content Type Gallery

The Content Type Gallery is the modernized view of the Content Type Hub in the
SharePoint Admin Center's Content Services Content type gallery. It provides a modern
view of the Content Types defined there, and will eventually provide more sophisticated
content management tools.
Content Type Hub

The Content Type Hub is a Site Collection where you can manage Content Types and
Site Columns which should be available across your entire tenant. The Content Type Hub
is older technology and generally is used less than in the past, primarily because it is
slow to publish and it published to all Site Collections in the tenant. There is a
modernized view of the Content Type Hub in the SharePoint Admin Center's Content
Services Content Type Gallery.
Crawled Property
A Crawled Property is one of the basic units of the Search Schema. They are created
automatically by the SharePoint Search Indexer (or Crawler) when it is discovering
content that can be searched. The information stored in Crawled Properties is made
available in queries by mapping them to Managed Properties.
Customer Digital Experiences (CDX)

Microsoft Customer Digital Experiences (CDX), is a portfolio of immersed digital
experiences to demonstrate Microsoft technology and product with hands-on
interaction, orchestrated by Microsoft sellers, partners or marketers. There are three
major types of experiences: demos, interactive guide, and Customer Immersion
Experience.
Customization
Improving specific aspects of SharePoint functionality by changing settings through the
end user interface. See also SharePoint Framework
Cyber Essentials Plus

This is a UK government-backed scheme designed to help organizations assess and
mitigate risks from common cyber security threats to their IT systems. It identifies
security controls for an organization to have in place within their IT systems. Cyber
Essentials scheme is a requirement for all UK government suppliers handling any
personal data.
Cyber Security Reference Architectures

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s
cybersecurity capabilities. The diagrams describe how Microsoft security capabilities
integrate with Microsoft platforms and 3rd party platforms like Microsoft 365, Microsoft
Azure, 3rd party apps like ServiceNow and salesforce, and 3rd party platforms like
Amazon Web Services (AWS) and Google Cloud Platform (GCP).
D
Data Loss Prevention (DLP)

In Microsoft 365, you implement data loss prevention by defining and applying DLP
policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive
items across Microsoft 365 services, Office Applications, endpoint devices, non-
Microsoft cloud apps, and on-premises file storage (including SharePoint).
Data Protection Impact Assessment (DPIA)

The General Data Protection Regulation (GDPR) introduces new rules for organizations
that offer goods and services to people in the European Union (EU), or that collect and
analyze data for EU residents no matter where you or your enterprise are located.
Microsoft Dataverse
Microsoft Microsoft Dataverse is the premium data backbone that enables people to
store their data in a scalable and secure environment dynamically. Microsoft Dataverse
enables organizations to look at data as a service spun up on-demand to meet ever-
changing business needs.
Microsoft Dataverse for Teams

Microsoft Dataverse for Teams is a built-in, low-code data platform for Microsoft
Teams, and provides relational data storage, rich data types, enterprise grade
governance, and one-click solution deployment for Power App solutions built for, and
within Microsoft Teams.
Microsoft Dataverse for Teams is built upon Microsoft Dataverse, and provides a 'lite'
version equivalent, for free, under the existing licensing requirements of Microsoft 365.
Defender
Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that
natively coordinates detection, prevention, investigation, and response across
endpoints, identities, email, and applications to provide integrated protection against
sophisticated attacks.
Defender for Cloud Apps

Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) is
a Cloud Access Security Broker (CASB) that supports various deployment modes
including log collection, API connectors, and reverse proxy. It provides rich visibility,
control over data travel, and sophisticated analytics to identify and combat cyberthreats
across all your Microsoft and third-party cloud services.
Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to
help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Defender for Identity

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known
as Azure ATP) is a cloud-based security solution that leverages your on-premises Active
Directory signals to identify, detect, and investigate advanced threats, compromised
identities, and malicious insider actions directed at your organization.
Defender for Office 365

Microsoft Defender for Office 365 safeguards your organization against malicious
threats posed by email messages, links (URLs), and collaboration tools.
Delve
Use Delve to manage your Microsoft 365 profile, and to discover and organize the
information that's likely to be most interesting to you right now - across Microsoft 365.
Denial of Service Defence Strategy

Microsoft's strategy to defend against network-based distributed denial-of-service
(DDoS) attacks is unique due to a large global footprint, allowing Microsoft to utilize
strategies and techniques that are unavailable to most other organizations. Additionally,
Microsoft contributes to and draws from collective knowledge aggregated by an
extensive threat intelligence network, which includes Microsoft partners and the broader
internet security community. This intelligence, along with information gathered from
online services and Microsoft's global customer base, continuously improves Microsoft's
DDoS defense system that protects all of Microsoft online services' assets.
Desktop Analytics
Desktop Analytics is a cloud-based service that integrates with Configuration Manager.
The service provides insight and intelligence for you to make more informed decisions
about the update readiness of your Windows clients. Desktop Analytics is deprecated
and will be retired on November 30, 2022.
Development Operations (DevOps)

DevOps generally refers to both the automation of recurring processes and the
improvement of those processes over time.
Direct Access
DirectAccess allows connectivity for remote users to organization network resources
without the need for traditional Virtual Private Network (VPN) connections. With
DirectAccess connections, remote client computers are always connected to your
organization - there is no need for remote users to start and stop connections, as is
required with VPN connections. In addition, your IT administrators can manage
DirectAccess client computers whenever they are running and Internet connected.
Direct Routing
You're ready to add cloud voice workloads to Microsoft Teams, and you've decided to
use your own telephony carrier for Public Switched Telephone Network (PSTN)
connectivity by using Phone System Direct Routing. With Direct Routing, you can use
Phone System with virtually any telephony carrier.
Disaster Recovery (DR)

The planning and practice of ensuring systems are available when a disaster occurs or
that they can be restored as quickly as possible.
DKIM
DKIM is one of the trio of Authentication methods (SPF, DKIM and DMARC) that help
prevent attackers from sending messages that look like they come from your domain.
DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) works
with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to
authenticate mail senders and ensure that destination email systems trust messages
sent from your domain.
Document Library
Document Libraries are a primary storage location in SharePoint and Microsoft Teams. A
Document Library is a special type of list where documents or other files are added as
items, but no further file attachments can be added. Other files are added as separate
entries in the library.
By default, every file uploaded to a Document Library is created with a Content Type of
Document.
Domains
Custom domains can be added into Microsoft 365. Your company might need multiple
domain names for different purposes. For example, you might want to add a different
spelling of your company name because customers are already using it and their
communications have failed to reach you.
Dynamics 365
Dynamics 365 is a set of intelligent business applications that helps you run your entire
business and deliver greater results through predictive, AI-driven insights.
E1 licencing (Office 365)

Office 365 E1 includes web-based apps like Excel and Outlook integrated with cloud
services like OneDrive and Teams that enable productivity from anywhere.

Office 365 E3 is a cloud-based suite of productivity apps and services with information
protection and compliance capabilities included.
E3 licencing (Microsoft 365)

Microsoft 365 E3 combines best-in-class productivity apps with core security and
compliance capabilities.

Office 365 E5 is a cloud-based suite of productivity apps combined with advanced voice,
analytics, security, and compliance services.
E5 licencing (Microsoft 365)

Microsoft 365 E5 combines best-in-class productivity apps with advanced security,
compliance, voice, and analytical capabilities.
eDiscovery
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic
information that can be used as evidence in legal cases. You can use eDiscovery tools in
Microsoft 365 to search for content in Exchange Online, OneDrive for Business,
SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer.
Endpoint Manager
Microsoft Endpoint Manager helps deliver the modern workplace and modern
management to keep your data secure, in the cloud and on-premises. Endpoint
Manager includes the services and tools you use to manage and monitor mobile
devices, desktop computers, virtual machines, embedded devices, and servers.
Entitlement Management
Azure Active Directory (Azure AD) entitlement management is an identity governance
feature that enables organizations to manage identity and access lifecycle at scale, by
automating access request workflows, access assignments, reviews, and expiration.
Enterprise Applications
The Microsoft identity platform supports authentication for a variety of modern app
architectures, all of them based on industry-standard protocols such as OAuth 2.0 or
OpenID Connect.
Enterprise Content Types

Content Types and Site Columns that are defined in the Content Type Hub, then
published to all Site Collections in the tenant.
Enterprise Mobility + Security

Microsoft Enterprise Mobility + Security (EMS) is an intelligent mobility management
and security platform. It helps protect and secure your organization and empowers your
employees to work in new and flexible ways.
Excel
From planning meals to comparing colleges, linked data types help achieve goals by
bringing data on a variety of subjects right into Excel. Easily browse data, add to
workbooks, and work with it the way you want.
Exchange Online
Exchange Online is part of the Microsoft 365 and Office 365 suite of products and
provides email functionality to users.
Exchange Web Services (EWS)

Exchange Web Services (EWS) provides many operations that enable you to access
information from the Exchange store. The articles in this section provide information
about the overall structure of the requests, responses, and error response messages for
EWS operations, as well as XML examples for each operation. They provide an overview
of the message structures that are sent between the client and the server. You can use
this information to debug message structures and to find information about what you
can do in an EWS request.
F1 licence
Empower your frontline workforce with a secure, intuitive and connected experiences.
Protect and secure your organization and empower your frontline to work in new and
flexible ways. Equip your frontline workforce with powerful communication,
collaboration and productivity experiences.
F3 licence
Empower your frontline workforce to achieve more. Equip frontline workers with
powerful and intuitive tools that deliver a connected and secure experience. Transform
business processes with customized apps and workflow automation to save time and
money. Safeguard company assets with intelligent security that won’t slow down
frontline productivity.
Farm
A set of on premises servers that hosts the SharePoint application, including SQL servers
that host the SharePoint databases. A Farm can be single server or multi-tiered
architecture containing multiple servers.
Family Edition (M365)

One convenient subscription for up to 6 people. Includes premium Office apps, up to
6TB of cloud storage – 1 TB per person – and advanced security for all your devices.
FIDO2
Sign in to web-based applications with your Azure AD account using a FIDO2 security
key.
Field Customizer
File Plan
Although you can create and manage retention labels from Information governance in
the Microsoft Purview compliance portal, file plan from Records management has
additional management capabilities.
First Release
Deprecated - please see Targeted Release.
Flat SharePoint Architecture

In the modern SharePoint experience, sub-sites are not recommended. In the new “flat”
world of modern SharePoint, plan to create one site for each discrete topic, task, or unit
of work. This will allow you to easily distribute management and accountability for each
content collection and support your ability to move sites around in your navigational
architecture without breaking links.
Flow (Power Automate)

Flows in Power Automate is a service that you can use to automate repetitive tasks to
bring efficiencies to any organisation. You can create cloud flows, desktop flows, or
business process flows.
Folders
With your files saved to OneDrive, SharePoint, or Teams, you can create files and folders
to manage your work.
FormatDateTime function in a Flow

Customize/format Date and Time values in a flow
Formatting list views (SharePoint)

In Microsoft 365, Microsoft Lists, and SharePoint Online, you can improve the display of
views in lists by adding formatting. The view formatting text describes the elements that
are displayed and their display styles.
Forms
Microsoft Forms allows your users to quickly and easily create custom quizzes, surveys,
questionnaires, registrations and more.
Formula bar (PowerApps)

One of the most used items in the canvas authoring experience is the formula bar where
everyone crafts their expressions.
Front Door (Azure)

Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge
network to create fast, secure, and widely scalable web applications.
Frontline workforce
Frontline workers are employees whose primary function is to work directly with
customers or the general public providing services, support, and selling products, or
employees directly involved in the manufacturing and distribution of products or
services. Your frontline workforce is essential to your business. Invest in them with
simple, intuitive, and secure solutions from Microsoft 365
Fundamentals
Microsoft 365 Certified: Fundamentals is a certification to prove that you understand the
options available in Microsoft 365 and the benefits of adopting cloud services, the
Software as a Service (SaaS) cloud model and implementing Microsoft 365 cloud service.
GCC
To meet the unique and evolving requirements of the United States Federal, State, Local,
and Tribal governments, as well as contractors holding or processing data on behalf of
the US Government, Microsoft offers the Office 365 Government GCC environment.
GCC High
To meet the unique and evolving requirements of the United States Department of
Defense, as well as contractors holding or processing DoD controlled unclassified
information (CUI) or subject to International Traffic in Arms Regulations (ITAR), Microsoft
offers GCC High and DoD environments.
GDPR
The General Data Protection Regulation (GDPR) introduces new rules for organizations
that offer goods and services to people in the European Union (EU), or that collect and
analyze data for EU residents no matter where you or your enterprise are located.
GitHub
GitHub is where over 73 million developers shape the future of software, together and
contribute to the open source community,
Global Administrator
Users with this role have access to all administrative features in Azure Active Directory,
as well as services that use Azure Active Directory identities like the Microsoft 365
Defender portal, the Microsoft Purview compliance portal, Exchange Online, SharePoint
Online, and Skype for Business Online. Furthermore, Global Administrators can elevate
their access to manage all Azure subscriptions and management groups.
Global Reader
Users in this role can read settings and administrative information across Microsoft 365
services but can't take management actions. Global Reader is the read-only counterpart
to Global Administrator.
Governance
Microsoft Purview Data Lifecycle Management provides capabilities to govern your data
for compliance or regulatory requirements.
Graph API
The Microsoft Graph API offers a single endpoint, Microsoft Graph , to provide access
to rich, people-centric data and insights in the Microsoft cloud, including Microsoft 365,
Windows 10, and Enterprise Mobility + Security. You can use REST APIs or SDKs to
access the endpoint and build apps that support Microsoft 365 scenarios, spanning
across productivity, collaboration, education, people and workplace intelligence, and
much more.
Graphical User Interface (GUI)

A graphical user interface (GUI) is a user interface that incorporates graphical elements,
such as windows, icons, and buttons – unlike a command-line interface (CLI), which is
text-based.
Group Policy Analytics

Analyse and move workloads to Microsoft Endpoint Manager and Intune with Group
Policy Analytics
Groups
Add members to groups in Microsoft 365 to simplify administration.
Group
A Group in SharePoint can generally refer to one of three things. It may mean:
SharePoint Group
A container to organize users and other security groups. A SharePoint group can be
assigned permission levels on an object such as a site, a list or library, a folder or a
document (or page, or item). Generally only a Site Owner can manage who is in a
SharePoint Group.
Microsoft 365 Group

A Microsoft 365 Groups is a concept which lets the members of the Group easily
collaborate. It provides a collection of resources such as a shared Outlook mailbox
including a shared calendar, a SharePoint Team site with a document library and a
Notebook, as well as a Planner Board, a Power BI workspace and a Stream Video portal.
A Group is the foundation of a Microsoft Teams Team. A Team gives users within that
Group channels to collaborate in the context that is relevant to their work and the ability
to have scheduled and ad-hoc meetings. Teams can be public (they can be accessed by
everyone inside of the organization), private (users need to be invited explicitly) or org-
wide (everyone in the organization is automatically a member of this team). Roles and
permissions are simplified to Owner (create, delete, manage memberships), Member
(collaborate, create channels and add tabs) and Guest. Guests are outside of the
organization and need to be added explicitly as an External User, otherwise they can't
see nor access a Team. They can only work in the structure provided to them, which
means they can't add tabs, apps or channels.
Security Group
A security group is a container of users defined in Active Directory, one or more of these
can be added to SharePoint Groups. Adding users in the security groups applies
permissions in SharePoint.
H
Headspace (Microsoft Viva Insights)

Viva Insights has introduced a curated set of guided meditations and Focus music from
Headspace. Reach these resources on the Home page to help you start your day
grounded, relax your mind before a big presentation, or find focus before starting an
important project. In just a few minutes a day, meditation and mindfulness with
Headspace can help you decrease stress and increase focus.
Health Attestation
The Device Health Attestation (DHA) service validates the TPM and PCR logs for a device
and then issues a DHA report.
Hello for Business (Windows)

In Windows 10, Windows Hello for Business replaces passwords with strong two-factor
authentication on devices. This authentication consists of a new type of user credential
that is tied to a device and uses a biometric or PIN.
Highlighted Content Web Part

The Highlighted Content Web Part allows you to roll up content from allows you to
specify content sources, sorting and filtering, and layout options.
As with all web parts in SharePoint, this we part will only display content which the
current user has permission to see.
Hololens
An ergonomic, untethered self-contained holographic device with enterprise-ready
applications to increase user accuracy and output.
Home Site
A Home site is the top site of your intranet. It is a Communication Site with a few extra
superpowers:
The Home Site is the destination for the home icon in the SharePoint mobile app.
The Home Site provides an organization-wide search scope, making ALL content in
your tenant findable.
The Home Site is set up as an organization news site.
Home sites are intended for use as the landing page for your organization. There is only
one Home Site per tenant allowed and its set using PowerShell
Hub Site
A Hub Site is a SharePoint site that can have other sites associated to it. This allows you
to group sites by department, region, or project, etc. Features such as News, Events, and
Highlighted Content can be used to produce rolled up views of content - like pages and
documents from the associated sites - on a page on the Hub Site.
Hybrid Exchange
A hybrid deployment offers organizations the ability to extend the feature-rich
experience and administrative control they have with their existing on-premises
Microsoft Exchange organization to the cloud. A hybrid deployment provides the
seamless look and feel of a single Exchange organization between an on-premises
Exchange organization and Exchange Online.
Hybrid Identity
Today, businesses, and corporations are becoming more and more a mixture of on-
premises and cloud applications. Users require access to those applications both on-
premises and in the cloud. Managing users both on-premises and in the cloud poses
challenging scenarios. Microsoft’s identity solutions span on-premises and cloud-based
capabilities. These solutions create a common user identity for authentication and
authorization to all resources, regardless of location. This is called hybrid identity.
Idempotent
In a development sense, idempotent means that code you run more than once with the
same inputs will always produce the same outputs. In other words, you can always
expect the same effects, no matter how many times you do something.
Identity Models
Microsoft 365 uses Azure Active Directory (Azure AD), a cloud-based user identity and
authentication service that is included with your Microsoft 365 subscription, to manage
identities and authentication for Microsoft 365. Getting your identity infrastructure
configured correctly is vital to managing Microsoft 365 user access and permissions for
your organization.
Information Barriers
Microsoft cloud services include powerful communication and collaboration capabilities.
But suppose that you want to restrict communication and collaboration between two
groups to avoid a conflict of interest from occurring in your organization. Or, perhaps
you want to restrict communication and collaboration between certain people inside
your organization in order to safeguard internal information. Microsoft 365 enables
communication and collaboration across groups and organizations, so is there a way to
restrict communication and collaboration among specific groups of users when
necessary? With information barriers, you can!
Information Governance
Microsoft Purview Data Lifecycle Management provides capabilities to govern your data
for compliance or regulatory requirements.
Information Protection
Implement capabilities from Microsoft Purview Information Protection to help you
discover, classify, and protect sensitive information wherever it lives or travels. MIP
capabilities are included with Microsoft 365 Compliance and give you the tools to know
your data, protect your data, and prevent data loss.
Inheritance
Inheritance refers to the cascading of default site permission levels (i.e. Owner, Member
and Visitor) to site Document Libraries, Lists, Site Pages etc.
Inheritance can be "broken" to allow for unique permissions.
Insider Risk Management

Insider risk management in Microsoft 365 uses the full breadth of service and 3rd-party
indicators to help you quickly identify, triage, and act on risky user activity. By using logs
from Microsoft 365 and Microsoft Graph, insider risk management allows you to define
specific policies to identify risk indicators. After identifying the risks, you can take action
to mitigate these risks.
Intune
Microsoft Intune is a cloud-based service that focuses on mobile device management
(MDM) and mobile application management (MAM). You control how your
organization’s devices are used, including mobile phones, tablets, and laptops. You can
also configure specific policies to control applications.
Javascript
Often abbreviated JS, Javascript is a programming language that is one of the core
technologies of the World Wide Web, alongside HTML and CSS.
Join a Teams meeting

Join a Microsoft Teams meeting from your calendar or sign in as a guest on the web.
Journaling
Journaling can help your organization respond to legal, regulatory, and organizational
compliance requirements by recording inbound and outbound email communications.
When planning for messaging retention and compliance, it's important to understand
journaling, how it fits in your organization's compliance policies, and how Exchange
Online helps you secure journaled messages.
JSON
JSON is a standard format for representing structured data as text. JSON is commonly
used to store data in text files and to exchange data between programs over a network.
JSON files usually have a .json filename extension.
Junk Email
In Microsoft 365 organizations with mailboxes in Exchange Online, organizational anti-
spam settings are controlled by Exchange Online Protection (EOP). For more
information, see Anti-spam protection in EOP. But there are also specific anti-spam
settings that admins can configure on individual mailboxes in Exchange Online:
Just-enough-Access
Just-enough-access is the core principle of Privileged Access Management in Microsoft
365 and enables on-demand access to roles and tasks instead of having them
permanently assigned.
Just-in-Time (JIT) Access

Just-in-Time access is the core principle of Azure AD Privileged Identity Management
and provides users with access to privileged roles on-demand instead of having them
permanently assigned.
Kaizala
Microsoft Kaizala is a mobile app and service designed for large group communications
and work management. Kaizala makes it easy to connect and coordinate work with your
entire value chain, including field employees, vendors, partners, and customers wherever
they are. With Kaizala you efficiently assign and track tasks or collect data with
individuals or large groups–even if they’re not within your organisation.
Kanban
When it comes to day-to-day task management for teams, the Kanban board is a simple
and powerful tool that can have a big impact on your productivity, efficiency, and
bottom line. First popularized in the 1940s by Toyota in Japan, the Kanban solution has a
long history of using physical boards to help visualize potential bottlenecks and manage
and improve workflow. Today, it’s also easy to create digital boards using task
management software, which offers many convenient features and customization to
help you save time and automate processes.
Known Folder Move (KFM)

Known Folder Move (KFM) allows you to automatically backup/redirect your Windows
client's Desktops, Documents, and Pictures folders to OneDrive for Business. It gives you
a transparent way to ensure your local files are never lost. Known Folder Move is now
known as OneDrive PC Folder Backup.
KQL Query Experience (eDiscovery tool)

The new KQL query experience in Microsoft 365 eDiscovery tools search provides
feedback and guidance when you build search queries in Content search, Core
eDiscovery, and Advanced eDiscovery. When you type queries in the editor, it provides
autocompletion for supported searchable properties and conditions and provides lists
of supported values for standard properties and conditions.
Kusto Query Language

Kusto Query Language is a powerful tool to explore your data and discover patterns,
identify anomalies and outliers, create statistical modeling, and more. The query uses
schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and
columns.
Kubernetes (Azure)
Deploy and manage containerised applications more easily with a fully managed
Kubernetes service. Azure Kubernetes Service (AKS) offers serverless Kubernetes, an
integrated continuous integration and continuous delivery (CI/CD) experience, and
enterprise-grade security and governance. Unite your development and operations
teams on a single platform to rapidly build, deliver and scale applications with
confidence.
Learn
Whether you're just starting or an experienced professional, Microsoft Learn training’s
hands-on approach helps you arrive at your goals faster, with more confidence and at
your own pace.
Lens
Office Lens is a great way to capture notes and information from whiteboards, menus,
signs, handwritten memos, or anything with a lot of text. You don’t need to jot down
notes, rely on blurry images, or worry about misplacing anything. It’s great for capturing
sketches, drawings and equations too, and even images without text.
Library
See: Document library
Licensing
Microsoft 365 offers multiple licensing options (Kiosk, F1, E1, etc.), each of which turns
on a different basket of capabilities for the user to whom the license is assigned.
Lighthouse (Azure)
Gain full transparency into service provider actions and manage access without
compromising security. Decide who can access your tenant, what they can access, and
when. Talk to your service partners about implementing these security and access
control protocols for free with Azure Lighthouse.
List
A List in SharePoint is a table used to store information in a SharePoint site. A list has
columns that can be used to store different types of information, and each row in a list
is known as an "Item". SharePoint attempts you to very carefully design lists if you
attempt to store "large" amounts of data (more than 5,000 items), including things like
limiting the number of "Lookup Columns" that can be used. Therefore, if you are
planning on storing more than a few thousand items, be sure to follow Microsoft
guidelines on storing large amounts of data in lists.
An item in a list can have multiple file attachments added. This is useful if you use a
custom list as an Issue Tracker for example, and want to be able to add screenshots to
an item in.
A library is a type of list where documents or other files are added as items, but no
further file attachments can be added.
Live Events (Teams)

With Teams live events, users in your organization can broadcast video and meeting
content to large online audiences. Microsoft 365 live events bring live video streaming
to a new level. Live events encourage connection throughout the entire engagement
lifecycle with attendees before, during, and after live events. You can create a live event
wherever your audience, team, or community resides, using Microsoft Stream, Teams, or
Yammer.
Log Analytics
Log Analytics is a tool in the Azure portal used to edit and run log queries with data in
Azure Monitor Logs. You may write a simple query that returns a set of records and then
use features of Log Analytics to sort, filter, and analyze them.
Logic Apps (Azure)

Azure Logic Apps s a cloud-based platform for creating and running automated
workflows that integrate your apps, data, services, and systems. With this platform, you
can quickly develop highly scalable integration solutions for your enterprise and
business-to-business (B2B) scenarios
Loop
Microsoft Loop is a new app that combines a powerful and flexible canvas with portable
components that stay in sync and move freely across Microsoft 365 apps.
Managed Metadata
Managed Metadata is a SharePoint feature that allows the business to create a hierarchy
of terms that can be used in SharePoint Sites to tag content. This is used by creating the
hierarchy using Term Groups and Term Sets, then adding a column to a list of type
"Managed Metadata" and setting the Term Set to use for tagging. When an item is
added to that list or library, the new column is used to tag that item or document.
Managed Property
A Managed Property is one of the basic units of the SharePoint Search Schema. It's an
entry in the Schema that you refer to when doing search queries that use specific
properties, or when specifying which information you want to return.
Managed Properties can be created (if you have the appropriate permissions), although
SharePoint automatically creates Managed Properties that are useful for a wide range of
scenarios.
Meetings (Teams)
Meetings in Teams include audio, video, and screen sharing. They're one of the key ways
to collaborate in Teams. And you don’t need to be a member of an organization (or
even have a Teams account!) to join a Teams meeting—just look in the invitation for
instructions about calling in.
Meeting Policies (Teams)

Meeting policies are used to control the features that are available to meeting
participants for meetings that are scheduled by users in your organization. You can use
the global (Org-wide default) policy that's automatically created or create and assign
custom policies. You manage meeting policies in the Microsoft Teams admin center or
by using PowerShell.
Meeting Settings (Teams)

As an admin, you use Teams meetings settings to control whether anonymous users can
join Teams meetings, customize meeting invitations, and if you want to enable Quality of
Service (QoS), set port ranges for real-time traffic. These settings apply to all Teams
meetings that users schedule in your organization. You manage these settings from
Meetings > Meeting settings in the Microsoft Teams admin center.
Messaging Policies (Teams)

Messaging policies are used to control which chat and channel messaging features are
available to users (owners and members) in Microsoft Teams. You can use the global
(Org-wide default) policy that's created automatically or create and assign custom
messaging policies.
Mesh
Microsoft Mesh enables presence and shared experiences from anywhere – on any
device – through mixed reality applications.
Metadata
Generically, metadata means information about something else. In SharePoint metadata
is additional information applied to documents, pages, or list items. We use metadata all
the time in our lives, but rarely think of it as metadata. For example, the information we
write on a file we put into a filing cabinet or the way we organize spices in the kitchen is
driven by metadata.
Microsoft Certified Professional (MCP)

A Microsoft Certified Professional (MCP) is a person who has successfully completed
professional training for Microsoft products through a certification program run by
Microsoft.
Microsoft Certified Trainer (MCT)

Microsoft Certified Trainers (MCTs) are the premier technical and instructional experts in
Microsoft technologies. Join this exclusive group of worldwide Microsoft technical
training professionals and reap the benefits of MCT training certification and
membership.
Migration
Microsoft 365 or Office 365 supports several methods to migrate email, calendar, and
contact data from your existing messaging environment to Microsoft 365 or Office 365
as described in Ways to migrate multiple email accounts to Microsoft 365 or Office 365.
Mobile Application Management (MAM)

Intune mobile application management refers to the suite of Intune management
features that lets you publish, push, configure, secure, monitor, and update mobile apps
for your users. MAM allows you to manage and protects your organization's data within
an application. With MAM without enrollment (MAM-WE), a work or school-related app
that contains sensitive data can be managed on almost any device, including personal
devices in bring-your-own-device (BYOD) scenarios. Many productivity apps, such as the
Microsoft Office apps, can be managed by Intune MAM. See the official list of Microsoft
Intune protected apps available for public use.
Mobile Device Management (MDM)

Configuration Manager on-premises mobile device management (MDM) is a device
management solution that relies on the built-in management capabilities of Windows.
This feature is based on the Open Mobile Alliance (OMA) Device Management (DM)
standard.
Modern SharePoint
Modern SharePoint refers to the user interface (UI) that has been available in SharePoint
Online to larger and larger degrees starting in about 2016. Some aspects of the modern
UI are also available in SharePoint 2019 (on premises). Modern SharePoint does not use
many of the underpinnings of classic SharePoint, such as master pages and page
layouts. It is built using more current Web development tools and practices than classic
SharePoint.
Modern Workplace
The nature of work has changed. Employees expect to work securely from anywhere, on
any device, and they put a high premium on work that enriches and fulfills them. When
their productivity tools enhance the quality and effectiveness of their work experience,
they’re happier, more valuable, and more likely to stay. Companies need to provide that
empowerment, but they also need to protect vital IT assets. It’s a fundamental
operational change for your organisation. With Microsoft Modern Workplace solutions,
you can improve employee productivity and satisfaction, and create more seamless
communication and collaboration across locations and platforms while maintaining the
security and integrity of systems and data.
Most Valuable Professional (MVP)

The MVP Award is a global program of recognized technology experts and community
leaders who actively support technical communities through unique, innovative, and
consistent knowledge sharing. These community leaders actively contribute to support
the developer and IT Pro communities worldwide, helping them learn, build, and use our
products. Learn below what seek for recognition in future community leaders.
Multi-Factor Authentication (MFA)

Multi-factor authentication refer to an additional security layer beyond just username
and password. One way it is described is the user name and password shows who you
are based on something you know, and MFA shows who you are by something you
have. The most common example of MFA is the code you get in a text on your phone
when you are logging into sites like your bank or Github.
Namespace
A namespace refers to the conventions we use to determine major and minor names
within a specific domain. For example, we need to use the /sites namespace carefully so
we don't have collisions. If Harold Robinson wants to create a site at /sites/HRm, then
Human Resources will have a problem.
In programming, namespaces can be far more complex - like List.Fields within

Microsoft.SharePoint.Client - but we worry about namespacing in our day-to-day lives,
too. It wouldn't work very well if all our children were named Daryl.
Named Locations
Locations are named in the Azure portal under Azure Active Directory > Security >
Conditional Access > Named locations. These named network locations may include
locations like an organization's headquarters network ranges, VPN network ranges, or
ranges that you wish to block. Named locations can be defined by IPv4/IPv6 address
ranges or by countries.
Network Policy Server (NPS)

The Network Policy server is one of the technologies you’ll need to configure when
deploying Always on VPN.
Network Assessment
In the Microsoft 365 Admin Center's network connectivity, network assessments distill
an aggregate of many network performance metrics into a snapshot of your enterprise
network perimeter health. A network assessment tells you how much the customer
responsible network design is impacting Office 365 user experience.
Network Settings (Teams)

Network settings that are common to Location-Based Routing and dynamic emergency
calling.
Network Topology (Teams)
If your organization is deploying Location-Based Routing for Direct Routing or dynamic
emergency calling, you must configure network settings for use with these cloud voice
features in Microsoft Teams. Network settings are used to determine the location of a
Teams client and include network regions, network sites, subnets, and trusted IP
addresses.
Non Profit licencing

Microsoft Tech for Social Impact is dedicated to providing affordable and accessible
technology and tools to help nonprofits of all sizes achieve their missions. That’s why
Microsoft offer grants and discounts of their products and services to eligible nonprofits
around the world, including Microsoft 365 and Office 365. To qualify for nonprofit grants
and discounts, you must hold recognized charitable status in your country and sign
Microsoft’s non-discrimination policy. Microsoft reserves the right to verify eligibility at
any time and to suspend the service for ineligible organizations.
OAuth
The Microsoft identity platform endpoint for identity-as-a-service implements
authentication and authorization with the industry standard protocols OpenID Connect
(OIDC) and OAuth 2.0, respectively. While the service is standards-compliant, there can
be subtle differences between any two implementations of these protocols.
Objectives and Key Results (OKR)

Many organizations have started to adopt objectives and key results (OKRs). OKRs have
proven to drive alignment in complex work environments, foster innovation, and help
individuals to focus on what matters. The two components comprising OKRs are an
objective and key results for that objective. An objective is the statement of intent: what
is the team trying to accomplish, and why is it important? Key results are specific
outcomes that track impact on the objective.
OBS
Now you can schedule, produce, and deliver live events more effectively for a variety of
scenarios like company wide events, leadership updates, training and more using
Microsoft Stream.
OEM licensing
OEM software is software that comes pre-installed when you purchase a new computer.
When you purchase a new PC it may come with an OEM licensed copy of Windows 11
pre-installed on it.
Office
With Microsoft Office, you can deploy, configure, and manage Office products and
services in your business or school – from small to enterprise scale.
On premises
On premises refers to running servers yourself, whether they are in your physical
building, a data center where you rent space, or at a hosting company that runs servers
specifically for you.
On Premises Data Gateway

The on-premises data gateway acts as a bridge to provide quick and secure data
transfer between on-premises data (data that isn't in the cloud) and several Microsoft
cloud services. These cloud services include Power BI, PowerApps, Power Automate,
Azure Analysis Services, and Azure Logic Apps. By using a gateway, organizations can
keep databases and other data sources on their on-premises networks, yet securely use
that on-premises data in cloud services.
OneDrive for Business

OneDrive for work and school accounts is online storage space in the cloud that's
provided for individual licensed users in an organization. Use it to help protect work files
and access them across multiple devices. OneDrive lets you share files and collaborate
on documents, and sync files to your computer.
OneDrive PC Folder Backup

This capability was originally called Known Folder Move (KFM). It allows you to
automatically backup/redirect your Windows client's Desktops, Documents, and Pictures
folders to OneDrive for Business. It gives you a transparent way to ensure your local files
are never lost.
OneNote
OneNote is a popular note-taking tool that's available online and on many mobile and
tablet platforms. By integrating your apps with OneNote, it's easier than ever to create
empowering apps on your favorite platforms and reach millions of users worldwide.
Open Data Protocol

OData (Open Data Protocol) is an ISO/IEC approved, OASIS standard that defines a set
of best practices for building and consuming REST APIs. It enables creation of REST-
based services which allow resources identified using Uniform Resource Locators (URLs)
and defined in a data model, to be published and edited by Web clients using simple
HTTP messages.
Open Value Program

Microsoft Open Value and Open Value Subscription are a simple, cost-effective way for
small and midsize organizations to acquire the latest Microsoft technology.
Out of the box

Capabilities included with SharePoint without writing any code or doing heavy lifting.
Depending on who you talk to, this definition probably includes a level of customization
including things like creating new sites, lists, and libraries.
Outlook
Microsoft Outlook is an email program for Windows, Mac, and mobile operating
systems. Outlook may be used for personal accounts and also work or school accounts.
Pascal Case
In programming, Pascal case is the practice of naming variables or controls by
capitalizing all words. Examples: TotalQuantity , EmailAddress , ShippingPlant .
See Wikipedia . Also see Camel Case
Patterns and Practices (PnP)

Patterns and Practices (PnP) is an open-source initiative coordinated by SharePoint
engineering. This community controls SharePoint development documentation, samples,
reusable controls, and other relevant open-source initiatives related to SharePoint
development.
Permission Level
A Permission Level is a set of specific permissions such as "Add an item" or "Edit Lists".
SharePoint comes with a set of Permission Levels as standard, such as "Contribute" or
"Design", which have different capabilities.
Custom Permission Levels can be created for business-specific scenarios, such as "Can
add documents but not delete" by choosing the correct options, and applied to a User
or Group.
Phishing
Phishing attacks attempt to steal sensitive information through emails, websites, text
messages, or other forms of electronic communication. They try to look like official
communication from legitimate companies or individuals.
Planner
Microsoft Planner is an intuitive, collaborative task management tool that enables
people to plan, manage, and complete task-based initiatives. Users assign and manage
tasks on a Kanban board using task cards, which they can populate with various
important plan information, such as due dates, status, checklists, labels, and file
attachments. Planner integrates with several Microsoft solutions, including Microsoft
Teams. As a web-based tool, Planner is accessible from anywhere and available as a
mobile app for both iOS and Android.
PnP
See Patterns and Practices
PowerApps
Power Apps is a low-code/no-code development platform that provides a means for
both Citizen Developers and Pro-Developers to build custom apps for your business
needs.
Using Power Apps, you can quickly build custom business apps that connect to your
business data stored either in the underlying data platform (Microsoft Dataverse) or in
various online and on-premises data sources (SharePoint, Excel, Microsoft 365, Dynamics
365, SQL Server).
Power Automate
Power Automate is a low-code/no-code workflow platform that helps you create
automated workflows between your favorite apps and services to synchronize files, get
notifications, collect data and more.
Power Automate provides a means to quickly automate your workflows, enable business
logic to simplify app building, and model your processes across connected data sources
and services.
Power BI
Power BI is Microsoft's Business Intelligence and Reporting application. It allows you to
connect and visualize any data using the unified, scalable platform for self-service and
enterprise business intelligence (BI) that’s easy to use and helps you gain deeper data
insight.
Power BI provides a simple, intuitive, easy to use experience for end users to create their
own reports and dashboards.
PowerPoint
Create, share, and effectively present your ideas. Design impactful slides with the help of
Designer in PowerPoint.
PowerShell
PowerShell is an automation scripting language from Microsoft, which was originally
only available on Windows devices, and built on top of the .NET Framework. Since 2016,
we also have PowerShell Core which is open-source, cross-platform, and built on top
of .NET Core.
The version that ships on Windows devices is called Windows PowerShell, and the cross-
platform version is called PowerShell Core, and is also available on Windows.
Power Virtual Agents

Power Virtual Agents (PVA) empowers organizations to create powerful bots using a
guided, no-code graphical interface without the need for data scientists or developers.
Using Power Virtual Agents, you can:
Empower your teams by allowing them to easily build bots themselves without
needing intermediaries, or coding or AI expertise.
Reduce costs by easily automating common inquiries and freeing human agent
time to deal with more complex issues.
Improve customer satisfaction by allowing customers to self-help and resolve
issues quickly 24/7 using rich personalized bot conversations.
Power Platform Data Loss Prevention

A set of policies that can be applied to the Power Platform tenant or environment to
prevent data leakage by grouping connectors deemed for business or personal use to
be used together. Additionally, connectors can be blocked from any use and new
connectors can be added by default to the business, personal, or blocked group as
needed. Custom connectors can also be classified at the environment level.
Power Platform Environment

A Power Platform Environment is a container that administrators can use to manage
apps, automations, connections, and other assets; along with permissions to allow
organizational users to use the resources.
There are multiple types of environments that an organization can create (Developer,
Sandbox, Production). The type indicates the purpose of the environment and
determines its characteristics.
Project
Microsoft Project offers the following applications to help meet your organization's
needs for project and work management:
Project for the web

Project Online
Project Online desktop client
Public Folders
Public folders are designed for shared access and provide an easy and effective way to
collect, organize, and share information with other people in your workgroup or
organization. Public folders help organize content in a deep hierarchy that's easy to
browse. Users will see the full hierarchy in Outlook, which makes it easy for them to
browse for the content they're interested in.
Putability
The term 'putability' is the complement to the term 'findability'; it is a measure of how
easy and obvious it is for content creators to know where to store or create files or other
information in a system. It is linked to elements of UI and UX design, leaning on
information architecture, signposting, and navigation.
QBasic
QBasic is Quick Basic interpreter.This application can be used to run quick basic
program and software developed for your Windows10 desktop or tablet.
QnA Maker
QnA Maker is a cloud-based Natural Language Processing (NLP) service that allows you
to create a natural conversational layer over your data. It is used to find the most
appropriate answer for any input from your custom knowledge base (KB) of information.
QnA Maker is commonly used to build conversational client applications, which include
social media applications, chat bots, and speech-enabled desktop applications.
QR code for Windows 10

CODEX - QR Reader and Generator app is an app to Scan QR Code on Windows from
your Camera or File. It even lets you generate any type of QR Code with no expiration
time for free.
Quantum (Azure)
An open ecosystem that provides access to diverse quantum software, hardware, and
solutions from Microsoft and partners.
Quantum (Microsoft)
Quantum computing presents unprecedented possibilities to solve society’s most
complex challenges. Microsoft is committed to responsibly turning these possibilities
into reality – for the betterment of humanity and the planet. Over decades of research
and development, Microsoft has achieved advancements across every layer of the
quantum stack – including software, applications, devices and controls – and is
delivering true impact today through quantum-inspired classical computing.
Quarantine
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone
Exchange Online Protection (EOP) organizations without Exchange Online mailboxes,
quarantine holds potentially dangerous or unwanted messages. For more information,
see Quarantined email messages in EOP.
Quorum
Quorum is designed to prevent split-brain scenarios which can happen when there is a
partition in the network and subsets of nodes cannot communicate with each other. This
can cause both subsets of nodes to try to own the workload and write to the same disk
which can lead to numerous problems. However, this is prevented with Failover
Clustering's concept of quorum which forces only one of these groups of nodes to
continue running, so only one of these groups will stay online.
RBAC (Azure)
Access management for cloud resources is a critical function for any organization that is
using the cloud. Azure role-based access control (Azure RBAC) helps you manage who
has access to Azure resources, what they can do with those resources, and what areas
they have access to. Azure RBAC is an authorization system built on Azure Resource
Manager that provides fine-grained access management of Azure resources.
RBAC (Azure AD)
Built-in roles are out of box roles that have a fixed set of permissions. These role
definitions cannot be modified. There are many built-in roles that Azure AD supports,
and the list is growing. To round off the edges and meet your sophisticated
requirements, Azure AD also supports custom roles. Granting permission using custom
Azure AD roles is a two-step process that involves creating a custom role definition and
then assigning it using a role assignment. A custom role definition is a collection of
permissions that you add from a preset list. These permissions are the same permissions
used in the built-in roles.
Remote Connectivity Analyzer

The Microsoft Exchange Remote Connectivity Analyzer (ExRCA) helps you make sure
that connectivity for your Exchange service is set up correctly. If you're having problems,
it can also help you find and fix these problems. The ExRCA website can run tests to
check for Microsoft Exchange ActiveSync, Exchange Web Services, Microsoft Outlook,
and internet email connectivity.
Remote Desktop Services

Remote Desktop Services (RDS) is the platform of choice for building virtualization
solutions for every end customer need, including delivering individual virtualized
applications, providing secure mobile and remote desktop access, and providing end
users the ability to run their applications and desktops from the cloud.
Remote Procedure Call (RPC)

Microsoft Remote Procedure Call (RPC) defines a powerful technology for creating
distributed client/server programs. The RPC run-time stubs and libraries manage most
of the processes relating to network protocols and communication. This enables you to
focus on the details of the application rather than the details of the network.
Retention
For most organizations, the volume and complexity of their data is increasing daily—
email, documents, instant messages, and more. Effectively managing or governing this
information is important because you need to:
Comply proactively with industry regulations and internal policies that require you to
retain content for a minimum period of time—for example, the Sarbanes-Oxley Act
might require you to retain certain types of content for seven years.
Reduce your risk in the event of litigation or a security breach by permanently deleting
old content that you're no longer required to keep.
Help your organization to share knowledge effectively and be more agile by ensuring
that your users work only with content that's current and relevant to them.
Rights Management
Azure Rights Management (Azure RMS) is the cloud-based protection technology used
by Azure Information Protection. Azure RMS helps to protect files and emails across
multiple devices, including phones, tablets, and PCs by using encryption, identity, and
authorization policies. For example, when employees email a document to a partner
company, or save a document to their cloud drive, Azure RMS's persistent protection
helps secure the data.
Risk Management
Gain visibility into user activities, actions, and communications with native signals and
enrichments from across your digital estate.
Roadmap
The Microsoft 365 Roadmap lists updates that are currently planned for applicable
subscribers.
Robotic Process Automation (RPA)

In factories and manufacturing organizations, robots are nothing new. For decades,
they’ve been improving productivity and freeing up workers to focus on other, higher-
level tasks. And now that same level of productivity increase is coming to companies
where employees perform high-volume business, IT support, and workflow processes—
thanks to RPA.
Roll up
Rolling up content refer to the practice of consolidating a specific set of content from
multiple locations. Common examples are:
News from all sites associated with a Hub Site

Events from all sites associated with a Hub Site
More complex roll ups are also possible using the Highlighted Content Web Part or
custom code.
Root Site
The base address in a web application or tenant for the first SharePoint Site collection.
Typically, defined without use of managed paths ("/sites/" or "/teams/"), for example
https://mytenant.sharepoint.com . In an on-site installation, there may be a vanity URL
in place, such as https://sharepoint or https://intranet .
SARA
The Microsoft Support and Recovery Assistant works by running tests to figure out
what's wrong and offers the best solution for the identified problem. It can currently fix
Office, Microsoft 365, or Outlook problems. If the Microsoft Support and Recovery
Assistant can't fix a problem for you, it will suggest next steps and help you get in touch
with Microsoft support.
SCCM
Starting in version 1910, Configuration Manager current branch is now part of Microsoft
Endpoint Manager. Version 1906 and earlier are still branded System Center
Configuration Manager.
Screen Recorder
Screenshots work great, but sometimes a quick how-to video can create a more
powerful message. Using Microsoft Stream, you can create short screen recordings of up
to 15 minutes, including your camera and microphone, without any additional software.
SDK (Windows)
The Windows SDK (10.0.22000) for Windows 11 provides the latest headers, libraries,
metadata, and tools for building Windows applications. Use this SDK to build Universal
Windows Platform (UWP) and Win32 applications for Windows 11 and previous
Windows releases.
Seamless Single Sign-on (SSSO)
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically
signs users in when they are on their corporate devices connected to your corporate
network. When enabled, users don't need to type in their passwords to sign in to Azure
AD, and usually, even type in their usernames. This feature provides your users easy
access to your cloud-based applications without needing any additional on-premises
components.
Search
Microsoft Search transforms the way people in your organization find the info they need
—no matter where you are in your cloud journey. Either integrated with Microsoft 365
or as a standalone solution, Microsoft Search is a secure, easily managed, enterprise
search experience that works across all of your applications and services to deliver more
relevant search results and increase productivity.
Search Schema
The Search Schema refers to the customizable data dictionary used by SharePoint
Search to allow users to query for and return specific information from SharePoint using
the available Search tools, such as the Search Results web part in Classic SharePoint or
the Search REST API.
Secure Score
Microsoft Secure Score is a measurement of an organization's security posture, with a
higher number indicating more improvement actions taken. It can be found in the
Microsoft 365 Defender portal.
Self-service password reset (SSPR)

Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the
ability to change or reset their password, with no administrator or help desk
involvement. If a user's account is locked or they forget their password, they can follow
prompts to unblock themselves and get back to work. This ability reduces help desk
calls and loss of productivity when a user can't sign in to their device or an application.
Microsoft recommend this video on how to enable and configure SSPR in Azure AD.
Sensitive information type

A defined pattern of data that can be identified in order to be protected by DLP or
sensitivity labels. Common examples include social security numbers, credit card
numbers but can also include any type of data considered sensitive by the organization
that matches a pattern.
Sensitivity labels
Sensitivity labels from the Microsoft Purview Information Protection solution let you
classify and protect your organization's data, while making sure that user productivity
and their ability to collaborate isn't hindered.
Sentinel
Microsoft Sentinel is a scalable, cloud-native, security information and event
management (SIEM) and security orchestration, automation, and response (SOAR)
solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence
across the enterprise, providing a single solution for attack detection, threat visibility,
proactive hunting, and threat response.
Session Border Controller (SBC)

Microsoft partners with selected Session Border Controllers (SBC) vendors to certify that
their SBCs work with Direct Routing.
SharePoint Framework
The SharePoint Framework (also known as SPFx) is a way for developers to extend
SharePoint online, Microsoft Teams and in a slightly more limited way SharePoint 2019
and SharePoint 2016. This framework provides a scaffold for developers to build client-
side custom extensions which may include:
Web Parts - functionality that can be added to a page. Web parts can also be
extended as tabs in Microsoft Teams.
Application Customizers - which are extensions that run on every page of a site
and allow the developer to add visible or non-visible content to the page via the
top or bottom placeholder
Field Customizers - which allow the developer to build modified renderings of
fields in a list.
Command Sets - which extend the command surface in lists to provide custom
actions.
SharePoint Home Page
Soon to be known as the SharePoint Start Page, this page (at
/_layouts/15/sharepoint.aspx in your tenant) provides a personalized view of SharePoint
based on who you are. You see:
A rolled up collection of News based on the sites you are following
Sites you are following
Sites you frequently visit
Sites you've visited recently
Featured links, curated by your tenant admins
Suggested sites based on your activity, powered by the Office Graph
SharePoint Start Page

See SharePoint Home Page
SharePoint Online
Microsoft SharePoint is a cloud-based service that helps organizations share and
manage content, knowledge, and applications to empower teamwork, quickly find
information, and seamlessly collaborate across the organization.
SharePoint Server
Beautiful and fast, familiar yet intuitive, SharePoint Server 2019 gives you instant access
to people, applications, and content. You’ll spend less time searching for information
and more time working with it.
Shifts
Shifts, the schedule management tool in Teams, keeps your frontline workforce
connected and in sync. It's built mobile first for fast and effective schedule management
and communications. With Shifts, frontline managers and workers can seamlessly
manage schedules and keep in touch.
Single Sign-on (SSO)

With SSO, your teams can use just one set of login credentials to conveniently access all
their apps. No more memorizing multiple credentials or reusing passwords.
Site
In modern SharePoint, a site refers to a modern site. (In classic SharePoint, the term was
often used for both sites and sub-sites.)
To developers, a "Site" is a Site Collection, whereas a "web" is a site. Confusing!
Site Column
A Site Column is a metadata column that has been defined at the site level. Site
Columns are available for use in any list or library in the site where it is defined. Site
Columns also become Crawled Properties (See: How Do Site Columns Become Managed
Properties - Thus Available for Search) which can be used to improve search
effectiveness.
Also see: See: What is a Site Column?
Site Collection
A Site Collection is a group of websites that have the same owner and share
administrative settings.
In SharePoint Online, site collections are the top level available to admins, and
visible in the SharePoint Admin Center under "Active Sites".
In SharePoint on-premises, site collections are created within a Web Application,
which is a level higher.
When you create a site collection, a top-level site is automatically created in the site
collection (called root site). You can then create one or more sub-sites below the top-
level site. The entire structure of the top-level site and all its sub-sites is called a site
collection.
SKU
A SKU is a Stock Keeping Unit, and in the context of Microsoft 365, a SKU refers to
licencing bundles available for purchase.
Skype for Business

The on-premises version of Skype for business.
Skype for Business Online

Skype for Business Online retired on July 31, 2021, at which time access to the service
ended. Microsoft Teams is now the hub for teamwork in Microsoft 365.
Spam
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone
Exchange Online Protection (EOP) organizations without Exchange Online mailboxes,
email messages are automatically protected against spam (junk email) by EOP.
SQL
Learn how to use SQL Server and Azure SQL, both on-premises and in the cloud.
SSL Certificate
To encrypt communications between your clients and the Microsoft 365 environment,
third-party Secure Socket Layer (SSL) certificates must be installed on your infrastructure
servers.
Standard Release
Standard Release is an option to receive updates to the Microsoft 365 platform when
they are broadly available to all customers. This is the default option for new tenants
and can be modified later on.
As both Standard and Targeted Release options can be applied to all or certain groups
of users, it is a good practice to leave the majority of users in Standard Release and set
the IT pros and power users in Targeted Release to evaluate new features and prepare
teams to support business users and executives.
Style Library
The Style Library is a document library in the Root Web of a SharePoint site that is used
mainly in Classic SharePoint Sites. One of the purposes of this library is as a recognized
"secure location" to store XSL Templates that are used by the Content Query Web Part
(XSL templates outside of the Style Library cannot be used in Content Query Web Parts).
Store
Download Windows apps for your Windows tablet or computer. Browse thousands of
free and paid apps by category, read user reviews, and compare ratings.
Stream
With video that will be stored in Microsoft 365, the new version of Stream builds on the
rich content management features of SharePoint and unlocks the intelligence of
Microsoft Graph to enhance videos across Microsoft 365. The earlier version of Stream
will now be known as Microsoft Stream (Classic) and the new version will be known as
Microsoft Stream (built on SharePoint) or Stream (on SharePoint).
Subsite
A Site is a container that has lists, libraries, pages, apps, and sites (as children). A site
that is a child of another site is a subsite.
Subsites tend to be less common on Modern SharePoint, as Microsoft recommend the

use of Hub Sites to group together related sites.
Survivable branch Appliance (SBA)

Occasionally, a customer site using Direct Routing to connect to Microsoft Phone
System may experience an internet outage. Assume that the customer site--called a
branch--temporarily cannot connect to the Microsoft cloud through Direct Routing.
However, the intranet inside the branch is still fully functional and users can connect to
the Session Border Controller (SBC) that is providing PSTN connectivity. This is where
using a Survivable Branch Appliance (SBA) will enable Microsoft Phone System to
continue to make and receive Public Switched Telephone Network (PSTN) calls in the
case of an outage.
Sway
Sway is an app from Microsoft Office that makes it easy to create and share interactive
reports, personal stories, presentations, and more.
Synapse Analytics
Azure Synapse Analytics is a limitless analytics service that brings together data
integration, enterprise data warehousing and big data analytics. It gives you the
freedom to query data on your terms, using either serverless or dedicated options – at
scale. Azure Synapse brings these worlds together with a unified experience to ingest,
explore, prepare, transform, manage and serve data for immediate BI and machine
learning needs.
Targeted Release
Targeted Release is an option to receive updates to the platform earlier than with
Standard Release Targeted Release should not be used in production tenants (you need
to decide how you define this), as there are occasions where Target Release functionality
is buggy or is withdrawn. Consider it similar to the old term "beta".
Targeted Release can be enabled in two ways: per tenant and per user. The two different
ways of setting this preference result in different changes. Some updates only make
sense in the context of a tenant (e.g., Communication sites) and others can make sense
in the context of a person. Giving users Targeted Release does not mean they will see all
updates sooner, only those which make sense in a person context.
Finally, once you have Targeted Release turned on, it is very hard to go back. Your users
will be used to new functionality, and you would be removing it. Thus the warning
above about not using Targeted Release in a production tenant is also relevant from a
change management perspective..
Taxonomy
Team Site
Team Sites are generally used to facilitate teamwork. It generally has a set of people with
permissions to work on content collaboratively, though not all people can create or edit
content in all cases.
Teams
Teams is built on Microsoft 365 groups, Microsoft Graph, and the same enterprise-level
security, compliance, and manageability as the rest of Microsoft 365 and Office 365.
Teams leverages identities stored in Azure Active Directory (Azure AD). Teams keeps
working even when you're offline or experiencing spotty network conditions.
Teams Administrator roles
Using Azure Active Directory (Azure AD), you can designate administrators who need
different levels of access for managing Microsoft Teams. Administrators can manage the
entire Teams workload, or they can have delegated permissions for troubleshooting call
quality problems or managing your organization's telephony needs.
Teams Advisor
Advisor for Teams walks you through your Microsoft Teams rollout. It assesses your
Microsoft 365 organization environment and identifies the most common configurations
that you may need to update or modify before you can successfully roll out Teams.
Then, Advisor for Teams creates a Deployment team (in Teams), with channels for each
workload you want to roll out. Each workload in the Deployment team comes with a
comprehensive Planner plan that includes all the rollout tasks for each workload.
Teams Apps
As an admin, you can view and manage all Teams apps for your organization. The
Manage apps page gives you a view into all available apps, providing you with the
information you need to decide which apps to allow or block across your organization.
You can then use app permission policies, app setup policies, and custom app policies
and settings to configure the app experience for specific users in your organization.
Teams Devices
You can manage devices used with Microsoft Teams in your organization from the
Microsoft Teams admin center. You can view and manage the device inventory for your
organization and do tasks such as update, restart, and monitor diagnostics for devices.
You can also create and assign configuration profiles to a device or groups of devices.
Teams Settings
In Teams settings, you can set up features for teams including notifications and feeds,
email integration, cloud storage options, and devices.
Teams Policies
Policies are used to accomplish many tasks in your organization across different areas
such as messaging, meetings, and applications. Some of the things you can do include
allowing users to schedule meetings in a teams channel, enabling users to edit sent
messages, and controlling whether users can pin apps to the Teams app bar.
Teams Rooms
Transform meeting spaces ranging from small huddle areas to large conference rooms
with a rich, collaborative Teams experience that's simple to use, deploy, and manage.
Start meetings on time with one-touch join, then instantly project to the display in the
room and share to remote participants.
Team Templates
A team template in Microsoft Teams is a definition of a team's structure designed
around a business need or project. As an admin, you can use templates to easily deploy
consistent teams across your organization. With templates, your users can quickly create
rich collaboration spaces with predefined settings, channels, and apps.
Teams Update Policies

Public Preview for Microsoft Teams provides early access to unreleased features in
Teams. Previews allow you to explore and test upcoming features. We also welcome
feedback on any feature in public previews. Public preview is enabled per Team user, so
you don’t need to worry about affecting your entire organization.
Teams Upgrade Settings

When you upgrade your Skype for Business users to use Teams, you have several
options to help you make it a seamless process for your users. You have the option to
make coexistence and upgrade settings for all of the users in your organization at once,
or you can make settings changes for a single or set of users in your organization. Note
that older versions of Skype for Business clients may not honor these settings.
Tenant
Creating a path to your organization's digital transformation with cloud computing
requires a firm foundation upon which your workers can rely for productivity,
collaboration, performance, privacy, compliance, and security. Correct configuration of
your Microsoft 365 tenants provides that foundation, leaving your workers to focus on
getting their work done and your IT department to focus on end-to-end solutions that
provide additional business value.
Threat & Vulnerability Management (TVM)
Threat and vulnerability management serves as an infrastructure for reducing
organizational exposure, hardening endpoint surface area, and increasing organizational
resilience.
Threat Analytics
Threat analytics is Microsoft’s in-product threat intelligence solution from expert
Microsoft security researchers, designed to assist security teams to be as efficient as
possible while facing emerging threats.
Threat Policies
Preset security policies provide a centralized location for applying all of the
recommended spam, malware, and phishing policies to users at once. The policy
settings are not configurable. Instead, they are set by us and are based on our
observations and experiences in the datacenters for a balance between keeping harmful
content away from users and avoiding unnecessary disruptions.
Threat Tracker
Threat Trackers are informative widgets and views that provide you with intelligence on
different cybersecurity issues that might impact your company. For example, you can
view information about trending malware campaigns using Threat Trackers.
TLS
Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets
Layer (SSL), is a cryptographic protocol designed to provide communications security
over a computer network. The protocol is widely used in applications such as email,
instant messaging, and voice over IP, but its use in securing HTTPS remains the most
publicly visible.
To Do
Microsoft To-Do is an intelligent task management app that makes it easy to plan and
manage your day. Connect to Microsoft To-Do to manage your tasks from various
services. You can perform actions such as creating tasks.
TPM
Trusted Platform Module (TPM) technology is designed to provide hardware-based,
security-related functions. A TPM chip is a secure crypto-processor that is designed to
carry out cryptographic operations. The chip includes multiple physical security
mechanisms to make it tamper-resistant, and malicious software is unable to tamper
with the security functions of the TPM.
Trials
Get a free trial and you’ll have access to the latest AI-powered apps, 1 TB of cloud
storage per person, and premium mobile features to stay on top of things wherever you
are on any device.
Trust Center
Microsoft Trust Center products are built with data in mind. Microsoft handle your data
securely and in compliance with privacy and legal requirements.
UM Management role group

Members of this role group can manage Exchange Unified Messaging (UM) settings and
features in Exchange Online.
Unified Audit Log

Need to find if a user viewed a specific document or purged an item from their mailbox?
If so, you can use the audit log search tool in Microsoft Purview compliance portal to
search the unified audit log to view user and administrator activity in your organization.
Thousands of user and admin operations performed in dozens of Microsoft 365 services
and solutions are captured, recorded, and retained in your organization's unified audit
log. Users in your organization can use the audit log search tool to search for, view, and
export (to a CSV file) the audit records for these operations.
Unified Communications
Investing in a UC service that delivers a consistent, multi-device, UI and UX platform can
free your organization from the need to download, install, and learn new software. With
the right UC provider, all your communications are streamlined, reducing friction within
your organization.
Unified Labeling
The Azure Information Protection unified labeling client for Windows helps you keep
important documents and emails safe from people who shouldn't see them, even if your
email is forwarded or your document is saved to another location. You can also use this
client to open documents that other people have protected by using the Rights
Management protection technology from Azure Information Protection.
Unique Permissions
Unique Permissions do not inherit default site permission levels and are applied to site
Document Libraries, Lists, Site Pages etc.
Universal Print
Universal Print is a modern print solution that organizations can use to manage their
print infrastructure through cloud services from Microsoft. Learn how to get access.
Universal Print runs entirely on Microsoft Azure. When it's deployed with Universal
Print–compatible printers, it doesn't require any on-premises infrastructure. Universal
Print is a Microsoft 365 subscription-based service that organizations use to centralize
print management through the Universal Print portal. It's fully integrated with Azure
Active Directory and supports single sign-on scenarios.
Update Rings
Create update rings that specify how and when Windows as a Service updates your
Windows 10/11 devices with feature and quality updates. With Windows 10/11, new
feature and quality updates include the contents of all previous updates. As long as
you've installed the latest update, you know your Windows devices are up to date.
Unlike with previous versions of Windows, you now must install the entire update
instead of part of an update.
Update Windows
In Windows 11, you decide when and how to get the latest updates to keep your device
running smoothly and securely. To manage your options and see available updates,
select Check for Windows updates. Or select Start > Settings > Windows Update.
Usage reports
You can easily see how people in your business are using Microsoft 365 services. For
example, you can identify who is using a service a lot and reaching quotas, or who may
not need a Microsoft 365 license at all. Perpetual license model will not be included in
the reports. Reports are available for the last 7 days, 30 days, 90 days, and 180 days.
Data won't exist for all reporting periods right away. The reports become available
within 48 hours.
Usage Summary Reports reader

Assign the Reports Reader or the Usage Summary Reports Reader role to anyone who's
responsible for change management and adoption, but not necessarily an IT
administrator. This role gives them access to the complete Productivity Score experience
in the Microsoft 365 admin Center.
User Administrator role

Assign the User admin role to users who need to Add users and groups, Assign licenses,
Manage most users properties, Create and manage user views, Update password
expiration policies, Manage service requests, and Monitor service health
User Accounts
You can manage Microsoft 365 user accounts in several different ways, depending on
your configuration. You can manage user accounts in the Microsoft 365 admin center,
PowerShell, in Active Directory Domain Services (AD DS), or in the Azure Active Directory
(Azure AD) admin portal.
User data search (eDiscovery)

The Data subject request tool was renamed to User data search in September 2021.
There are a few changes in the tool that reflect the name change, but the functionality is
the same.
User experience (UX)

The user experience (UX) is how people react to and feel about the user interface as they
use it. Web pages can be straightforward and easy to use (good UX) or complex and
confusing (bad UX). Think of UX as the feelings and emotions people have about the
solutions you give them as and after they use them.
User interface (UI)

The user interface (UI) is what you see on the screen: the layout of the page, the controls
you can use to accomplish things (like Web Parts), and where the text and images sit.
View
A View is a way to show data stored in a list or library. It consists of a set of columns that
are shown, and a way to pre-filter and sort the information. A View can be considered as
a rudimentary "Query" against a list that is used when visiting the list or library.
The most common settings we use in views allow us to:
Choose which columns are displayed and in which order

Filter the items based on the values in any of the columns
Group items based on the value of most column types
View Formatting
View Formatting is a SharePoint feature that allows users to customize the display of
rows in Lists using JSON code. Like Column Formatting, colors, icons, images and other
elements are used to highlight content and improve the user experience.
Virtual Hard Disk (VHD)

The Virtual Hard Disk (VHD) format is a publicly-available image format specification
that allows encapsulation of the hard disk into an individual file for use by the operating
system as a virtual disk in all the same ways physical hard disks are used. These virtual
disks are capable of hosting native file systems (NTFS, FAT, exFAT, and UDFS) while
supporting standard disk and file operations. VHD API support allows management of
the virtual disks. Virtual disks created with the VHD API can function as boot disks.
Virtual Machines
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing
resources that Azure offers. Typically, you choose a VM when you need more control
over the computing environment than the other choices offer.
Visio
Find how-to content, sample code, SDK and API documentation, VBA references,
training, and technical articles for developing solutions and customizing Visio.
Virtual Private Networking (VPN)

When you install the DirectAccess and VPN (RAS) role service, you are deploying the
Remote Access Service Gateway (RAS Gateway). You can deploy RAS Gateway as a single
tenant RAS Gateway virtual private network (VPN) server that provides many advanced
features and enhanced functionality.
Viva
An employee experience platform that brings together communications, knowledge,
learning, resources, and insights.
Volume Licencing Service Center (VLSC)

The VLSC is where organizations manage licenses purchased via the following volume
licensing programs: Microsoft Enterprise, Enterprise Subscription, Select Plus, Select,
Academic – Education Enrolment or School Enrolment, Open Value, Open Value
Subscription and Open Licenses programs.
Web Part
A web part is a consolidated piece of functionality that can be added one or more times
to a page. Web parts can be first-party, those created and maintained by Microsoft or
third-party being those created by developers in your own organization, the community
via the PnP, or by a consulting service.
Also see SharePoint Framework

Whiteboard
Microsoft Whiteboard is an infinite, collaborative canvas for effective meetings and
engaging learning. You can use Whiteboard to collaborate with other people and
accomplish many activities, from brainstorming and planning to learning and
workshops.
Windows 365
Windows 365 combines the power and security of the cloud with the versatility and
simplicity of the PC. From contractors and interns to software developers and industrial
designers, Windows 365 enables a variety of new scenarios for the new world of work.
Windows
Windows is Microsoft’s desktop operating system. The current version is Windows.
Windows Autopilot
Windows Autopilot is a collection of technologies used to set up and pre-configure new
devices, getting them ready for productive use. Windows Autopilot can be used to
deploy Windows PCs or HoloLens 2 devices. For more information about deploying
HoloLens 2 with Autopilot, see Windows Autopilot for HoloLens 2.
Windows Defender Application Control (WDAC)

WDAC was introduced with Windows 10 and allows organizations to control which
drivers and applications are allowed to run on their Windows clients. It was designed as
a security feature under the servicing criteria, defined by the Microsoft Security
Response Center (MSRC). WDAC policies apply to the managed computer as a whole
and affects all users of the device.
Windows Hello for Business

Windows Hello provides reliable, fully integrated biometric authentication based on
facial recognition or fingerprint matching. Windows Hello uses a combination of special
infrared (IR) cameras and software to increase accuracy and guard against spoofing.
Major hardware vendors are shipping devices that have integrated Windows Hello-
compatible cameras. Fingerprint reader hardware can be used or added to devices that
don't currently have it. On devices that support Windows Hello, an easy biometric
gesture unlocks users' credentials.
Word
Microsoft Word is a word processing software developed by Microsoft.
XDR (Extended Detection and Response)

Microsoft 365 Defender provides XDR capabilities for end-user environments (email,
documents, identity, apps, and endpoint); and Microsoft Defender for Cloud provides
XDR capabilities for infrastructure and multi-cloud platforms including virtual machines,
databases, containers, and IoT.
XP
No, not the outdated Windows operating system. In this case, XP stands for Experience
Points in Microsoft Learn training.
Yammer
Engaging your people is more critical than ever. Yammer connects leaders,
communicators, and employees to build communities, share knowledge, and engage
everyone. Yammer helps you connect and engage across your organization, so you can
discuss ideas, share updates, and network with others.
Zero-Hour Auto purge (ZAP)

In Microsoft 365 organizations with mailboxes in Exchange Online, zero-hour auto
purge (ZAP) is an email protection feature that retroactively detects and neutralizes
malicious phishing, spam, or malware messages that have already been delivered to
Exchange Online mailboxes. ZAP doesn't work in standalone Exchange Online Protection
(EOP) environments that protect on-premises Exchange mailboxes.
Zero Trust
Today’s organizations need a new security model that more effectively adapts to the
complexity of the modern environment, embraces the hybrid workplace, and protects
people, devices, apps, and data wherever they’re located. Zero Trust is that model.
Additional Resources
Common terms and definitions used in Teams Developer Documentation - While
focused on Teams developers, this glossary defines most of the important
components you see in Microsoft Teams.
Principal authors:
Marc D Anderson, MVP

Peter Rising, MVP
Follow Microsoft 365 on Social Media
７ Note
The Value of Social Media

Given the pace of change in the Microsoft 365 universe, social media have become a
primary source of information and training. The references in this page direct you to
fresh content provided by Microsoft and the community.
Social media also give you direct access to expertise. Use one of the help tags listed
below to get the attention of community experts.
 Tip
Combine product tag with help tag to target your audience.
Example: "Folks who customize #SharePoint list forms with #PowerApps: how do
you back up your customization? #SPhelp"
７ Note
References to Azure and Dynamics 365 are beyond the scope of this document.
General
If you're having general issues with Microsoft 365, be sure to check the Microsoft 365
Service health status page and/or follow @MSFT365Status for information about
any known service incidents.
） Important
You can reach out to Microsoft Customer Service & Support directly on twitter:
@MicrosoftHelps .
Hashtag Official Account
#Microsoft365 @Microsoft365
#MicrosoftDocs @docsmsft
#MicrosoftSearch @MicrosoftSearch
#MicrosoftLearn @MicrosoftLearn
#M365CommDocs @M365CommDocs
#MSUSPartner @MSUSPartner
Messaging and Communications
） Important
Seeking help on Microsoft Teams? Include #MSTeamsHelp in your tweet.
#MicrosoftTeams @MicrosoftTeams
#Microsoft365Groups
#AzureAD @AzureAD
#MSOutlook @Outlook
#MSExchange @MSFTExchange
#Yammer @Yammer
#AdaptiveCards
Content Management
） Important
Seeking help on SharePoint and Content Management? Include #SPhelp in your

tweet.
#SharePoint , #SharePointSpaces @SharePoint
#ProjectCortex , #Syntex @SharePoint
#MicrosoftLists , #ProjectNucleus @SharePoint
#OneDrive @OneDrive
#MicrosoftStream @MicrosoftStream
#MSFTViva
Office Suite
@Office
#OneNote @msonenote
#Excel @msexcel
#MSWord
#PowerPoint @PowerPoint
Power Platform
#PowerPlatform @MSPowerPlat
#PowerApps @MSPowerApps
#PowerAutomate @MSPowerAutomate
#PowerBI , #DAX , #PowerQuery @MSPowerBI
#PowerPages
#PowerVirtualAgents @MSPowerVirtual
#Dataverse
#AIBuilder
Other Apps
#MSVisio @msvisio
#MSProject @project
#MSWhiteboard
#MSForms
@SkypeBusiness
@MS_StaffHub
@sway
@MicrosoftToDo
#ProjectMoca
Development
#SPFx @Microsoft365Dev
#MicrosoftGraph @Microsoft365Dev
#PnPPowerShell @PnpPowershell
#PnPjs @m365pnpjs
#M365PnP @m365pnp
#CLIMicrosoft365 @climicrosoft365
Security
TBD
Events and User Groups

Hashtag Account Date
Hashtag Account Date
#SPSEvents @SPS_Events Saturdays, globally
#MSBizAppsSummit Spring
#MSInspire May
#MSBuild May
#MSIgnite @MS_Ignite September
#M365UserGroup Year long
#PowerBIUserGroup Year long
#M365Saturday Year long
Environments
The following tags are used in combination with product tags to identify information
specific to a national cloud platform.
Hashtag
#GCC
#GCCH
#DoD
#TeamsForGov
Principal author: Christophe Humbert

Microsoft 365 Search Technologies
７ Note
In Microsoft 365, content can be searched for using various search technologies. The
existing variants are based on the same search index, but differ in usage and
configuration.
A distinction is made between the following possibilities:
Microsoft search (Modern search)

SharePoint search (Classic search with PnP Modern Search Web Parts)
SharePoint search (Classic search)
Microsoft Search (Modern search)

Microsoft Search is based on the Microsoft Search engine, which provides data using
the Microsoft Graph and other sources. Microsoft Search uses AI components and the
Bing algorithm to display the information and data in a more user-friendly way. In most
Microsoft applications, the Microsoft Search Box is available at the top of the header.
Results are displayed in the context of the application. In the Microsoft Productivity
Apps (Word, Excel, PowerPoint, etc.) you can search for content as well as for functions,
e.g. reusable slides. The contents of documents are full-text indexed and it is possible to
search for metadata or content.
Why use Microsoft Search?

Microsoft Search is a standardized search, which is constantly being further developed
by Microsoft and enriched with new functions. The search box is enriched with AI
components and brings the user to the center. The search results in the productivity
applications (such as Word, Excel, PowerPoint) cannot be adjusted. Application-related
functions and documents are displayed.
The Search verticals in Search from office.com and SharePoint online modern sites
contain much-used content in SharePoint and OneDrive. It's possible to create your own
search verticals with Microsoft Search. Custom connectors can also be added as verticals
and are displayed for use in both Microsoft 365 and Microsoft Search in Bing. Some
standard connectors are available, but these can also be added via third-party providers
or through in-house development.
When to use Microsoft Search?

You can consider using Microsoft Search in the following examples:
Unified Search experience in M365 e.g. office.com, SharePoint Online, Office

applications
Standard functions, without adjustments and configuration, Microsoft Search can
be used directly
Use of AI components in the search box
Standard, developed, or third-party connectors
SharePoint Search (Classic Search with PnP

Modern search Web Parts)
SharePoint Search is based on the index of the SharePoint Search Engine and contains
content and documents from SharePoint as well as OneDrive. Content, lists, and their
metadata can be searched. The PnP Modern Search WebParts can be added and
configured on modern SharePoint pages. The SharePoint search engine or the Microsoft
search engine can be used as the data source.
Why use SharePoint Search (PnP Modern Search Web

Parts)?
SharePoint Search is only available within SharePoint and not in the other Microsoft 365
applications or entry pages. To use SharePoint Search on modern sites and pages, the
free PnP Modern Search Web Parts solution must be installed and configured. The
Web Parts can be used to configure search boxes, search verticals, search filters and
search results. The Web Parts are configured so that the information is passed on to the
respective Web Part. Likewise, the visualization of search results can be customized,
several verticals can be integrated, and the filters can be adjusted.
When to use SharePoint Search (PnP Modern Search Web

Parts)?
With the PnP Modern Search Web Parts, SharePoint Search can be customized. Usage is
limited to SharePoint or individual SharePoint sites. Scenarios for the use of SharePoint
Search can be:
SharePoint Search Center

SharePoint application-related search
Search driven application, with the use of dynamic parameters as Search Query
Modern Search in an on premises farm
SharePoint Search (Classic search)

SharePoint Search is configured in the SharePoint admin center. Content from
SharePoint as well as OneDrive is indexed. The content is fully indexed, it can be
searched for content as well as metadata. On classic SharePoint pages on-premises, the
classic SharePoint Search Web Parts can be used. In SharePoint Online, the classic Search
Web Parts are available, but it is an outdated technology and is not evolving.
Why use SharePoint classic search?

In order to customize a search center on a classic SharePoint environment, SharePoint
Search is used and adapted with the classic search Web Parts. The Web Parts for Search
Box, Search Navigation, Search Results as well as refinements can be adapted and
connected to each other so that the search results are adjusted based on the search
input or filter.
When to use SharePoint classic Search?

Classic search can be used on on-premises farms to implement enterprise-wide search
centers. The Search Web Parts can be used in the following scenarios
Classic Search in On-Premises Farm

SharePoint Search Center
SharePoint application-related search
Search driven application, with the use of dynamic parameters as Search Query
When to use which search technology?

Microsoft Search: In Microsoft 365 for a cross-Microsoft 365 application search
SharePoint Search (with PnP Modern search Web Parts): Customized SharePoint
Search Center in Microsoft 365 or SharePoint on premises
SharePoint Search (classic): Customized SharePoint Search Center on SharePoint on
premises
Principal author: David Mehr

What is a Site Column?
７ Note
Basic Idea
A Site Column is a template of a configured column. By creating a Site Column, you can
reuse it anywhere else in the site and not have to manually rebuild its configuration at
each reuse.
When creating a new column in a list or library, you have a choice to either "Create
column" or "Add from existing site columns". Selecting the latter will add a replica of the
Site Column to the location you are working.
You can return to a Site Column's configuration at any time and make changes. Changes
you make to Site Columns are reflected in the places you have used them. This helps
bring consistency to your information architecture, whether within a site or across a
farm or tenant.
Real World Example

When we look at common pieces of paper around the home, we see things with
common fields on them all the time. We have signature fields on checks, contracts,
repair estimates, etc. We have expiration dates on insurance policies, cans of food, and
sweepstakes forms.
On the check below, we can see six individual fields which we use all the time: check
date, pay to the order of, amount, written amount, signature, and memo. (For those of
you outside the USA, you may not see checks very often - if at all!)
Those common fields are something we rarely think about, but they make sense to us
by virtue of their commonality.
Back to Work
In the workplace, we have similar common fields. If we work at a financial institution, the
fields in the check above may be important to us. If we work in a different industry or on
different topics, then we will have our own set of common columns.
For example, if we work with Contracts, we may want reusable columns for Start Date,
Contracted Party, Contract Topic, Expiration Date, etc. Where there is an existing, out of
the box Site Column - as with Start Date - we can choose to use it. In other cases, we
may decide we need to create our own Site Column to represent the field we need.
Extra Detail
Site Columns each have a field type (like Single line of text, Multiple lines of text, Choice
(menu to choose from), Currency ($, ¥, €), Date and Time, etc.) Each Site Column also has
the settings we can use whenever we add a column to a list or library directly, such as
whether the Date/Time column should be Date only or Date & Time or whether the
column should be required.
When we create a Site Column and choose the settings we want, we get a column which
we can add to multiple lists and libraries in the same site. If we want our columns to be
consistent across several sites, we can create them in the Content Type Hub or with Site
Designs. The latter is preferable these days, as the Content Type Hub was built in the
days when we tended to have larger Site Collections, with many subsites.
Summary
Site Columns are a way to instantiate common fields across our organization as part of
an effective information architecture. We can use Site Columns in lists and libraries to
provide consistency. By bundling different combinations of Site Columns together, we
can build Content Types which provide reusable structures with benefits in display and
search.
Principal author: Marc D Anderson, MVP

What is a Content Type?
７ Note
Basic Idea
The easy answer here is a Content Type is a type of content, but that isn't very helpful. A
Content Type is like a business object: something that you move around your desk or
computer every day.
SharePoint comes with some out of the box Content Types which represent generic
things - like Item and Document - and some others which may be the same as what we
use - like Event. When we create a new Content Type in SharePoint, we inherit from one
of these generic Content Types and embellish it to represent the object we work with.
Real World Example

You work with Content Types at home every day. You probably have grocery lists, bills,
and maybe a mortgage around your house right now. Each of these objects are second
nature to you; you don't think about what they are or what to call them.
For sake of discussion, let's say you do have a mortgage and you've put it into a manila
folder in your drawer.
Wouldn't it be useful if you wrote some things on the outside of the folder so you could
identify what was inside more easily? Maybe you'd add the date the mortgage was
signed, the mortgage company, their phone number, and how much the mortgage was
for.
Now, you may wonder why we're looking at a folder at all. Folders are supposed to be
bad! But the analogy holds up: the folder is like the skin of the document, and we've
added metadata on the outside to help us make sense of it.
Back to Work
Now imagine you work at a mortgage company. Instead of one (or maybe two)
mortgages, you're responsible for thousands. The Content Type becomes even more
important, and you may want some additional metadata, like maybe the mortgage
originator, the servicing company, and the mortgage due date.
We don't add these metadata columns just for fun. We decide to collect the metadata
which will enable the use cases we want, but not too much more than that. For example,
if we'd like to have a view which shows all the mortgages which are going to be due in
the next month, we need the Content Type = Mortgage and the mortgage due date >=
[Today] and mortgage due date <= [Today+30]. We can't satisfy that use case unless
we've made the document a Mortgage and added the mortgage due date metadata
column - and populated it!
Extra Detail
Content Types can be defined in an individual site, in the Content Type Hub, or using
Site Scripts. We make this choice based on the scope where we want to use the Content
Type. We may have a Content Type which only makes sense in the context of a single
site, like perhaps a Benefits Description in the Human Resources site. Other Content
Types may have utility across the tenant, like perhaps a Contract, if we want each
department to store and manage their Contracts in their own sites.
Summary
With Content Types, we can define the business objects which matter to us in our daily
jobs. In many cases - whenever a piece of content matters to our organization - we want
to create our own Content Types based on one of the generic ones to represent how we
do our real work. The metadata we collect with each instance of the Content Type
enables us to do our jobs better.
Groups in Microsoft 365 and Azure, and
Which is Right for You
７ Note
What's With All These Groups?

Azure and Microsoft 365 are the culmination of decades of technical evolution and the
desire to be as backwards compatible as possible. While those are noble and righteous
goals, they do come with some baggage. In this case that baggage is many object types
in Azure Active Directory and Microsoft 365 that are "groups" and it's not entirely
obvious what each group is or isn't, and which group you should use for any given
scenario. In this article we hope to unravel that mystery some and provide you with the
tools you need to make the right choice. We will cover Azure AD Security Groups,
Microsoft 365 Groups, and SharePoint Groups.
Azure AD Security Groups
What are Azure AD Security Groups?

Azure AD Security Groups are analogous to Security Groups in on-prem Windows Active
Directory. They are Security Principals, which means they can be used to secure objects
in Azure AD. They can be created natively in Azure AD, or synced from Windows AD with
Azure AD Connect. Their membership can be static, or it can be generated dynamically
with rules.
Who can manage Azure AD Security Groups?

There are several groups of people that can manage Azure AD Security Groups. If the
group is synced from on premises Windows AD they cannot be managed in Azure AD.
They must be managed on-prem with tools like the Active Directory Users and
Computers. Changes made there will sync up to Azure AD with Azure AD Connect. In the
Azure AD Portal synced Security Groups will have a Source of "Windows server AD."
Azure AD Security Groups that are cloud-only can be managed by users in the tenant
that have the appropriate admin roles. This includes, but is not limited to, Global
Administrator, Directory Writers, Groups Administrator, Privileged Role Administrator,
SharePoint Administrator, and User Administrator.
How do they manage Azure AD Security Groups?

Because Azure has good, well documented APIs, there are a variety of ways to manage
them. The most common way to manage them with a UI is the Azure Portal. The Azure
Portal is fully featured, so users with the appropriate roles can create, edit, view, and
delete Azure AD Security Groups from there.
PowerShell can also be used to manage Azure AD Security Groups with the Azure AD
Module. This module does not work with .Net Core, so it requires a Windows PowerShell
5.x host.
How are Azure AD Security Groups used?

Azure AD Security Groups aren't used much in Microsoft 365. They can be used to apply
licenses to users based on their group membership. This can be part of an onboarding
process to automate licensing a user to Microsoft 365. Azure AD Security Groups can
also be added to SharePoint Groups to grant access to SharePoint resources. The risk
with that approach is that the SharePoint Site Owners and Administrators don't
necessarily have exposure to who is a member of that Azure AD Security Group, so they
don't know who can access their SharePoint Site.
Microsoft 365 Groups
What are Microsoft 365 Groups?

Microsoft 365 Groups are a membership object in Microsoft 365 that eases the task of
ensuring a group of people have consistent permissions to a group of related resources.
You may see them referred to as Microsoft 365 Groups or Unified Groups. The group of
related resources varies slightly depending on where the Microsoft 365 Group is
created. For example, if a user creates a Groups connected Team site in SharePoint, a
Microsoft 365 Group will be created in the background. Along with the SharePoint site,
Microsoft 365 will also create a shared mailbox and calendar in Outlook, a Planner Plan,
and a Power BI Workspace. Any user given access to any of those resources will be
granted the same permission to the rest of the resources in the Microsoft 365 Group. If
a team is created in Teams, that team is part of a newly created Microsoft 365 Group,
and all of the other resources are created for that Group.
Microsoft 365 Groups have two roles, Owner and Member. Owners can change the
settings and the membership of the Group. Members can remove themselves, add
members to a Public Group, and recommend Guest users be invited. Notably, Microsoft
365 Groups do not have a way to grant a user read only access to resources.
Who can manage Microsoft 365 Groups?

By default, any user in a tenant can create a Microsoft 365 Group by creating a new
resource in a Group supported app. Tenant Administrators do have the option of
restricting who can create Microsoft 365 Groups. Group Owners can manage Group
membership and settings. Users that have the appropriate administrative roles at the
tenant level can also create and manage Groups, including ones they are not members
of. If a Group's Privacy level is set to Public then any user in the tenant can add
themselves to it.
How do they manage Microsoft 365 Groups?

Group Owners can manage Group membership in any of the Group supported
applications. For instance, they can add a member to a Group from the SharePoint site,
Outlook, Outlook Online, the Teams app, and so on. Changes to the Group made in any
app are reflected in all of the apps that Group supports. The management experience is
not the same between apps, so an Owner may have to go to a specific app for a specific
task. For instance, to change a Group's Privacy policy you have to use Outlook or
Outlook online. That setting can't be changed in SharePoint. Users that have the
appropriate administrative roles can also create Microsoft 365 Groups from the Azure
Portal or PowerShell. They can also manage Group membership and settings from those
same interfaces.
How are Microsoft 365 Groups used?

Microsoft has made it clear that Microsoft 365 Groups are the future of resource
permissioning in Microsoft 365. They allow Microsoft 365 users to take advantage of the
entire suite of Microsoft 365 applications with minimal administrative overhead. This
gives Group owners one pane of glass to look through when seeing what their group is
doing. The group's files are in SharePoint, the real time collaboration is in Teams, the
email discussions are in Exchange, but they're all secured and managed as a Microsoft
365 Group.
SharePoint Groups
What are SharePoint Groups?

These are the same SharePoint Groups we know and love from on premises SharePoint
server. They are a collection of SharePoint users that are given the same permissions.
They are scoped at the SharePoint site collection level, so a SharePoint Group created in
one site collection doesn't exist in any other site collections. Note that modern
SharePoint sites are actually site collections under the covers.
Who can manage SharePoint Groups?

Anyone with the "Create Groups" and "Manage Permissions" permissions in the
SharePoint site can manage SharePoint Groups. Since this not an Azure AD object,
having elevated roles in Azure AD does not allow someone to manage SharePoint
Groups. A user with the SharePoint admin Role could grant themselves Administrator
permissions to a SharePoint site, then they could manage that site's SharePoint Groups.
How do they manage SharePoint Groups?

SharePoint groups are primarily managed in the SharePoint interface by navigating to
the "Site Permissions" and "Advanced Site Permissions" application page
(/_layouts/15/user.aspx). They can also be managed in PowerShell with either the
Microsoft SharePoint Online or the PnP PowerShell modules .
How are SharePoint Groups used?

SharePoint Groups are how permissions were applied to groups of users, both in on-
prem SharePoint Server, and earlier in SharePoint Online. SharePoint has individual
Permissions like, "Create Groups" and "Add items" that are included in Permission Levels
such as "Full Control" and "Read." When a SharePoint Group is created it is assigned one
or more Permission Level. Users that are place placed in that SharePoint Group have the
permissions that are selected in the Permission Levels the SharePoint Group has.
SharePoint has three Groups by default; Members, Owners, and Visitors. Site Owners can
use those SharePoint Groups, or they can create their own.
SharePoint Permissions should be handled with Microsoft 365 Groups. Native SharePoint
permissions should be avoided when possible. SharePoint sites can be Groupified later if
the site isn't part of a group, but that should be done sparingly. Communications sites
are mostly read only by nature, and they do not support Microsoft 365 Groups.
Principal author: Todd Klindt, MVP
What kind of apps can you build on
Microsoft 365?
Microsoft 365 is a rich platform for building applications. Here are the types of apps you
can build on Microsoft 365.
Why should you build applications on

Microsoft 365
Microsoft 365, previously known as Office 365, is Microsoft's productivity cloud, that
organizations use for communication and collaboration. 250 million users work with
Microsoft 365 creating files, sending emails, meeting, reading information stored in
Microsoft 365, and more.
Microsoft 365 is also a highly extensible development platform. All the information
about its users as well as the content they create is stored in Microsoft 365 and, bearing
the necessary permissions, available for you to interact with in your applications.
Different types of apps on Microsoft 365

Thinking about building apps on Microsoft 365, you can distinguish between two types
of apps: standalone apps and apps that extend Microsoft 365.
Custom apps: build your experience
First of all, you can build custom apps. These can be mobile apps, web apps, desktop
apps, device-native apps, workflow automation, or scheduled processes. You can build
these apps using any programming language and run them on any platform you want.
You choose how you distribute and operate them. In short: you own the technology
stack and the full user experience.
Users start their journey in your app. Because your app is connected to Microsoft 365,
you can show relevant information from Microsoft 365 along your app's functionality.
And because you can present the data in your app seamlessly, users might not even
realize that they're looking at data coming from Microsoft 365.
To get the most out of integrating your custom app with Microsoft 365, you need to
allow users to sign in to your app with their Microsoft 365 account. That way, you will be
able to retrieve the relevant information on their behalf from Microsoft 365.
Extend Microsoft 365 experiences

Microsoft 365 offers many extension points to bring your app where your users are. By
exposing your app inside Microsoft 365, you make your app a part of people's work.
Because your app is available right where they are, they can focus on their work and
interact with your app without having to switch the context.
Extend conversations
Microsoft Teams host conversations on Microsoft 365. You can bring your app as a part
of a conversation in several ways.
First of all, you can build conversational bots. Bots help people complete tasks through
conversations. They're a great way to expose relevant features of your app and guide
users through the scenario like a personal assistant.
Another way to expose your app in a Teams conversation is through messaging
extensions. Messaging extensions help people complete tasks in a visually-compelling
way. They're similar to bots but are more visually oriented and ideal for showing rich
data
Finally, you can send notifications from your app to conversations via webhooks. By
using adaptive cards, you can show the data in a rich and actionable way.
Extend portals
Many organizations that use Microsoft 365 use portals to facilitate communication
and manage knowledge. Using rich pages, they publish content and build interactive
dashboards. These pages consist of reusable building blocks - web parts, that end-users
put together.
You can extend portals on Microsoft 365 in two ways. First, you can build widgets, called
web parts. Users, who create pages, can put your web parts on pages to enrich the
content. Your web parts can show data from Microsoft 365 as well as any other API.
Another way to extend portals is by building extensions. SharePoint Framework

extensions allow you to execute a piece of code on every page or change how list fields
are rendered. Just like with web parts, you can load data from Microsoft 365 or any
other API in your extensions.
Extend documents
When creating documents on Microsoft 365, users can enrich them with interactive
elements, like maps or charts. These elements can be connected to APIs and make
documents interactive and present data that is always up-to-date.
You can also build task pane extensions for Microsoft Office applications that help users
work with their documents. A task pane could help people lookup their customer
information when writing contracts or order information when creating invoices.
Connect your application to Microsoft 365
There are several types of applications that you can build on Microsoft 365. No matter if
you want to develop a custom application or extend Microsoft 365, you can connect
your app to Microsoft 365. To get information and insights stored in Microsoft 365, you
would connect to Microsoft Graph - the web API for Microsoft 365. To help you
communicate with Microsoft Graph, Microsoft offers SDKs for the most popular
platforms.
Building apps for Microsoft 365 offers a great opportunity to reach millions of users and
help them work more effectively. If you want to have a quick look at what kind of data
you can retrieve from Microsoft 365, I'd suggest you look at the interactive Graph
Explorer. If you're considering building a web app, I would also recommend that you
take a look at Microsoft Graph Toolkit - a set of web components that make it very easy
to show data from Microsoft 365 in your app. When you're ready to start building your
app, sign up for the Microsoft 365 developer program to get a dev environment.
Principal author: Waldek Mastykarz

Query String URL Tricks for SharePoint
and Microsoft 365
７ Note
The URL is a core tenet of our online lives. Despite all the apps, browsers, and tools that
occasionally obfuscate it, behind the scenes the Internet is glued together in part by the
Uniform Resource Locator (URL). The data that populates the Teams app on your phone
wouldn't make it there without the URL of the Graph API endpoint.
As a site owner or Microsoft 365 admin, you'll see URLs all the time: SharePoint sites,
Microsoft Forms, shared links, and even application shortcuts like
https://office.com/launch/onedrive .
This article will cover some powerful parameters that you can stick on the tail end of a
URL to change what's shown on the page... and to make your job easier. These URL
parameters will give you more options for solving problems.
Overview
The thing about query strings is… they are everywhere

You know this URL brings you to a website:
https://learn.microsoft.com
And this one brings you to a specific section of that same website:
https://learn.microsoft.com/search/
What about this URL?
https://learn.microsoft.com/search/?terms=community%20content
It has a ? at the end with a key (terms) and a value (community content). This is a query
string. Based on the key and value in it, we can infer that it might affect or influence the
page to show different content.
In this example, we can change the value in our address bar (and hit return) and the
page content may be different. Example:
https://learn.microsoft.com/search/?terms=large%lists
Multiple filters
Here's an example of multiple filtering with two keys (products and languages) with their
corresponding values (m365 and javascript):
https://learn.microsoft.com/samples/browse
https://learn.microsoft.com/samples/browse?products=m365&languages=javascript
And here's that same page loads different content with different values (ms-graph and
html)
https://learn.microsoft.com/samples/browse/?products=ms-graph&languages=html
How does this mental modal of URL-as-page-transformer work in Microsoft 365? Keep
reading!
Useful Query String Tricks
Put a Modern SharePoint page into Edit mode

Any Modern SharePoint Online page can be placed into Edit Mode by adding this query
string URL: ?Mode=Edit
https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/default.aspx
https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/default.aspx?
Mode=Edit
This isn't really easier than clicking the button on the page, but it's a good example of
changing a page's look or function dramatically with a query string URL.
 Tip
Sharing (links) is caring - The URL, like the one in your browser's address bar,
usually support spaces. So something like ?terms=policy security works just fine.
Where it might not work consistently is when you share the URL via Email, text or
Teams by copying and pasting it. As a best practice, replace any space in your URL
query string with a %20 , like ?terms=policy%20security .
Safety first.
Put a Modern SharePoint page into Maintenance mode

Any Modern SharePoint Online page, like:
https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/home.aspx
… can be placed into Maintenance Mode by adding this query string to the URL: ?
maintenancemode=true
https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/home.aspx?
maintenancemode=true
This gives you a behind-the-scenes view of the web parts on the page, and the data
being sent back and forth between the page and the browser. This is helpful for
diagnosing issues with pages including those using the SharePoint Framework (SPFx).
Read the official documentation on this in the article Maintenance mode for client-side
web parts
Put (Nearly) Anything in SharePoint into Focused Mode

In the Classic SharePoint days, there was a way to create a focused view of just content
by appending isDLg=1 as a query string to your URL. Those days are in the rear-view,
but there's an updated version for Modern SharePoint: ?env=Embedded
This hides the main navigation, footer, side navigation (and App bar) on just about
anything in your SharePoint site, including:
Pages
List views
Site Contents
Site Analytics
Recycle Bin
For example in a list it would be:

https://<yoursite>.sharepoint.com/sites/<sitename>/Lists/<yourlistname>/allitems.as
px?env=Embedded
In a page it would be:
env=Embedded
If your page or list are living on a Hub Site, you may notice the Hub Site navigation will
remain when using env=Embedded . If this is not desirable, e.g. if you are embedding a
page using the embed webpart, you can append ?env=WebView instead.
Show Any SharePoint List as a Microsoft Lists List

If you've been building in Microsoft 365 for a while, you're probably used to working in
SharePoint sites with pages, web parts, workflows, and navigations. Sometimes you just
want to share the context of a single list or library within that site – and with a URL
query string you can do just that.
Take your list, remove any existing query string on the end down to this:
https://<yoursite>.sharepoint.com/sites/<sitename>/Lists/<yourlistname>/allitems.a
spx
…and append this to the end of it:
?env=WebViewList
Like this:
https://<yoursite>.sharepoint.com/sites/<sitename>/Lists/<yourlistname>/allitems.as
px?env=WebViewList
That's it! Now your SharePoint list displays in Microsoft Lists. This is a great way to
maximize screen real estate and help focus people during collaboration. This list remains
housed in the original SharePoint site, but now with all the user interface polish of
Microsoft Lists.
 Tip
Filter your filters - Sometimes you need to apply two or more query string filters to
the same URL – two keys and two values. The format for that is generally to use the
question mark ( ? ) first, and the ampersand ( & ) for every additional key/value pair.
Example:
page.aspx?mykey=myvalue&thisotherkey=someothervalue
Redirect users navigation from a List

You can redirect users navigation by including the ?Source= query string in a list URL.
This method could support all those use cases where a user is supposed to click on a
link to add a new SharePoint list item. Without the ?Source= query string, a user would
"get stuck" in the the default list view, whereas this query string would help site owners
control a user journey.
Example: users visit a SharePoint page containing a link/button/banner to let them fill
out a form by adding a new SharePoint list item. The SharePoint page has the following
URL:
https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/<yoursitepage.aspx>
A SharePoint list uses an out-of-the-box .aspx page, to let users fill out a form and add a
new item. For example:
https://<yoursite>.sharepoint.com/sites/<sitename>/Lists/<yourlistname>/NewForm.as
px
After adding a new item, the ?Source= query string will redirect users to the previous
SharePoint page or any other web resource. A new item URL containing the ?Source=
query string would have a structure like this:
https://<yoursite>.sharepoint.com/sites/<sitename>/Lists/<yourlistname>/NewForm.asp
x?
Source=https://<yoursite>.sharepoint.com/sites/<sitename>/SitePages/<yoursitepage.a
spx>
７ Note
This method works even if a user clicks on the "Cancel" button of a list form!
Therefore, a redirect to a "Thank you" page would lead to a misleading and
inconsistent result, whereas an e-mail message from a Power Automate flow could
be a better option, based on a new list item creation or not.
Create a Link to a List or Library Search Result

Within the Modern user interface, the search bar sets its context (or scope) to the List,
Library, or site you're in. When you perform a search from a list or library, it appends a
query string of the search term to the URL. This link is sharable/bookmarkable.
Here's my example list:
https://<greatsharepointsite>.sharepoint.com/sites/Lists/<ListName>/AllItems.aspx
Here it is after a search for the phrase tax documents:
https://<greatsharepointsite>.sharepoint.com/sites/Lists/<ListName>/AllItems.aspx?
view=7&q=tax%20documents
And if you change the value of the q key in the URL query string, the results shown on
the page will change:
https://<greatsharepointsite>.sharepoint.com/sites/Lists/<ListName>/AllItems.aspx?
view=7&q=consultants
You can share this link, in a way that works almost like a SharePoint list view.
 Tip
Kick things up a notch by also adding the focused-mode query string filter in
combination, like:
https://<greatsharepointsite>.sharepoint.com/sites/Lists/<ListName>/AllItems.a
spx?view=7&q=engineering&env=Embedded
View search vertical immediately

After enabling or updating the search vertical, there is a delay of several hours before
the changes can be seen on the search page. In that case, you can add cacheClear=true
to the URL in SharePoint to view the changes immediately.
Read the official documentation on View the vertical in the search result page.
Debug SharePoint Framework Web Parts and

Extensions
You can troubleshoot a SharePoint page to see if there is a SharePoint Framework (SPFx)
extension or web part causing trouble. Add this ?disable3PCode=1 to the end of the URL
to disable loading anything SPFx-related:
disable3PCode=1
Read the official documentation on Disable SPFx web parts and extensions.
Filter Lists and Library views in SharePoint and Microsoft

Lists
SharePoint Lists and Libraries let you filter by specific column values with a query string
URL. This might let you have a URL that filters a status column, or shows only items
where some value is true.
A use-case might be using Power Automate Flow to email a list view status report based
on a given product in a list… with hundreds of possible products. You wouldn't want to
make separate views for each product. So, you make a single base view and append URL
query strings to create dynamic URLs for your Flow emails.
The basic syntax for this is:
?useFiltersInViewXml=1&FilterField1=<internalFieldName>&FilterValue1=<value>
(No < > brackets, you'd type the actual column value)
The useFiltersInViewXml=1 tells the List or Library you're appending some filtering
criteria.
The FilterField key needs to be the internal name of the SharePoint column. If
you rename 'Title' to 'Product' in your list, you'll need to use 'Title' in your query
string URL.
 Tip
You can find out the internal name by going to List Settings, choosing the column,
and looking after the &Field= key in the URL. That's using a query string URL to
help you make a query string URL!
When filtering yes/no columns, use the number 0 for no and the number 1 for yes.
Filtering like this (with the query string URL) means never having to wait for search.
SharePoint Search can sometimes take a few minutes to pick up on a change, but
this filtering is immediate.
You can filter by multiple keys/values by incrementing the numbers, like this:
?useFiltersInViewXml=1&FilterField1=[internalFieldName]&FilterValue1=
[value]&FilterField2=[internalFieldName2]&FilterValue2=[value]&FilterField3=
[internalFieldName3]&FilterValue3=[value]
Further view filter reading from the experts

The list/library view filtering capabilities are extensive. These articles go into further
detail, including filtering with managed metadata.
Nate Chamberlain: How to filter a SharePoint list or library using URL parameters
Piyush K Singh: Generate Modern List Filter URL: Managed Metadata
Conclusion ?article=done
This article has hopefully given you awareness of the hidden power of query string URLs,
and how they can let the platform do some of the work for you.
If you know of other useful query strings like these, you should consider contributing
them to these Microsoft Community Content documents. You can open an issue in the
GitHub repo, or submit your own pull request!
Principal author: Patrick M. Doran

Use the Government Cloud for
SharePoint and Microsoft 365
７ Note
Working for the government can be a privilege, a job that comes with a feeling of pride
and satisfaction in working on behalf of your fellow citizen. If you're a SharePoint site
owner or Microsoft 365 expert who's working in the United States government (Federal,
state, local or Tribal) you may be working in the government cloud. Read on to learn
about what that means to you and to your customers.
Why have a government cloud?

Regulatory compliance! The governing agencies of the United States have different
rules and policies than the private sector. Microsoft 365's GCC , GCC-High , and DOD cloud
offerings were purpose-built to meet these compliance requirements… all while still
giving you a modern collaboration, document storage, and development space.
Microsoft's landing page on the topic describes it like this:
"Federal, State, and Local U.S. Government agencies, as well as commercial

companies, holding controlled unclassified information, criminal justice information,
and export-controlled data will find that Microsoft 365 Government offers the most
robust set of capabilities while meeting necessary regulatory controls."
Also worth noting:
Your SharePoint and M365 content is kept separate from commercial tenant
content, and is stored within the United States.
Microsoft personnel who can access your tenant are restricted to those screened
for it.
Am I working in the government cloud?

It might be hard to tell by looking at a SharePoint site or Microsoft Team that you're in
the government cloud. If you're a Microsoft 365 expert or SharePoint site owner who's
been handed a site or a Team to manage, the easiest way to tell is to check your account
license. If it starts with a "G" then you're in the government cloud.
To check, head to https://portal.office.com/account/ and click on 'View Subscriptions'.

If you're working in the government cloud, you should see something like Microsoft 365
G3 GCC or Microsoft 365 G5 GCC-High . That means that you're a user who is licensed to
work in a government cloud tenant.
For more context on licenses, review the Microsoft Government Cloud License Types
chart.
Working on it - new features

One the benefits of having SharePoint and Microsoft 365 in the cloud is that new
features and tools show up regularly. This is true in the government cloud as well... with
the caveat that many new features must be vetted and approved for compliance before
you get access to them.
Not every feature that's available in the commercial M365 offerings will be available in
the government cloud on day one, and those that do become available might involve
waiting a bit longer to get.
In order to maintain compliance, new features and functionality need to be certified for
your government cloud instance. This certification might mean waiting six months to a
year or more for new functionally or occasionally not getting the new feature at all
(especially in GCC-High and DOD ).
For high level availability context, check out the Microsoft Government Cloud
Feature Availability table.
For monthly updates, bookmark the Microsoft Business Applications Product and
Feature Experience Parity PDF report.
The waiting is the hardest (web)part

Be prepared for some frustration from your end-users about waiting for new features –
they'll read about the latest new Teams capability or Power Automate Connector and
expect to see it in your government cloud environment on launch day. More likely than
not, the task will land on you to share context about the feature availability difference
between commercial and government clouds.
To stay up to date on what's headed your way:
1. Bookmark the Microsoft 365 Road Map and tune it to to the government cloud.
2. Set the Cloud Instance to match your tenant ( GCC , GCC-High , or DOD ) and toggle "In
development" or "rolling out". Remember that the dates provided are estimates.
3. The Road Map has an RSS feed so you can stay up to date and changes.
Watch your URLs

Another sign that you're working in the cloud – some of your M365 URLs might be
different than the commercial M365 equivalents. This means paying a little more
attention to the documentation and tutorials you share with your customers. Customers
may get confused if they try to log in to a commercial tenant URL with their government
cloud credentials.
For example, while your friends in the banking sector might build their Power Apps at
the commercial tenant URL of https://make.powerapps.com , you'd be making yours at
https://make.gov.powerapps.us ( GCC ), https://make.high.powerapps.us ( GCC-High ),
or maybe even in https://make.apps.appsplatform.us ( DOD ).
Work with support staff, trainers, and vendor

partners
When seeking out support in your government cloud tenant, be it formally with a
service provider or informally on social media and forums, you'll have a better time if
you mention that your Microsoft 365 tenant is in the government cloud. (You can even
share this article to get them up to speed!).
Specifying your specific government cloud type ( GCC , GCC-High , DOD ) will help align
support guidance with your environment.
Vendors selling web parts, support, training content, and Teams apps won't always be
fully aware of the differences in the government cloud. Insist they demonstrate
awareness and understanding of the Microsoft 365 government cloud before making a
purchase.
Government cloud developers

If you've got development chops in the Microsoft space, you should understand how
working in the government cloud will impact your code and applications. Tokens,
registration of apps, and endpoint URLs could be different. Your specific government
agency may have unique requirements for deploying apps. Documentation written for
the commercial tenants might not apply to you.
Here are some resources to help guide you:
Microsoft Graph Powershell examples for government
Microsoft National Cloud Deployments guide
Azure government cloud documentation
DOD endpoints
GCC-High endpoints
GCC (and worldwide) endpoints
Buying your own government cloud tenant

Unlike a personal or business M365 subscription, you can't decide one afternoon to buy
your own government cloud M365 tenant. You'll need to work with Microsoft to
demonstrate that yes, you are part of a government entity. Learn How to buy Microsoft
365 Government
.
Planning your deployment

If you're starting from scratch with a new tenant, these guides for each type will help
you roll out your first government cloud deployment.
Plan for Microsoft 365 Government - GCC deployments

Plan for Microsoft 365 Government - GCC-High deployments
Plan for Microsoft 365 Government - DOD deployments
Detailed learning
When you're ready to learn more, start with the Service Description, as it details what it
means to operate Microsoft 365 in the government cloud. Office 365 Government.
Then for specific guidance, review the SharePoint for US governments, OneDrive for US
governments, and Teams for governments guides.
７ Note
Government cloud offerings might not be the right call for educational customers.
Learn more about M365 educational offerings here: Office 365 Education
Community support and learning

A shared affinity for public service helps technologists, developers, site owners, and
M365 experts working in the government cloud to support one another. These
resources can get you answers quickly from people with similar government cloud
configurations.
Microsoft Public Sector Community
Microsoft Public Sector Blog [RSS ]
Social media – mention your government cloud instance with these hash tags
M365 User Group of Washington DC
Government Community Call – AvePoint Public Sector
Thanks to these community members for article input: Adrienne Andrews, Ed Bellman,
Sean Bugler, Jason Byrd, Nate Chamberlain, Joseph Dunn, Christophe Humbert, Naveen
Karla, Matt Wade, Fred Yano.

Accessibility by Design
Introduction
Recently, the topics inclusion and diversity have gained more and more attention. The
tech community, in general, is very diverse and does a lot to include people from
different backgrounds. But those topics are much bigger than many people realize. Way
more people are affected than most of us assume.
At the same time there are a lot of positive statements, like "We don't want to exclude
anyone!". This is a very good starting point, but when we get to the bottom of the
statement and ask what is being done to include people from different backgrounds,
the discussion often becomes difficult. Many people want to live inclusion actively but
don't know how.
When we think of an accessible workplace, we often think of ramps, wide doors, and
elevators. Few think about what they produce at work every day: documents,
presentations, images, and much more. All this outstanding content is not accessible for
many people, as we would like it to be.
That's why it's important to talk about the topic of "accessibility by design".
Let us take a step together towards a more accessible world.
Reasons why we don't think about accessibility

and inclusion / Our mental model
When thinking about inclusion and accessibility, we often think about a particular group
of people that is excluded. But quite often, the actual group of people is far more
significant than we anticipate.
Quite often, we read and repeat values like "include everybody", "sharing is caring" or
"we're all in this together,". Most people don't want to be exclusionary on purpose. But
there can be a gap between wanting to be inclusive and knowing what's necessary to be
it.
Often it is a trade-off between effort and benefit. As already explained, many people do
not know what to do, i.e., how significant the effort is. And when we turn to the benefit,
we must, of course, be able to assess how great it actually is. How many people would
actually benefit if we made our app, article, or report inclusive and accessible?
When we start to ask the question "Is it really worth it?" that can be a scary thought. The
question of whether it is worthwhile should never be decisive, but it often is.
Do we only want to include people if we get a benefit from it? Or do we want to be

accessible because it's the right thing to do, no matter how many people benefit from
it?
Many of us have privileged lives with access to good education, a safe home, and
resources. Many have a good job and a network of helpful people. We are so privileged
that we can afford to take care of everyone.
This fact leads to a moral duty to do so!
Now, let's first talk about who is affected when we go for poorly accessible design. Why
are there barriers, while thinking about inclusion and accessibility? Let's then see what
we can do to design more accessible stuff, how much work it is, and what our target
group looks like.
After we know all that, let's have a closer look at the benefits: what we might get out of
it.
Who is affected when we settle for poorly

accessible design?
When we start to think about accessibility, we tend to start thinking about physical
limitations. We all know people who use a wheelchair, who may be blind or deaf, or
missing limbs like a hand, an arm, or a leg.
We all can see and recognize those things quickly; that's why they come to mind first.
But actually, there are far, far more things we should think about.
There are physical impairments that we can not recognize well, like poor vision,
motor impairment, or challenges that affect our hearing. Just because we can't
recognize them easily doesn't mean that those don't impact people's life and
behavior.
We all know a lot of mental conditions that have a considerable impact on our
behavior: anxiety disorder, obsessive-compulsive disorder, or dyslexia, to name just
a few of far over 200 different conditions that affect our behavior. Once again, we
can't detect those conditions that easily but they have a massive effect on peoples'
lives.
Even if people are not diagnosed, that doesn't mean that they can't be affected.
Many of these can also be temporary afflictions. If we lack sleep, our eyesight may
suffer; if we're dehydrated, we may find it challenging to focus on a specific type of
fonts. If we're calming our baby, we maybe realize how hard it is to complete even
simple tasks with just one free hand.
All of these examples give us a sense that we often can't really tell who is affected in
their daily lives. And this also makes it clear that the target group for accessible design is
much larger than we initially anticipated.
What can we do?

The first step of using accessible design is to recognize that there is a need to. Period.
Once we have established that, progress can be made. But it always begins with
recognition.
The second step is to spread the idea. It is not telling people to simply do it or asking
people to do it. Nor to claim that it is necessary. It's not about arguing; it's about
spreading the idea that there is a need.
The right arguments can follow as soon as we have the right mindset; instead of telling
people what to do and what not, it is essential to appeal to their attitude. If we can set
the core idea about including everybody and sharing is caring into people's mindset, the
following steps will be a lot easier.
Let us have a look at some examples: what we can do.
Do we want to do more than just realize there is a need? Here are three simple steps we
all can do right now:
1. Let's take the Accessibility fundamentals learning path provided by Microsoft Learn
training.
2. Let's start using the accessibility tools like the Accessibility Checker or descriptive
text for pictures .
3. We can switch the grammar settings in Word for inclusiveness to become more
aware of the language we are using.
This shows us that a first step requires little effort. And perhaps we can already simplify
people's lives significantly. We can also make it possible for people to work with our
solutions in the first place.
Once we get started, we can include accessibility in more areas of our work life. Get
inspiration from the article 10 Habits to create accessible content or include the idea
of accessible content in our company by discussing the Accessibility Evolution Model .
Many people assume that the effort is huge, because we are used to orienting ourselves
to familiar patterns. As already explained, it is difficult to look for solutions when you do
not even recognize the problem. The first step is not to build ramps and bigger doors,
or to ask ourselves how we can include deaf people. In reality, the first steps look like
this:
1. Realizing that we can do small and easy baby steps.

2. Embracing the fact that far more people are affected than we actually might think.
What are the benefits of accessible design?

We have now seen that small steps can add great value. This added value can already
make a big difference in many lives, so let's take a closer look at what we can gain by
using accessible design.
First of all, we're doing a good thing by thinking about others. It doesn't feel good to be
excluded. Psychologists even argue that rejection or feeling excluded is processed in our
brain the same way, as if we get hurt physically. It hurts to feel excluded, and that leads
to feeling sad and angry. Feeling excluded can cause people to lose self-confidence, feel
a loss of control, or even feel they have nothing valuable to contribute.
Apart from that, we are making a better product. If it's an app, a piece of code, or a
PowerPoint presentation, it will be better in the end because it is more complete. It's
more versatile, and more people can have access to it.
And that means more people can buy or use our product. That in turn leads to us
getting more and better feedback, which makes our product better as a whole.
Iceberg model
Well-known slogans that convey values include "Sharing is Caring" or "Include
Everybody." Many people are driven by these values, which are anchored in their mental
model. Instead of telling other people how to behave, it can be helpful to start with the
mental model. When that mental model is closely linked to an accessibility thought,
change can happen much more easily.
There is the possibility to use the iceberg model for that explanation of the iceberg
model, and it might be beneficial to analyze accessibility by design with that model as a
next step to get a clearer picture of what is happening right now.
Conclusion
The first step of using accessible design is to recognize that there is a need to. Period.
Once there is realization, progress can occur because exclusion often happens
unintentionally. Exclusive design affects far more people than meets the eye, and the
effort to change it is tiny.
If we want to give more people a sense of community and belonging, we need to start
thinking about accessibility. Then we can get people to contribute their knowledge and
skills. That's how we grow as a community and as individuals.
Additional Resources
Accessibility terms- Write in a way that puts people first.
Bias-free communication.
The Microsoft Accessibility Blog .
More details about the iceberg model in Why Microsoft 365 adoption projects fail
Principal author: Michael Roth

Content Type Propagation
７ Note
Content types are a central part of SharePoint. This article will not go into deep details
on how to use content types because it depends too much on the use case. This article
will cover the backend "stuff" that propagates the content types to our end users.
Content type: At most basic level, Content types work as a "Template" for lists and
libraries. When they are added to a list or a library upon new item or document
creation, the item will then be created using the same list fields or file template.
Learn more: What is a content type.
Used in Lists
We use content type in lists when we want to be able to create different list forms
without the need of creating multiple lists.
The content type will contain different fields based on the use case.
Many 3rd party solutions for SharePoint are built with lists, and often rely on list
content types.
Used in Libraries
This is often for different Office file templates.
We use this when we want to provide easy access to document templates to our
users.
The content type will contain different fields based on the use case.
In SharePoint and Teams

As mentioned Content Types are used in lists and libraries. This article will be focused on
content types for libraries. When enabled and added to a document library, the content
type (for example, "Company presentation") will be available through the "New" menu.
If the SharePoint site is connected to Teams, the content type will also be available in
Teams.
How to create new content types

With the current Information Architecture in Microsoft 365, to make content types
available for end users there are a couple of approaches:
1. Use the Content Type Gallery (this is the modern version of the "content type hub")
The content type will be propagated to all SharePoint sites in the tenant.
2. Manually create the content type in the sites as needed
Users can manually add the document template to the library, the new
content type is only available in the current library.
Site owners can create a new content type at the site-level, this can be used
by all libraries in the site and "sub-sites".
3. Automated creation of content type using:
SharePoint Site Script

SharePoint PnP Provisioning engine
This technique creates content types locally to the site, requires technical
competency, and should only be used with site governance/provisioning in
place.
７ Note
The option you choose will mainly depend on your internal technical competency,
governance model, and your users needs.
1. The Content Type Gallery

Microsoft has revamped the Content Type Gallery during the last few years, in my
humble opinion it's not where it should be yet, but it's way better than what we had a
couple of years ago. You will need SharePoint Tenant admin rights to work with the
Content Type Gallery.
Login to your SharePoint Admin center navigate to Content
Services | Content Type Gallery.
You will see a set of content types, and you will probably recognize many of these.
） Important
When you are in the "Content Type Gallery", please don't modify or delete any of
the standard content types, only work with your own custom content types.
As mentioned above we mainly work with two types of content type:
1. Document Content Types

2. List Content Types
Before you start to create your content type consider the following:
1. If it is a document content type, do you have the document template available,

and does this content type need any metadata (built as site columns) associated
with it?
2. If it is a list item content type, do you have the site columns it should contain?
７ Note
Content types created in the Content Type Gallery, when published, will be
available to all sites and libraries in your SharePoint tenant.
Click "Create content type" to start the dialog to create a new content type. Always
make use of a custom category as this will make management of the content types
easier in the future.
７ Note
The "Parent content type" defines what your content type will be based on, we
mostly use Document Content Types or List Content Types.
The Company presentation content type is created but it's not completed yet. On the
content type page click "Settings | Advanced settings".
This is where you will add your document template. We have two options:
1. Use an existing template, currently this options doesn't work in the Content Type
Gallery, only with site content types.
2. Upload a new document template.
Use "Upload" to upload your Office template and choose save. This file is now saved
"within" this content type and will be propagated (copied) to new document libraries
when used.
When ready, use the "Publish" option to publish the content type to your
users.
Using the Content type
The publishing of the the content type should go pretty fast in Microsoft 365 now,
compared to what it did a couple of years ago.
Before you can add the new content
type to your library or list you need to make sure the "Settings" in "Advanced Settings"
| "Allow management of content types" is set to "Yes"
When ready navigate back to the Document library | Add column | Content Type.
７ Note
Adding a new Content type can also be done in the document library settings
page.
Choose your newly published "content type" and hit "Apply".
Your new content type is now ready to be used, repeat the process for any library where
you want this content type to be available.
If you want to add back the standard empty
Office templates, use "Edit New menu" to rearrange the options.
2. Create a new content type in your current
site
The process of creating a new content type for a site or Teams is similar to the steps for
the Content Type Gallery, just simpler. Content types created in the site will be available
for all document libraries in the current site and sub-sites.
In your site, navigate to Site Settings | Site content types | Create content type, and if
you are creating a content type for Teams, then you need to first navigate to the Teams
SharePoint site.
For site content types, you can use a file saved in the current site as a document
template- all you need is the path to the file. Adding the content type to the document
library is the same as above steps.
Pros/Cons
Below is some pros/cons that should help you choose the right content type
propagation method for your business scenario.
Using "Content type gallery"
Pros
Easy to get started
Content types are automatically propagated to all sites in the tenant
SharePoint Online search can surface search content based on the content type
across all sites
Easy to update the content type if changes are required, update of template might
take some time before auto updates, but can be manually updated by site owner if
needed.
Doesn't require much technical competency to manage
Cons
This requires SharePoint tenant administrator right to get started, might not be a
good fit for small environments.
Needs a strong central governance model, might not be a good fit for small
environments.
All content types might not be needed in all sites
） Important
If a content type is deleted from the content type gallery the following happens:
If the content type is added to a library (in use), it will be converted to a site
"local content type", and will be available for that site
If the content type is not added to a library, it will be removed from the site
Using "Local Site Content type"
Pros
Can be created by site owner
Content types can be used by all lists/library in the site
Doesn't need a central governance model
Cons
Required that site owners "knows" what she/he's doing
Content type is not available to other sites
Because it's not centrally managed, Office templates need to be managed
separately
） Important
If a content type is in use in a library or lists the content type cannot be deleted
from the site. Meaning you need to manually change the contents(file or list item)
to another content type before you can delete the content type.
Using "PnP, Site scripts or similar methods"
Pros
This is very flexible way to propagate content types
Combined with site provisioning you can create new sites with content types ready
to be used
You can manage creations/updates/deletions without the needs of manually
clicking through the Settings, especially handy when cleaning up content types.
This is a better choice for large environments, with need for lots of content types
Cons
Requires strong technical competency
Needs a strong central governance model, might not be a good fit for small
environments.
Conclusion
Content types propagation are a "way" of making predefined Office templates,
metadata, and/or list items available to all SharePoint sites in your tenant and because
Teams is using SharePoint as a backend to store the templates which are also available
in Teams files and lists.
If you don't have the technical resources to make use of "PnP
Scripts" to auto propagate the content types to new SharePoint sites, then I
recommended the use of "Content Type Gallery" to propagate your content types.
Recommended reading: Designing solutions for scale
Principal author: Jimmy Hang, MCT, MCSE: Productivity

OneDrive PC Folder Backup Benefits for
End Users
７ Note
OneDrive PC Folder Backup is a OneDrive sync feature that works with Windows 7,
Windows 8/8.1, Windows 10. This feature allows business users to automatically
backup/redirect their Windows clients Desktops, Documents and Pictures folders to
OneDrive for Business.
７ Note
OneDrive PC Folder Backup was previously known as Known Folder Mode (KFM)
Benefits of OneDrive PC Folder Backup

Automatic Backup of content on your device
You really don't need to worry about uploading your content, as everything you
put on the Desktop/Documents/Pictures is uploaded automatically
Protection against ransomware attack on the device because OneDrive support in
place file restore
Seamless switching to another device and continue where you left your files
Dependent on your licensing, you will get at least 1 TB of personal backup storage
If your business are small without central IT, users can turn on this feature in a few
easy steps
If your business is bigger and has central IT, you can turn on this with GPOs
If you have used Offline files before you might have experienced that it's a bit
difficult to know if it has synchronized correctly with the file share you have been
configured against. In my opinion it's a lot easier to catch synch issues with
OneDrive and easier to fix.
OneDrive PC Folder Backup is a killer feature when migrating personal file shares
to OneDrive
How you turn it on
Follow this Guide at Microsoft support.
Tips & Tricks

Here are few things I've experienced with this feature that might help in case of
troubleshooting:
1. OneDrive PC Folder Backup is similar to Windows Offline Files or folder redirection.

Meaning they don't work well together so you need to turn of Offline files before
using OneDrive PC Folder Backup.
2. OneDrive PC Folder Backup uses your OneDrive site as storage, meaning the user
account in question have to be "Site Collection Owner" of that OneDrive site, this is
normally the case but if not then OneDrive PC Folder Backup won't work.
3. .PST files is not supported. This is often the case when users have limited mailbox
storage on premises, normally we export the mailbox as backup and stores this in
the Documents folder leading to error when activating the feature.
4. OneNote files outside of OneDrive is not supported. This is the case if you have
used OneNote locally before OneDrive PC Folder Backup normally the OneNote
apps stores the files in the Documents folder. Move the OneNote files to OneDrive
first.
5. Beware of the 100,000 items recommended limit, if you are using OneDrive PC
Folder Backup while synching SharePoint libraries. Performance decreases as the
total numbers goes up, this limit also depends on your client device performance.

Why Microsoft 365 adoption projects
fail
７ Note
Intro for the challenge

We see many challenges when it comes to the people part of Microsoft 365. We've heard
it all before: digitalization is 80% about people and 20% about tech. But what does that
mean exactly? How can we face that challenge, and why is it so hard to let people love
software? Because Microsoft 365 is not just software - it's an approach to change the
way we work because it reflects some principles which we will need in the future. We
know already that.
Adoption is hard because people don't understand WHY they need to change their
working behavior. Without this, they resist change or only change superficially;
they don't stay curious and don't adapt to the evergreen approach.
Simply explaining Microsoft 365 will increase productivity is not enough because
statements like that don't sell anymore. They don't connect to people's
experiences, nor do they reflect their beliefs. People easily confuse being
productive (adding value in a meaningful way) with being busy (fulfilling tasks
somewhat chaotically and under time pressure), so that increased productivity is
rather perceived as putting even more pressure on them.
Without a shared vision and common understanding, we will only scratch the
surface of what Microsoft 365 can do in an organization.
VUCA
The necessity of understanding the real challenge isn't that new: In the '90s, the term
VUCA (Volatility, Uncertainty, Complexity, Ambiguity) was coined by the US military to
describe our modern world and the challenges any organization (not only the military)
was facing. This acronym describes a world in which change becomes a new constant, so
playability and consistency are not the factors to explain current markets and
environments for organizations.
Volatility
The world is changing faster than ever before, BUT the world will never change as slowly
as it is right now. In other words, the pace of change will continue to increase. New
challenges, competitors, and different unpredictable factors are something we have to
deal with. That means that long term planning and the reliability of this planning won't
be sufficient for modern organizations.
Uncertainty
Predictability and calculability of events are rapidly decreasing; forecasts and
experiences from the past due to shaping the future are losing their validity and
relevance. Just look at how quickly and comprehensively COVID-19 changed the way we
work. Do we have to say more?
Complexity
We live in a complex and connected world with various connections that are difficult to
keep track of, making it challenging to clearly define cause and effect. The world is not
just complicated; it's complex.
Ambiguity
The aspects described above make it clear that decisions today are no longer
straightforward. 'One size fits all' is rarely a suitable model anymore. It is often not a
question of WHAT, but of HOW and WHY. This leads to the fact that the demands on
organizations today are paradoxical, sometimes even contradictory.
Old world and new world collide

We've build organizations around structures and processes that were invented to deal
with different requirements. The way we built up and think about organizations is still
based on the idea that markets are predictable, change can be planned, and our world
works consistently.
Ultimately, we need a new way of thinking about organizations and the way we work.
We need new guidelines and principles that fit the challenges we're facing right now:
that fit this new world.
In other words, this new world comes with a need to transform along multiple
dimensions.
Profit into Purpose
Maximizing profit was the main driver for successful businesses for a long time. Yet
within a connected world full of information, that isn't the only thing that ensures
success nowadays. Customers often have enough information to compare different
organizations and can choose who they're engaging with. This appears to customers
and employees to the same extent. Now, many factors need to be considered for a
successful business: ethics, social responsibility, ecological aspects, etc. Those things
often come when an organization has a clear or higher purpose: a WHY. Organizations
that know why there are doing something - rather than just relying on how - often have
a far better standing in the markets than others: With purpose comes profit, but it
doesn't work the other way around. Customers and partners have a pretty good idea of
whom they want to deal with, and that's what differentiates a successful organization
from an unsuccessful one.
Hierarchies into Networks

In a world where we have a complicated yet straightforward task with multiple people
who can work on that task, we need someone who clearly understands what to do:
someone to keep all the strings together and know where to go. With that comes clarity
about hierarchy, line of command, and power. Within a world that is changing fast and
context isn't to be overseen by one (or a couple) person, we have the problem that
there often isn't THE right way, since that one person likely can't understand all
interdependencies. This person has to rely on others to tackle the current task. Yet a
clear line of command and a strict hierarchy are opposed to this. Self-organized teams,
collaboration between internal and external staff over many borders require a different
understanding of leadership and collaboration. Rather than a clear line of command,
networks work much better these days to connect to other people and create an
exchange that meets the requirements.
Controlling into Empowering

Let's keep the Hierarchy into Network idea in the back of our mind and spin the thought
further: If we can connect with different people, regardless of their physical location or
their standing within a hierarchy, we still need them to be able to accomplish things.
Within strict organizations with constricting processes, built-in communications, and IT
departments, people have less chance to make an impact. When we are in the wrong
position in the hierarchy, it is difficult to contribute. But what if the earthshaking idea is
in the head of somebody who can't contribute? In this modern, ever-changing world,
the top person is not necessarily the one with the best ideas. Often it's quite the
opposite: how often do people on the front line, interacting with customers and
challenges, know precisely how to solve those needs?
Planning into Experimentation

For ages, planning and the predictability of strategies were a winning factor for
organizations, and the one hero-like manager who could foresee what was going to
happen was at the top of the hierarchy. But if we know that the VUCA components
characterize organizations' environments today, long-term plans aren't sufficient. The
opposite of this business model is one that is characterized by short iterations. A short
term experiment that might seal the deal, yet isn't a complete catastrophe if it's not.
This comes from every agile approach. Short sprints are way more efficient than the old
waterfall approach. Yet, often the structures we find in modern organizations don't allow
such a system because they still are solidified around an old mindset.
Privacy into Transparency

'Intellectual property is good, and if we have or know something, we keep it for
ourselves so we can climb up that hierarchy ladder. And of course, we will build up a
competitive advantage.' These thoughts don't make sense anymore and don't fit a
modern and agile organization: it is impossible to know which information might
become useful in the future and which expert we will need to pass an upcoming
challenge. Therefore we need to be open-minded, think in networks, and empower
people to participate in the meaning of our purpose.
Digitalization needs to be an accelerator for this, but can rarely be the primary driver.
We need a new approach to think about work in general.
Microsoft 365 can be one step to achieve transformation, but it is not a goal by itself.
Just rolling out Microsoft 365 (or a subset of its tools and services) won't solve our
VUCA problems. We need to see the bigger picture to figure out which part of it
Microsoft 365 can help with, because we won't solve any problem by assigning licenses
to users.
The Iceberg Model

Before we can change how we do a Microsoft 365 project to solve our old world
problems, we first need to understand old and desired new ways of working and get the
bigger picture of our situation. An excellent tool to facilitate deeper thinking is the
iceberg model.
Defining the iceberg model
Find a still of the gif here
As we know, an iceberg shows only its tip above the water and most of it is hidden
underneath; it works as a good metaphor for things that are not obviously visible to us.
The iceberg model introduces us to four different stages.
Level 1: Events
Very visibly, we see events. An event is the answer to the question What is happening
right now?
On this level, people only react to what just happened and then stop to think about it.
For example: "I caught a cold."
Level 2: Patterns
Already underneath the surface, we will find patterns: What has been happening over
time? What are the trends?
On this level, people think about what led to the visible event and try to connect the
dots, for example: "I caught a cold more often in the past when I slept less."
Level 3: Structures
Digging one level deeper, we see which system supports and influences these patterns:
What affects these patterns? Where are the connections between practices?
On this level, people think about what influences these patterns and try to
understand the Why, for example: "Working crazy hours, worrying about problems
at work, and eating late at night affected my quality of sleep."
Level 4: Mental models

Finally, we will investigate what values, beliefs, or assumptions shape the system and
keep it in place?*
We can dig into which thinking generated the structures that are in place. For example:
our belief of "work is the most important thing, even more important than health and
the more I do, the more valuable I am" leads to behavior (which seemed to be expected,
because everyone did it), which resulted in a physical manifestation of unhealthy work
ethics that showed as catching colds quickly.
Let's have a look at how this works in the "old world."
The iceberg model of the old world
Level 1: Events - What just happened
People can't focus, experience both a lack of efficiency AND effectiveness, waste their
time with tasks they shouldn't do, and are instead more busy than productive.
Level 2: Patterns - What was happening over time?

People abuse tools and work around dysfunctional processes, communication patterns,
and organizational structures. They are not familiar with the art of collaboration, feel to
be under pressure to be always available, and react to everything instantaneously. A
high frequency of task-switching while working more next to each other than together is
challenging and exhausting.
Level 3: Structure- What is influencing these patterns?
Typical organizations look like a pyramid, with a few decision-makers at the top
(leadership) and the rest of the workforce at the bottom, resulting from the approach of
designing companies like military institutions, with a defined chain of command
compartmentalized structures. This led to departments, which don't communicate well
and are now rather information silos. The given structure leads to processes that ensure
that this structure stays as it is - which conflicts directly with the need to convert from
privacy to transparency, from planning to experimentation, and from controlling to
empowering.
But segmentation of organizations is not only an issue across departments

(horizontally), but also in the hierarchy (vertically), which leads us to another iceberg,
that is responsible for lack of understanding of problems of workforce by leadership.
Leadership, who don't generally understand details of issues and a workforce that can
not regularly connect to their leadership team lead to processes that do not reflect the
work that needs to be done, structures that cement the status quo, and decisions about
tools and working methods that serve old principles: privacy, planning and controlling.
Level 4 Mental Models
Let's look at which collective beliefs in our culture (which is then only reflected in
corporate cultures and way too often reduced to "individual mindset": What do we
people believe in, that they design organizations like this? Of course, redesigning takes
a tremendous amount of energy (and money), and indeed it is easier to keep the status
quo than to change. But why is this status quo, this broken system, still in place?
Because we (or at least enough of us in critical positions) believe in "knowledge is
power" instead of "Sharing is Caring." The "command and control" approach looks as if
it also provides security and predictability, and although we already know better, we
stick to this ego-system instead of an eco system.
What can we now do about it? Make people aware of the broken system that doesn't
meet our needs anymore, and that forces people into workarounds, unhealthy work
ethics, and poor connection to their organization. Please stop trying to fix users when
we need to fix this system.
iceberg of the desired new world

You see what happens here. When we approach a modern work style mindset as we
usually do, we barely go to the root of the problem at all. We're barely scratching the
surface of it. And that is all fair and square, but we also know that our solutions won't
sustain when we're fixing the symptoms of the problem.
Because in the end, we are confusing cause and effect. If we only focus on the reason
and just try to fix the symptoms, we barely fix the underlying issue. We need to work on
the cause to end up with a different effect in the end. What we want to achieve in the
first place is a sustainable change of habits towards a better work environment and a
healthy mindset. If we're going to change people's behavior, which we see in level 1, we
will need to change our core beliefs and mental models of level 4.
To give you a little guidance, we will turn the iceberg upside down and start at the
bottom:
Level 4: New Mental Models
Our core beliefs are a representation of the 'Sharing is caring' - mindset. We don't
compete against each other but value and listen to every voice. We are convinced that
we can face challenges better together and that Learning, experimenting, and sharing
failure and success are essential.
Level 3: New Structures

This will automatically lead to organizations that enable work in cross-functional teams,
facilitate open communities so people can connect beyond their filter bubble (which
makes serendipitous coincidences possible), support tools that foster collaboration and
processes that work towards a shared understanding and shared vision of organizational
purpose.
Level 2: New Patterns and Trends
With this background, people won't abuse tools anymore and don't need to work
around processes. They notice that work works and find a good rhythm of collaboration,
connecting, and focused work.
Level 1: New Events
Over time, this leads to a healthy understanding of productivity with some very
beneficial implications: awareness of mental load, reorganization of priorities, and
connectedness to the broader organization. As a result, we can see that people make
fair use of their time and do not need to face obstacles that are usually in the way.
How do we change?
The million-dollar question now is, what needs to be done at Level 4 so that we see the
good effect on Level 1? As consultants, we will, of course, say "it depends," but we've
identified some core concepts, which of course represent our iceberg.
Corporate Culture - Mental model

Rather than stating that people need to have the right mindset, we need to focus on
organizational change, which means that it is not sufficient to write down some fancy
leadership principles and work on which behavior we show. People don't do what we tell
them to do, but what we offer them by example.
It is time to consciously reflect on corporate values and how they are fulfilled with life in
the organization. As an example: We can say that we have a culture of being allowed to
make mistakes, but if everyone is cc-ing everyone massively to share responsibility /
cover themselves, then it is evident that the excellent culture only existed on paper.
Therefore we need to question ourselves about our values and how they resonate for
employees, partners, and customers. Without doing this heavy lifting, all approaches to
roll out tools, to use champions programs, use case shopping, and end-user training will
only scratch the surface and come to nothing or won't be sustainable. This means that
we will see perhaps some quick wins, but no long term change.
Some questions to ask could be:
Do we trust our employees and how much? How many control mechanisms that
also interfere with people's productivity and frustrate them do we have in place?
Do we foster transparency? Which structures and processes did we follow to
promote information silos instead and prevent people from connecting dots?
Do we encourage people to learn and share? Which restrictions prevent employees
from doing so actively, and how much time is reserved for that?
Do we have an organizational purpose? How is this why communicated to
employees? Is this only one-way communication or a vivid discussion in which
everyone's voice matters?
Corporate Culture - Structure

As the fixed hierarchy in organizations seems to be one of the main drivers to prevent
purposeful collaboration within an organization, its deconstruction will be a decisive
step towards a modern organization. Based on the answers from above, we will need to
ask:
Do we need to stick to the inherited chain of commands, or can we experiment

with other leadership approaches like holacracy ?
Can we institutionalize Learning, failing, sharing, and make this part of our DNA?
How can we ensure information silos no longer exist?
How can permissions, access to data and tools, ownership, and responsibilities
look when we work with Microsoft 365?
Corporate Culture - Patterns and Trends

Patterns and trends we can observe once we ensure we are working toward a structure
that is aligned with our organizational purpose and reflects its values are, for example:
Servant leadership will result in employees feeling more included in decision-

making processes and taking responsibility
Embracing diversity leads to better products
Breaking down information silos will lead to serendipitous connections
A #LearnItAll mindset will grant future-readiness
Democratizing access to corporate assets (knowledge, tools, roles) will impact how
people feel about their employer
A respectful climate towards everyone results in consciousness and thoughtfulness
Corporate Culture - Events

Climbing up our iceberg, we now reach its visible tip, the events that everyone notices.
After we do the legwork with core beliefs and organizational values, defined structure
and processes that supported these values, and fostered patterns that result in a
digitally literate, connected, and aligned workforce, we can now reap what we have
sown:
Frictionless collaboration
Healthy productivity
Good working morale
Next steps
To achieve all this, we will need:
Advocates
Advocate are people who explain, evangelize, and openly discuss change with their
peers. It is essential to include people rather than giving the impression that ongoing
change would be a fait accompli. Good communication is critical. Just sending an email
or printing some posters won't light a fire in an organization. Explain the big picture and
elaborate on the why of this enterprise. This makes sure that all stakeholders will have
an excellent understanding to drive change even further.
Persistence
Rome wasn't built in a day, and we first need to unlearn the practices from the old
world. This is challenging, as we easily fall back into old role patterns. The path requires
us to be patient and to make it easier to follow a new approach. Gamification can help
a lot here, but yet again - if we only work on this level, the effects will quickly fizzle out.
Guidance and training

Training alone won't be sufficient; people will need examples, discussions, and time to
figure out what works best for them.
Conclusion
To see the bigger picture of adoption and how Microsoft 365 can support our digital
transformation efforts, it is important to investigate the corporate mental model, the
organizational structures, and patterns. Focusing on visible events only, underestimating
the mental model's complexity, and cherry-pick quick-wins will not lead to sustainable
change. If we want to evolve from our inherited understanding of work into meaningful
collaboration, we need to adopt new working behavior properly. This is only possible if
we first care about corporate culture, which will be reflected in all levels above.
Useful resources
Iceberg Models
Involved in transformation? People love this model
The Systems Thinking Playbook by Linda Booth Sweeney and Dennis Meadows
Other
Satya Nadella on growth mindsets: “The learn-it-all does better than the know-it-
all.”
Microsoft 365 Maturity model
Microsoft 365 Adoption guide
Principal author: Luise Freese, MVP

The importance of a Teams naming
convention
７ Note
Names are important as they imply meaning, and in many experiences such as Microsoft
Teams, names serve as a key navigational aid for end users in locating the correct Team
quickly and easily. However, with many organizations, it is difficult – if not impossible –
to enforce consistent Microsoft Teams naming standards, even if Team and Group
creation is limited to a small number of individuals. While this enforcement cannot be
completely overcome without a third-party tool, the first step is to define a single or set
of consistent naming standards that will enable better adoption and success when it
comes to its usage of Microsoft Teams.
Why are Team names important?

The name of a Team and its channels is hugely important as it serves as the primary
mechanism by which users can currently navigate and browse their list of workplaces in
the Teams application. Studies in information-seeking behavior tell us that things like a
Team’s labels are used by the human brain to quickly assess and estimate (via scanning)
what this label represents.
The method by which users decide which link to select is often referred to as
information scent, which can be understood as the “user’s imperfect estimate of the
value that source will deliver” – which in our case is whether the team they open is in
fact the team they are looking for. As described by the Nielsen Norman group, the user
considers a link based on its label and any contextual information available to them.
Within Microsoft Teams, this boils down to two things: the Team Name and the Team
Logo – not a lot to go on. This underlines how essential good naming can be.
Without consistent Microsoft Teams naming standards, this process becomes taxing and
inaccurate as end users have no reliable “memory” from which to draw to assist in
accurately identifying whether certain information is the information they are seeking.
The consequences of bad names

The consequences of poor or inconsistent naming boil down to two main problems:
findability and redundancy. A variety of studies have shown that these are huge
problems in the digital workplace:
Findability: Multiple studies have shown that users spend a huge part of their day
(some suggesting as much as 2.5 hours a day) simply searching for information. In
the context of Teams, especially in organizations with a high volume of Teams
workspaces, bad naming can seriously hamper the findability of Teams which
creates friction and irritation for end users trying to jump quickly between tasks.
Redundant Effort: Poor naming can also lead to duplication of Teams and effort, as
end users who cannot find the object of their query will quickly abandon a search,
sometimes creating a new space for this information and replicating content that
may already exist elsewhere.
Not only does this problem occur in Microsoft Teams, but the same name used when
creating the Team is also carried throughout the Microsoft 365 ecosystem and applied
to several related objects (e.g., SharePoint Site, email address, etc.) which essentially
serves to multiply the problems shared above.
Naming convention considerations
Prefixes
Adding consistent prefixes to the beginning of Microsoft Teams team names can be a
useful way to add organization, structure, and consistency to your Teams. In western
cultures, our eyes have a tendency to scan left to right reading the first 11 characters so
a prefix can be valuable as it creates a column of essential information down the left-
hand side of the Teams experience.
Recommendations - Prefixes
Prefixes can be useful but do not make these overly long as they can lead to the
Team name being cut off. Generally, limit yourself to acronyms or prefixes no
longer than 12 characters.
While emojis can be tempting to utilize, keep in mind that these can cause issues
for search and are not supported in all the areas where a Team’s name gets
applied.
Spaces
Spaces are proven to make names more scannable while improving overall readability
for end users, which further aids with finding the right name in Microsoft Teams. They
should, however, also be used with some thought, especially when considering prefixes
and suffixes you may choose to implement.
Recommendations - Spaces
When using prefixes or suffixes, we are now combining different “components”
into the name, and it is typically helpful to aid users in differentiating the
delineation between these segments. One way to do this is to keep spaces within a
Team’s Workspace name but use another delimiter (such as a dash or underscore)
for the prefix or suffix. This allows the brain to quickly assess the Team’s category
from the Team’s name.
Length
An understandable response to remedying a Teams' findability is to add more detail to
the Team name, ultimately adding more length to each name – but this can lead to
other problems. Microsoft Teams only allows a certain team name length before it
becomes truncated (trimmed). The length available depends on the case of the
characters and therefore the maximum length falls within a range of between 30 and 36
characters.
Recommendations - Length
Keep your team names to 30 characters or less as a rule to ensure they are fully
visible
The Result
The result of applying a naming convention can be powerful. Observe the immediate
difference in scannability between the two sides below:
Principal author: David Francoeur
Maturity Model for Microsoft 365
The Maturity Model for Microsoft 365 concentrates on defining a set of business
competencies that resonate with Microsoft 365 yet underpin real business activities.
Overview
ｅ OVERVIEW
Introduction to the Maturity Model for Microsoft 365
Origin of the Maturity Model for Microsoft 365
What's New
ｈ WHAT'S NEW
Governance, Risk, and Compliance Competency
Competencies - A-L
ｐ CONCEPT
Business Process Competency
Cognitive Business Competency
Collaboration Competency
Communication Competency
Customization and Development Competency
Governance, Risk, and Compliance Competency
Infrastructure Competency
Competencies - M-Z
ｐ CONCEPT
Management of Content Competency
People and Communities Competency
Search Competency
Staff & Training Competency
Elevating
ｃ HOW-TO GUIDE
Elevating Collaboration
Elevating Communication
Elevating People and Communities
Elevating Staff and Training
Tools & Samples
ｂ GET STARTED
How to run a Maturity Model for Microsoft 365 workshop
Practical Scenarios
ｐ CONCEPT
What are Practical Scenarios?
Maturity Model for Microsoft 365 and Teams Development
Practitioner Sessions
ｑ VIDEO
Download the Practitioner Sessions meeting invitation
Microsoft 365 Maturity Model Practitioner Sessions (YouTube)
Microsoft 365 Maturity Model Practitioner Sessions Slide Decks

Microsoft 365 Maturity Model Practitioner Sessions Slide Decks
References
ｉ REFERENCE
Capability Maturity Model Integration (Wikipedia)
Automation Maturity Model: Power Up your RPA and hyper-automation adoption journey!
Maturity Model for Microsoft 365 -
Introduction
７ Note
Purpose
We often hear from people in the community that they know they aren't using Microsoft
365 capabilities as fully or as efficiently as they would like. Sometimes this can be an
existential dread rather than a specific set of clear ideas about what is missing or what
to do to work smarter.
Taking a holistic view of the technology through the lens of the Maturity Model for
Microsoft 365 and gaining an understanding of current state vs. desired state can help
organizations in these important ways:
Understand and compare options for solving business problems

Focus time, energy, and resources on the right priorities
Identify the budget and resources needed to move ahead
Establish a baseline to show improvement over time
Maturity Model for Microsoft 365 summary
The Microsoft 365 platform is vast and changes rapidly, but business needs are common
and slower. The Maturity Model for Microsoft 365 concentrates on defining a set of
business competencies, that resonate with Microsoft 365 yet underpin real business
activities. Together, the documents create a set of tools, not just information. These
should allow organizations to figure out where they are in any function or department
and what ‘better’ entails. Not only should the Maturity Model for Microsoft 365 not be
about features, but it shouldn't be just about IT either; so we it uses common language
that all sorts of business roles can understand so that everyone can use the model.
In developing a maturity model for Microsoft 365 we aimed to create a toolkit which
follows a set of principles:
Non-partisan, i.e. informed by but not driven by today’s features in any specific
platform
Led by business needs rather than technology features
Identifies key business *and- technical competencies
Enables organizations to evaluate the current state in a systematic and consistent
way
Applicable to various roles in the organization
Competencies
Published
Business Process
Collaboration
Communication
Customization & Development
Governance, Risk, and Compliance
Infrastructure
Management of Content
People & Communities
Search
Staff & Training
In progress
Data & Analytics
Maturity Levels
The 5 levels within the Maturity Model for Micorosft 365 can be summarized as:
Level 100 - Initial

Default, starting/exploratory state
People driven processes, lacking documentation and discipline
Many ways of doing the same thing (with variable results)
Characterized by inefficient legacy approaches and pockets of un-managed
innovation
Level 100 - Keywords
Ad hoc, reactive, uncontrolled, chaotic, unstable
Level 200 - Managed

Key processes defined but not standardized, uniformly or strongly applied
Some ability to demonstrate consistent outcomes
Limited buy-in from staff and management
Widespread inconsistency and resistance
Routine, legacy, firefighting, variable, personally managed
Level 300 - Defined

Defined and standardized
Signed off, managed process
Limited validation of effectiveness, doesn’t include edge cases
Process users demonstrate familiarity
Documented, policy-driven, planned, controlled, stable
Level 400 - Predictable

Actively managed in accordance with agreed processes and has tracked metrics
Effective achievement can be evidenced across a range of operational conditions
Process has been tested and refined
Process users demonstrate competence

Productive, interactive, responsive, enhanced, effective, adaptable, quality
Level 500 - Optimizing

Deliberate and systematic process improvement/optimization
Focus is on continually improving process performance
Management of the processes are concerned with addressing statistical common
causes of process variation and changing the process to improve process
performance
Optimal, systematic, statistical, improvement-focus, automated, assured, proactive
What's next?
The goal of expanding the SPMM to the Microsoft 365 level is to help practitioners in
the community think through how they can improve their capabilities or decide which
capabilities matter most to them. These decisions should be based not just on the
technology capabilities themselves, but driven by specific outcome objectives derived
from the organizational strategy, possibly at a reasonably granular level as well as at the
over-arching organization level.
Our goal is to apply the same core competencies that were the core of the original
SharePoint Maturity Model, updated and extended to reflect the current business and
technical environment. As Microsoft 365 is a much deeper and wider toolkit, the project
is creating a guidance document for each competency, in a consistent format. Although
these are clearly linked to Microsoft 365, we have deliberately avoided detailing
particular features and functions, focusing on the business needs and processes in the
competency documents. We will continue to expand the document set to drill into the
technologies; provide a ‘how to’ for achieving different levels with the tools Microsoft
365 provides; and highlight some practical scenarios.
Resources
Origin of the Maturity Model for Microsoft 365
 Tip
Join the Maturity Model Practitioners : Every month we host sessions exploring
the value and use of the Microsoft 365 Maturity Model and how you can
successfully develop your organization using Microsoft 365. Each of these sessions
focus on building a community of practitioners in a safe space to hone your pitch,
test your thoughts, or decide how to promote your use of the Maturity Model.
Sessions may also include a brief presentation about the Maturity Model including
recent updates.
Principal authors:

Simon Doy
Simon Hudson, MVP
Emily Mancini, MVP, UXMC
Sadie Van Buren
The MM4M365 core team has evolved over time. These are the people who have been a
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:
Sadalit (Sadie) Van Buren

Origin Story for the Maturity Model for
Microsoft 365
７ Note
The Maturity Model for Microsoft 365 is an

extension of the SharePoint Maturity Model
(SPMM)
Around the time SharePoint 2010 was released, Sadie Van Buren developed a
powerful set of concepts embodied in the SharePoint Maturity Model (SPMM). The basic
idea was to give people working with the platform ways to:
Understand their capabilities along multiple dimensions on a clearly defined scale

Decide which level they would like to achieve for each dimension and in what time
frame
Improve their capabilities in tangible ways by progressing to the next level
Compare their organization to their peers based on quantified surveys
The SPMM was, of course, focused squarely on SharePoint. At the time, SharePoint was
exclusively an on-premises product and generally stood alone, unless you did a lot of
work to change things. The principles, however, remain valid.
The tools have changed, but we still see similar levels of capability when using
Document Libraries:
Team-centric - mostly document storage replacing shared drives

Cross-enterprise, leveraging fuller functionality
External collaboration
These three high-level distinctions are levels of capability we in the practitioner

community see every day in our work. Some organizations are totally fine using
SharePoint as a shared folder in the cloud, but most want to be working smarter than
that. But how can they know what their path should be? And how can they get there?
Underpinnings: the Capability Maturity Model

SPMM was based on the Capability Maturity Model (CMM) , which originally came out
of work at Carnegie Mellon University in 1986 and focused on software development.
The premise was if you could measure yourself against a clear set of standards to
identify where your practices and capabilities stood, you could take concrete steps to
progress to the next level. The model defined a 5 point scale, representing the levels:
Level 100 - Initial

This is the starting level for a new or untried process. Practices may be somewhat
effective, but they don’t take advantage of the power of the platform, nor do they take
into account the multiple use cases which exist in even the smallest and simplest
organization. Typically, they are undocumented and in a state of dynamic change,
tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events.
This provides a chaotic or unstable environment for the processes.
Level 200 - Repeatable

Processes are documented or managed by a central group to enable (but not enforce)
the preferred ways of doing them. Some processes are repeatable, possibly with
consistent results. Process discipline is unlikely to be rigorous, but where it exists it may
help to ensure that existing processes are maintained during times of stress. 
Level 300 - Defined

The process is well defined and agreed as a standard business process. There are sets of
defined and documented standard processes established, signed off and subject to
some degree of improvement over time. These standard processes are in place. The
processes may not have been systematically or repeatedly used to the extent needed for
their users to become fully competent or the process to be validated in a range of
situations. This could be considered a developmental stage - with use in a wider range
of conditions and user competence development the process can develop to next level
of maturity.
Level 400 - Capable

The process is quantitatively managed in accordance with agreed-upon metrics.
Effective achievement of the process objectives can be evidenced (using metrics) across
a range of operational conditions. The suitability of the process in multiple
environments has been tested and the process refined and adapted. Process users have
experienced the process in multiple and varied conditions and are able to demonstrate
competence. The process maturity enables adaptions to particular projects without
measurable losses of quality or deviations from specifications. Process Capability is
established from this level.
Level 500 - Efficient

Process management includes deliberate process optimization/improvement. The focus
is on continually improving process performance through both incremental and
innovative technological changes/improvements. Processes are concerned with
addressing statistical common causes of process variation and changing the process (for
example, to shift the mean of the process performance) to improve process
performance. This would be done at the same time as maintaining the likelihood of
achieving the established quantitative process-improvement objectives.
Management of the processes includes deliberate and systematic process

improvement/optimization. There is focus is on continual improvement through both
incremental and innovative technological changes/improvements. The Optimizing level
is likely to include automation, reduction in manual tasks and associated variability,
strong governance and compliance interventions as well as optimization for user
interactions and productivity. 
Not every organization needs to be at the top level. NASA or Airbus have different
goals, constraints, and risks to manage than a small marketing or retail organization.
Not every department, team or function needs to be at the same level; Operations often
needs to function with higher levels of maturity than, for example, Sales and this is
reflected in their respective technology strategy and investment. As with any
organizational capability, the organization should decide if the capability should be a
strategic differentiator or simply a basic operational capability based on the
organizational strategy. The former may require optimized and fool proof capabilities,
where the latter only requires relative efficiency.
Resources
 Tip
recent updates.
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Business Process Competency
７ Note
Overview of the Concepts [tl;dr]

The Business Process competency focuses on how users in an organization perform
repetitive tasks in a systematic way, with structure provided by business rules. While
there are many business processes that do not require automation or have not been
technology-enabled, technology can make existing processes more efficient or allow
operations that would not otherwise be possible or effective. The most valuable
attributes for a well-running business process are repeatability, speed, standardization,
compliance, reliability, measurability, and efficiency. Agility, flexibility, and auditability
are also commonly involved, alongside human dimensions such as user experience and
user interface. Business integration and whole-system thinking also play an important
role.
Definition of this competency

"Business Process" describes linked business activities with a defined trigger and
outcomes, frequently standardized by a technology platform and/or custom automated
workflow processes. Areas of focus include data (unstructured/structured), workflow,
user security / roles, analytics and reporting, tracking / auditing, process modeling and
simulation, and process optimization.
Evolution of this competency

See the Maturity Model for Microsoft 365 - Introduction for definitions of the Maturity
Model levels.
Level 100 - Initial

Organizations at this level are running their business processes in a manual, ad-hoc,
"just do what it takes to get it done" manner. Their systems are not supporting them
because there has been no investment in automation. There is widespread frustration
and a sense that "we could be doing better" but there is no particular group or
individual (e.g., certified Continuous Process Improvement expert) leading the charge to
use technology to make improvements.
Initial level characteristics include:
General
Business processes are undefined or only loosely defined through user experience.
There may be no use of process technology, instead relying on paper-based
process and legacy technology such as email for notifications, hand-offs and
approvals.
Users of the system rely on institutional knowledge to get things done ("I know
who can help me with this") rather than agreed-upon roles and business logic.
Exceptions cause long delays (e.g., a key resource is out of the office, or the first
time a new situation is encountered there is no method for defining what should
happen).
Governance, Risk, Compliance and Security

Processes are mostly undocumented and lack any form of governance, control or
oversight such as an Integrated Project Team (IPT).
Tracking of the state of the process or status of an activity within a process is not
possible or not done. Reporting or analytics are absent.
Business Process
Changes to the process are untested or tested in concept only.
Exceptions and failures are not captured, tracked and addressed
Processes have evolved from prior approaches. New needs and exceptions have
been bolted on rather than engineered in.
Level 100 Impacts
At this level you can expect the following:
General
If there is a known workflow, e.g., for request approvals, there can be long delays
between steps because there are no system notifications, no status updates, and
no consequences for inaction. This requires the requestor to chase down the
person at the next step in the process.
Transactions are very costly in terms of time spent and user frustration.
Staff (and clients / customers) have limited confidence in the quality or timeliness
of the process output.
The team loses credibility and will be hard to get future buy in of new processes.
Exceptions and priorities, troubleshooting and remedial intervention become a
drain on resources and pose a risk to business outcomes.
Basic questions can't be answered because there is no reliable data (e.g., "How
long does it take us to process a typical invoice?")
People feel stressed due to the lack of ability to plan and estimate how long a
process will take.
Deadlines are missed or require heroic effort to meet due to lack of transparency
in business process.

Compliance issues are a risk when processes are not done according to established
business rules.
Business Process
It's not possible for anyone to see the status of a particular request. Activities can
stall or remain incomplete indefinitely.
Activity owners invest their time in pushing activities through the process. Activity
prioritization is ad hoc and not driven by business priority or objective value/risk
Level 200 - Managed

Organizations at this level are evaluating or implementing technology to help automate
some of their processes in a standardized way. As a result, some lines of business may
be mapping their processes for the first time, and gaining a true sense of all the steps,
dependencies, exceptions, and delays. There is momentum to manage particular
processes based on business need and/or process owner enthusiasm. An understanding
of the benefits of automation is developing. A particular line of business or department
may have successfully leveraged technologies to manage processes and are
evangelizing this to other departments.
Managed level characteristics include:
General
Business Process
Business processes are documented / defined at the department level and
communicated to the organization. Process maps exist for many processes but
adopted technology solutions are weakly documented.
Out of the box SharePoint workflows (approval, collect feedback) might be
leveraged sporadically.
A document library or list provides a central base of operations.
Workflows tend to be document-centric or task-centric vs. application-centric.
There is an understanding of the functionality within M365 to support business
process automation.
Some "no-code" workflows (e.g., Power Automate) may be implemented to handle
simple business rules at the department level (decision-based routing).
There may be inconsistency between the documented process and the deployed
process, as individuals hold to the way they traditionally completed workflow tasks.
Many processes are built solely at the role or department level, by citizen
developers in response to business needs. They do not go through formal
application development cycles and the development itself is undocumented
(though the process may be)
Processes lack governance, oversight, testing and control. Changes and
improvements are ad hoc or responsive.
There is some attempt to use feedback to enhance the process, though this lacks
formality rigor or commitment.
Business ownership to maintain the processes is not consistent; changes in
business need may not be effectively reflected in the process.
Business processes exist in isolation; typically solving point problems without
integrating with a larger strategy.
Reporting and tracking of activity through the process is attempted, but not always
reliable or reflective of the business needs and often incurs further manual effort.
Process development is not effectively coupled to process re-engineering, leading
to faster/better completion of the process rather than creation of better processes.
No strategy around automation, including standardization of technology platform
and approach has been developed. Automation tasks are approached in different
ways.
There is often inconsistency between the documented process and the deployed
process.
Level 200 Impacts
One department may have automated workflows while the rest do not, which
creates an inconsistent experience for internal customers.
A process may be automated in one geographic location but not in others, even
within the same line of business.
Single points of failure exist within the technology and within the expertise to
maintain or improve it
There is often disagreement or conflict between a company-wide approach vs.
embedded capabilities in line of business systems
Level 300 - Defined

Organizations at this level are using M365 to manage business process across multiple
lines of business, and consistently across locations.
Defined level characteristics include:
General
Individuals have transitioned from procedural document workflow to orchestration
of dynamic business process.
A business process automation technology platform has been selected and is the
basis for new Business Process activities, though legacy solutions remain in use.
Third party tools and/or custom Business Process Management tools are
integrated to support more complex business rules and legacy systems.
The organization has begun to develop business process skills, often in a central
team and including process re-engineering and technical platform specialists.
Training is available to both specialists and citizen developers
There is a recognition of the pros and cons of citizen development and attempts
are made to allow and manage these approaches
There is minimal inconsistency between the documented process and the
deployed process.
There is recognition that different solutions are associated with different risk and
compliance profiles and can be designed and managed accordingly
Quality Systems incorporate key business process solutions, and the solutions are
tested for compliance for processes that impact quality
New solutions are designed with tracking, performance metrics and out of bounds
notifications
Business Process
A process is considered as a whole, rather than as an automation of discrete tasks.

Process maps for the end-to-end process have been created and are maintained.
Associated solution documentation is developed.
Existing process automation solutions are reviewed, documented and attempts
made to bring them under management. In some cases, solutions are redeveloped
on the new platform.
There is a method for dealing with exceptions, or the automation is explicitly
scoped to meet the majority of situations.
There are processes for identifying new automations and for modify existing
solutions, though exceptions and 'shadow' development remain.
Whole system approaches are attempted, and common-data sets and sources
begin to be established.
Level 300 Impacts

Management and users can begin to feel confidence that processes and activities
are compliant.
Productivity / efficiency gains are observable if not yet fully measurable.
Increased transparency supports better productivity and planning and lowers user
stress.
There is increasing employee confidence in following the processes because they
provide better results than prior manual processes.
The credibility of the team is improved, that helps user acceptance for new
processes.
Organizations at this level have set goals for the process, such as reduced time between
steps, lower cost, fewer errors, customer satisfaction, etc., and the process is being
measured against these goals. The system is supporting and driving the business
process rather than the individuals involved in the process. The results are predictable,
and the users have come to depend on the system and no longer feel the need or desire
to work around it.
Predictable level characteristics include:
General
Workflows on the platform may have connectivity to LOB systems.
Users have access to process analytics and audit trails around the workflow. (e.g., a
user can report on document approval (person, date and comments).
There is greater transparency to the process at the end user level (e.g., a user can
see the status of a particular request at any step)
Collaboration happens in the context of a work item as part of a dynamic,
nonlinear business process (the "case").
There is a well understood continuum from citizen developed small scale, pilot and
prototype business process solutions through intermediate to fully developed and
managed approaches.
The organization has a register of the BP solutions in use, with assessment of their
risks, ownership, technology and interactions with other processes and systems.
Process performance is monitored using established metrics.
APIs and information sources are well established and made available for BP
process development
Technology standards are in place and adhered to.
Development standards, including UI, UX, API, reporting, error trapping and
exception monitoring are well established; there is support for implementing these
in small scale developments.
Staff are trained in the standard approaches and required to undertake training in
these as well as the technology and process development methodologies. Business
Process training is part of the training program for M365, with centralized
documentation / resources.
New processes and introduction of new line of business systems are considered
against the strategy and standards in place to ensure they are compatible
BP solution development is led by 'whole system thinking'
All critical processes are designed for and assessed against compliance and quality
needs. Formal documentation, methodologies, audit and review are applied to key
systems.
Process control such as SPC (Statistical Process Control) may be enabled
Process outputs and metrics data are collected and used for business intelligence
reporting
All processes have clear ownership. Changes in staff and expertise are considered
and processes are resilient to these changes
Level 400 Impacts

Users feel that a particular automated process is stable. They have come to rely on
it and shudder at the thought of the "bad old days."
The organization is looking for other places to automate processes, asking the
question "is this a candidate for automation?"
New insights gathered from process analytics support restructuring of business
processes for continual process improvement, earlier identification of issues, and
data to support additional headcount, where needed. (e.g., for headcount: showing
long lead times in SharePoint project requests where the delay is due to limited
headcount to build solutions)

Organizations at this level are using the M365 platform optimally to automate their
processes, and are focused on feedback and continuous improvement. The
goals/metrics are being achieved on a regular basis, and there is both objective data
and anecdotal evidence to support the success of the solution.
Optimizing level characteristics include:
General
Power users can edit existing workflows to adapt them to changing business needs
on the fly with an understanding of the implications of these changes.
Standardized workflows, data sources, connectors, UI and process components
exist for re-use and guidance
Users leverage data from the business process management platform to optimize
process, simulate on real data, clear bottlenecks, and balance work across
workloads.
Business processes may extend to external users.
The enabling technology platform is being upgraded and managed proactively as
an enterprise solution.
Staff are highly skilled and engaged in the processes, providing feedback, ensuring
compliance and adapting to edge cases as required
All processes are well understood, managed and leveraged
Processes reach outside the organization, to interact efficiently with 3rd parties
including suppliers, clients and regulators
There is an active and ongoing process of process review against operational and
other objectives and processes and supporting technologies are re-engineered
accordingly
Processes drive and ensure compliance while also improving productivity.
Business Process
Users have visibility into the process and can provide feedback to process
improvements.
Output metrics from business process solutions provide insights into business
improvement and drive process enhancements at all levels. Impacts in one part of
the process are understood up and down the event chain.
Business Processes are continually measured as part of a whole-system approach
and collectively improved or adapted to changing needs.
Advanced tools are used to drive optimization, including AI, Statistical Process
Control and cross industry benchmarking
There is a high level of continuous process oversight and remodeling
Innovative approaches are taken to automation of tasks; as new technologies and
techniques emerge these are proactively introduced, freeing up time for staff to
deal with complex cases and 'out of bounds' scenarios.
Level 500 Impacts
It's possible to plan innovations because the baseline of performance is well known
and trusted.
The organization can adapt its processes with less stress and more agility to
respond to changing business conditions (e.g., mergers, acquisitions, new product
lines, etc.)
There is increased productivity across the organization as roles and responsibilities
are focused on tasks that cannot be automated.
There is an increase in employee engagement as mundane, repetitive tasks are
automated and viewed as a competitive advantage for how the organization
works.
Scenarios
Employees require manager approval for time off requests.
Employees can request new hardware, equipment, or supplies which then follows
an approval and procurement process.
A subject matter expert updates a policy, which then requires multi-level review
and approval.
A proposal to a customer requires multiple areas of review and approval before it
can be sent to the customer.
A customer opens a support case which requires multiple steps and escalations to
resolve.
Cost & benefit

Business Process is one area where hard metrics are relatively easy to capture, and
where ROI can be clearly shown. Examples of Business Process ROI include:
Reduced time between steps in the process

A positive change from process status unknown at any point to status clearly
viewable by the users in the system
Reduced cost when processes involving purchasing or expenses are standardized
Improved discussion making
Reduced risk of missing compliance deadlines or getting fined for not adhering to
compliance and government regulations.
Conclusion
Improving your Business Process maturity requires an investment in business process
mapping, as well as an understanding of M365's functionality and how it can support
your business processes. This investment in defining and educating will be repaid in
clear, measurable ROI for the business processes that you modernize and automate on
the M365 platform. This ROI can take the form of bottom-line cost and time savings, as
well as more top-line advantages in terms of competitiveness and customer and
employee satisfaction.
Common Microsoft 365 Toolsets
Connectors / Custom Connectors to access other line of business apps and
services
Dataverse
Microsoft Forms
Microsoft Lists
Planner
Power Apps
Power Automate
Power Virtual Agents
Project Online
Viva Goals
Viva Sales
Resources
 Tip
recent updates.
Related documents
Business process flows overview
Defining a Power Platform Environment Strategy
The Power Platform Data Loss Prevention (DLP) policies you should be considering
on Day 1
Principal authors:
Sadie Van Buren
Contributing authors:
Simon Doy
Simon Hudson, MVP
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Cognitive Business Competency
７ Note

AI and ML are rapidly evolving fields, with new breakthroughs, services and capabilities
seemingly every week.
In many ways, this revolution is following a similar track to other world changing
technologies, creating opportunity, threat, FUD, excesses of imagination and paranoia
and more. While the technology and its monetization are fearsomely rapid, forward-
thinking organizations should be anticipating the roles of various forms of cognitive
business and incorporate these into their culture, ways of working, processes and
thinking. While pessimists may be concerned about these technologies displacing
‘white-collar’ / knowledge worker roles, pragmatic organizations will be considering the
impact of the changes and planning how they can be integrated into their cognitive
functions – knowledge creation and access, analysis and assessment, task planning and
decision making.
Cognitive businesses are those that actively employ thinking in its many forms across
operational activities and decision making. They are characterized by having significant
numbers of ‘knowledge worker ’ staff in operational roles, not just management roles.
This Cognitive Business Competency considers how and where organizations might
deploy advanced, computer based cognitive services across their teams and operations.
The technologies used will encompass (narrow and generalized narrow) AI, Machine
Learning and other advanced technologies that simulate or mimic human intellectual,
analytical and creative activity. For convenience, these will be referred to simply as AI in
the rest of this article. The technology scope includes pre-built AI, including those
integrated into off the shelf products and suites, ‘invisible’ technologies that don’t
provide an apparent user interface, direct human-machine interfaces (such as voice
assistants & chat bots), AI platforms and services and custom-built engines for the using
organization’s own data. The competency also acknowledges the continued and
essential role of human cognition and the relationship between how people and AI work
together.
Cognitive Business maturity describes the extent to which organizations have

understood, adopted and embedded AI-related capabilities in the right combination to
improve and, ultimately, optimize the business.
Where are we today?

At the time of writing, Cognitive business and AI developments are in the Enthusiasts
and Visionaries stage. As noted, AI-related technology is changing quickly and use of
this competency should reflect that.
Chat GPT has this to say about Cognitive Business:
“Cognitive business is a term used to describe the integration of cognitive

computing technologies, such as artificial intelligence (AI), machine learning, natural
language processing, and robotics, into various business processes and decision-
making frameworks. It involves leveraging the power of these technologies to
enhance business operations, automate tasks, and gain insights from data to drive
innovation, improve customer experiences, and increase efficiency.
The goal of cognitive business is to create a more intelligent and adaptive

organization that can quickly respond to changing market conditions and customer
needs. By using cognitive technologies to analyze vast amounts of data and make
better decisions, businesses can gain a competitive edge and create new
opportunities for growth.
Cognitive business can be applied across a range of industries, including healthcare,

finance, retail, manufacturing, and more. Examples of cognitive business
applications include chatbots and virtual assistants for customer service, predictive
analytics for supply chain management, and autonomous vehicles for transportation
and logistics.”

There are many aspects to cognitive business, but an important consideration is how
cognitive business enables people and ‘intelligent machines’ to work together. The
maturity model considers this alongside the deepening capabilities, integration and
governance of AI in organizations.
As Satya Nadella has said, AI is moving from Autopilot to Co-Pilot:
Model levels.
Level 100 - Initial

Organizations at this level are unaware of, uninterested in or dismissive of AI supported
cognitive business. They rely on their staff to maintain their competitiveness and do not
perceive an opportunity or threat to the way they currently operate. Knowledge worker
tasks are delivered by staff.

100 General
AI is not knowingly used. It may be unknowingly used in standard products and
services.
There is no strategy for a cognitive business beyond the capabilities of employees.
Not is there any intent to explore it. The cognitive nature of the business is not
considered.
AI may be looked on with disdain, as a passing fad or as unable to outperform
members of staff.
People are doing almost all the cognitive activities across the business, perhaps
supported by ‘ordinary’ technology. These may be efficient and effective, and, as
such, they see no reason to change.
100 Technology
AI embedded in applications and suites is not noticed or used by most staff; no

attempt is made to adopt, adapt or explore it.
100 Governance, Risk, Compliance and Security

No consideration is given to governance or risks associated with cognitive business
activities. Staff are unaware of IP implications where AI tools are used.
100 Impacts
AI has no direct impact, which may mean that disruption, when it comes, is
unanticipated. Competitive advantage arises through investments in the skills or staff;
human limitations may create intractable challenges.
Level 200 - Managed

There is some appreciation of the emergence of potent cognitive tools and there may
be some experimentation with narrow forms of these to enhance processes or address
needs, mostly through configuration of platform-based services and some use of
proprietary data for training. This is Proof of Concept work, with limited process design
and little to no consideration of governance and risks initially. Most staff do not have an
accurate understanding of the capabilities and limitations of the tools and there are
unreasonable expectations of perceptions of risk.

200 General
AI to support a cognitive business is speculated about, often with unreasonable or
incorrect assumptions about what it can and cannot do.
Staff and management are largely unaware of the AI tools built into their everyday
off-the-shelf tools. Where they do, they use it to get answers to questions and
copy the answer verbatim.
There is no strategy for introducing AI, though some staff, in isolation, may identify
possible areas where existing processes might be improved using AI approaches. A
few staff experiment with the tools that are readily available, perhaps using in-
house data; management support for this is limited or may be occurring without
their knowledge.
There is a tendency to think that technology can solve the problem, without
rigorously defining the needs. Where cognitive tools are used, they are taken at
face value, without critical assessment or the integration into business processes
and the response of staff.
Staff with knowledge about how to build cognitive models, create appropriate
training sets or choose better AI processing models and methods, are largely
absent.
Source and training data is not well structured, clean and of sufficient quality and
there are few metrics for the quality of this.
200 Technology
Content and document management uses some automated classification, though
largely with the default configuration and limited training on topics etc.
Categorization may be used to improve existing processes, often in a narrow way,
usually with out-of-the-box capabilities.
AI may be in active use by the platforms used in the organization, such as
protecting against security risks, or supporting web searches. Only a few people
recognize that this is the case.
No technology-stack choices have been made and different platforms and services
are being played with a different part of the organization at different depths.
Cognitive capabilities are not designed into applications, products and services.
Training data sets are used as-is, without considering ethics, bias or errors that may
result from the data
Limitations are not considered, and no safeguards are in place to correct poor AI
decisions.
Intellectual Property implications are not considered.
Level 200 Impacts

At this level Cognitive business remains the domain of staff, with a few ‘mavericks’
extolling the virtues of AI and playing with the capabilities, usually with no oversight by
technology, governance or management functions. AI is not contributing to productivity
other than through ‘invisible’ AI that is built into of-the-shelf applications and services.
Level 300 - Defined

At level 300, the organization is actively considering how to enhance its knowledge
worker activities using AI. While the scope of this may be narrow, with point solutions
rather than transformative projects and adoption, there is an outline strategy and intent
to enhance the organization through cognitive services. Staff use AI to support their
knowledge worker activities, taking advantage of built in tools and some standalone
services to assist their day-to-day activity, while the organization begins to research or
invest in bespoke business solutions.
300 General
Attempts are made to ensure source and training data is well structured, clean and
of sufficient quality. The quality of the training input to cognitive models is
managed, with attempts to minimize bias and errors. A set of metrics is established
to confirm this.
Staff have some understanding of how to ask questions of the AI tools to get
useful outputs.
The limitations of the insights, knowledge and behaviors of people as the
benchmark for AI ‘accuracy’ are considered.
The organization has laid out a broad strategy for AI setting out their aspirations.
Elements of this may be naïve, lacking actionable detail and measurable objectives,
and may lack resources and senior sponsorship, but it acts as an important starting
point and touchstone.
The technology is not treated as internally or externally disruptive.
300 Technology
A range of AI services are used to improve existing processes, with multiple areas
of improvement. Mostly these improve human-driven knowledge activities and
support existing staff, however some areas no longer require human intervention.
Categorization is used to improve existing processes, often in a narrow way,
usually with out-of-the-box capabilities; often this makes things easier for staff
later in the process.
Content and document management actively uses automated classification,
configured and trained with the organization's information and document set.
Developments are focused on the application of pre-trained models. Custom AI
models are used in some cases and are being evaluated for wider application.

There is recognition that different solutions are associated with different risk and
compliance profiles and can be designed and managed accordingly
Quality Systems incorporate key business process solutions, and the solutions are
tested for compliance for processes that impact quality
New solutions are designed with tracking, performance metrics and out of bounds
notifications
Level 300 Impacts

Staff have use public tools, such as AI-driven internet search, saving time allowing them
to focus on more creative and valuable activities. Some processes are improved through
AI and an appetite has developed for doing more, with some limited funding. AI
supports staff in their cognitive tasks. Risks and concerns are emerging that the
organization is unsure how to address.

There are processes to build, deploy, integrate and manage AI alongside staff in many
areas of the organization. There are mechanisms to manage and monitor AIs that are
similar in importance and effect to those used with staff. Feedback processes and
performance metrics drive improvements. The organization’s culture accepts and
understands the role of AI and the relationship between staff and their AI tools. The
organization uses its skills as a flexible cognitive business to create efficiency and
business advantage.
400 General
Staff are trained and competent in interacting with tools to optimize their useful
outputs.
Policies are adopted regarding AI transparency, ethics, performance and scope.
These are regularly reviewed and updated in recognition of the pace of change of
the technology and regulatory environment.
AI services frequently work alongside human staff, with each complementing the
other. Areas that do not require human intervention have human and AI oversight,
with both reviewing feedback.
AIs that replace staff roles have line management processes, performances reviews,
code of conduct guidelines etc. that perform the equivalent role to the staff they
replace.
There is board level oversight of the cognitive business approaches and ensuring
they support the organizations values, ethics and strategy.
Cognitive AI outputs are routinely audited and subjected to quality control in the
same way as other quality processes. Methods have been developed to validate
that training, queries and other inputs produce ‘correct’ outputs.
Cognitive business approaches enable the activities that could not have been done
without the tools. Processes are transformed rather than simply enhanced.
The level of trust in the tools is understood, continuously re-evaluated and
deficiencies addressed.
The limits of AI are well understood, and ‘unusual’ cases are handed off to experts.
There is a coherent approach to people and AIs working together, with well-
defined hand-offs.
Source and training data are actively managed to ensure quality, with metrics and
active feedback.
400 Technology
The cognitive business landscape is scanned, and changes and improvements are
previewed and incorporated into the business roadmap; the tools are actively
‘upskilled’ as technology advances.
Sources and training data are robust, updated, assessed and managed against
quality and ethics standards.
Technology limitations are well understood; safeguards and feedback loops are in
place.
Voice interfaces, natural language processing and other human-centric UIs are
present across staff workspaces. There is some use of ‘always-on’ monitoring
within the workplace and process areas.
New applications developed within or for the organization actively incorporate
cognitive elements, and these incorporate AI ethics and governance by design.
Developments using custom AI models have a well-established process which
includes data quality security, responsible use and audit.
A generalized narrow AI, capable of performing many different types of tasks and
with a holistic view of the organization, starts to replace many discreet cognitive
services.
The AIs are capable of identifying issues and carrying out auto remediation,
handing off to a person where necessary.
There are policies that define how cognitive business should be introduced,
assessed, performance managed and monitored for effectiveness and fairness.
Responsible AI initiatives and standards form the basis for this.
The implications of compliance around AI use are broadly understood and actions
are taken to minimize risks relating to regulations, Human Resource obligations
etc. A board level role has accountability for responsible, ethical and fair
application of AI, ensuring compliance with regulations and values.
Training in Cognitive business for staff, management and the leadership team are
maintained. This ensures understanding of ethics, compliance, best practice and
drives trust. Assessment is used to improve the training and identify staff
competency.
Training data is reviewed regularly for historical bias and gaps that might
compromise the ethics of the AI. There is special care taken with externally sourced
and public data that may include such bias.
Attention is given to national and organizational culture and how this might create
bias in the cognitive business. Systems are reviewed against clearly stated values
and principles in place in the organization.
There are processes to hand off ethically complex issues or outliers from the
systems to human arbiters.
Inputs to Cognitive systems are recorded so that they can be used to validate
outputs.
The risks of cognitive business tools deskilling staff are understood and addressed
appropriately, such as through actively retaining skills or accepting that these are
lost to the organization and external expertise is used when required.
Level 400 Impacts

At this level you can expect widespread adoption and acceptance of AI-based tools in
many areas of an organization and that these create good competitive advantage. Staff
are engaged with the tools and use them to great effect, whilst also watching for
unexpected behaviors or under-performance.
Staff and processes are productive, though there may be concerns about resilience of
the technology and exposure to regulatory change.

Cognitive business has reached the stage of being a natural, continuous flow of
interaction between staff and machines. Ethical and GRC issues are effectively monitored
against a well-established framework and feedback, retraining and horizon scanning
maintain this. Highly capable AIs interface with most parts of the organization and are
capable of a large range of tasks working in collaboration with human staff.
500 General
Resources and capabilities in the organization are sufficient to drive rapid and
effective cognitive business value. This is supplemented by a broad range of
partners and associates with expertise in specific applications of cognitive business.
The organization uses these to both rapidly react to changing needs and
proactively advance the business in response to strategy and vision.
Content and document management actively uses automated classification,
configured and trained with the organization's information and document set, with
continuous retraining and active redesign to incorporate future-looking strategic
and tactical changes in the business
AI assistants, versed in the knowledge and processes of the organization, are
available to all staff to assist with their activities. They also have ‘a seat at the board
table’ where they can retrieve relevant information, capture decisions and actions
and provide summaries and feedback on the state of both the organization and
previous meetings.
AIs are used in the board room to advise directors/VPs, capture and track decision
and actions and summarize and analyze information
Advanced human-machine interfaces are in careful use, which may include active
monitoring of conversations and activities, prospective advice and insights.
Cognitive business is built into the organization by design. It pervades staffing
criteria, product and process development, sales and marketing strategy and
pervades operations.
500 Technology
State of the art technologies are proactively reviewed and incorporated into the
Cognitive Business strategy and roadmap. AI services may be used to help identify
these.
Active experimentation takes place, and the learning is used internally and shared
with partners and aligned vendors to drive future improvements.
The generalized narrow AI has reached a level of capability that exceeds the sum of
the parts and becomes a core strategic platform specific to the organization. Most
discreet cognitive services are now incorporated into this service, increasing its
reach and reducing the overhead of training and integrating individual tools.
Cognitive systems exhibit proactive interfaces; not just reactive. They will prompt
humans as and when appropriate. The use of such systems follows policy and
values, with appropriate safeguards.
AIs are routinely capable of autonomous action. Where they make mistakes or
choose to involve a person in the decision making, the output of this is fed back
into the AI to improve it.

Innovations and inventions that both drive Cognitive Business and result from it
are effectively protected and secured; this includes IP, the data they access, the
outputs they generate and the code and models they rely on.
People and AIs work together harmoniously as a team. Feedback loops and
oversight ensure this remains effective, upskilling both as required.
AI approaches are used to review the performance of other AIs, of data quality and
identify anomalies in data and behaviors. These might use SPC or other statistical
tools
Cognitive systems document their decision-making process, to a standard
comparable with people being held to account for their accounts and decisions,
enabling trust in the judgments being made.
Cognitive processes don’t just rely on pre-training, but also embed iterative
feedback to continually enhance the quality. This includes ‘Chain of Thought’
prompting. (The user prefixes their question with text that includes a couple of
examples of questions and solutions, including the reasoning — illustrating a
typical chain of thought — that led to the answers).
Proprietary cognitive systems and 3rd party systems all comply with Responsible AI
initiatives and standards.
Designers of cognitive systems are held to account and assessed on their decisions
to minimize and control bias.
The outcomes from hand-offs of ethically complex issues or outliers to human
arbiters are then used to retrain and improve the system.
Level 500 Impacts
At this level the organization fluidly adopts AI alongside staff in order to excel at many
activities. Productivity is high and staff are given significant amounts of time to be
creative in exploring how to further improve the organization, with a range of cognition
tools to aid them. Staff are happy with the nature of the interactions with their AI
counterparts and with the improvements to their work and quality of life.

Azure OpenAI
Azure Cognitive Services
Azure Machine Learning
Azure Bot Framework
Azure AI Infrastructure
Azure Monitor: Network, Applications, and Infrastructure Monitoring
Azure Sentinel
Bing / ChatGPT
GitHub Copilot
Microsoft 365 (embedded AI elements)
Microsoft Power Platform
Microsoft Teams
Microsoft Syntex
Microsoft Viva
Microsoft Sentinel: Intelligent Security Analytics
Microsoft Defender Threat Intelligence
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Resources
 Tip
recent updates.
Principal authors:
Simon Hudson, MVP
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Collaboration Competency
７ Note

Microsoft 365 is at its core all about collaboration. The collaborative underpinning of the
platform goes all the way back to the earliest days of SharePoint when it was code-
named Tahoe. For this reason, collaboration is often the first draw to the platform for a
new customer. Microsoft 365 has broadened into a rich set of apps and services, many
of which support the concept of collaboration.

Collaboration is all about people working together to reach a common goal. Within
Microsoft 365, this means multiple individuals working jointly within the platform, using
its capabilities to facilitate their activities.

Model levels.
From the days of a knowledge management focus - from which much of the current
thinking about collaboration has sprung - we have the paradigm of data turning into
information, then into knowledge, then into insight, then into wisdom. Some
organizations were able to move along that path, and others were not.
With collaboration, we have a similar set of states:
Document collaboration
Team collaboration
Cross-organization collaboration
Serendipity
Innovation
These states align roughly with the levels below.
Level 100 - Initial

In many cases, the first move into Microsoft 365 is a simple migration of shared folders
on a file server into SharePoint. (This usually follows a migration of email hosting from
an on-premises Exchange server to Exchange Online. While this is extremely important,
the average end user may not even realize it has happened. At this level, most
collaboration occurs in an unstructured way, unsupported by specific technologies. Task
and document collaboration together with knowledge exchange in conversations take
place via email or phone, or in person in physical meetings. There is minimal tracking,
and an over-reliance on real-time, co-located, in-person working.

Out-of-the-box collaboration sites are created as needed without structure or
organization.
No formal process exists for requesting a new collaboration area (site, team,
group).
Naming conventions, planned information structures, oversight etc. are absent.
End users are not trained enough to see utility in the platform.
The dangers of information leakage are not understood.
Out-of-the-box collaboration sites set up as needed without structure or

organization (organic growth)
Folder structures are re-created from shared drives, usually based on individual
preference.
There is a lack of consistency, duplication, and difficulty finding or deciding where
to store files.
All documents stored in the Documents (aka Shared Documents) library, or in local
folders, the desktop or other personal stores
Content
Collaboration is document-based – a means to share a document we are working

on
While links can be emailed rather than the documents themselves, copies of
documents still get attached to emails.
Versions proliferate, usually by saving a copy of the document with a new name.
Task Management
Shared activities and tasks are managed via personal lists or post-it notes. There is
little visibility of status and activity of shared tasks other than via weekly reporting
or by asking for updates.
External collaboration may be actively blocked
Impacts
At this maturity level, many people in the organization are likely to be asking: “So what?”
They may feel they are working harder to accomplish the same goal, without seeing a
benefit. Staying at this level is generally a recipe for dissatisfaction.
Level 200 - Managed

At this level, the focus tends to be on document and file collaboration; workspaces
(Microsoft Teams, SharePoint, etc.) start to have defined structures and content rules
based on specific goals. Each team decides how to best collaborate within that
workspace, though there is little reuse and minimal consistency outside each group.
Process
There is agreement (but not enforcement) not to send attachments.
Training and knowledge remain inconsistent.
Some mechanisms are in place for new site requests, whether instantiated
technically or by convention.
External access uses default settings and is not controlled.
Most users have had little training on how to use the tools.
Better practices have not been established.
Unique document libraries are created for specific team needs.
Specialized views become more common to enable better decision making.
Metadata is used to organize documents beyond the default values e.g. status,
dates etc.
Content
Links are shared or emailed rather than documents as attachments, starting to lead
to one version of truth.
Collaboration efforts are collected in document libraries using coauthoring and
automatic versioning.
External access uses default settings and is not controlled.
Introduction of File naming conventions.
Task Management
There is some use of status indicators in documents or metadata.
Shared lists allow visibility of activities and task status; interaction with the list is via
read-only views or require downloading of a file. There is no aggregated progress
overview or reporting within the shared activities; requiring manual reports to be
issued.
Culture
There is recognition that collaboration needs to happen.
Impacts
At this level, users begin to have confidence in the platform and start to see it as an
improvement over file shares: they are thinking beyond the file share. The way they
collaborate will still vary widely by functional area.
Level 300 - Defined

Commonality across teams starts to drive how workspaces are created and set up. Sites
or Teams are created based on the type of work which will be done rather than just
using out of the box templates. Document templates exist within the workspaces or are
available from a wider intranet.
The process of collaboration is well defined and agreed as a standard business process.
There are sets of defined and documented standard processes established, signed off, in
use and subject to some degree of improvement over time. The processes may not have
been systematically or repeatedly used to the extent needed for their users to become
fully competent or the process to be validated in a range of situations, hence there are
gaps in adoption and consistency. This could be considered a developmental stage -
with use in a wider range of conditions and user competence development the process
can develop to next level of maturity.
Process
Teams are able to determine their own style of collaboration; this is defined in
policy and procedure
Processes exist to manage site and content lifecycles, external access, document
status, ownership, task allocation etc.
Culture
Discussions, meetings and actions are wrapped around collaboration activities.
Collaboration is enabled and encouraged within projects etc.

External access is audited and managed to remove access when collaboration ends
Site de-provisioning process is established as manual process
People profiles are completed to identify roles and responsibilities, supporting
expertise location
Better practices have been identified but are not strongly implemented
Deviation from established tools and approaches is discouraged
Information architecture is centrally considered and managed across the
enterprise.
There is consistency in terminology, naming conventions and formats.
Company-wide metadata is standardized, and document libraries include this
standard taxonomy, where appropriate.
Content
Site templates are developed for specific site needs.
Sites are provisioned with rich solutions, including template documents and
features appropriate to the need.
Collaboration extends beyond documents and is supported by other apps and
features
Mobile access is considered with every solution implementation.
There is a mechanism to differentiate Work-in-Progress from Final / Approved.
Task Management
Tools to allow shared ownership and management of tasks are in place and
adopted by project teams and some other task-focused teams. Where this is the
case, there is a degree of automated reporting and ‘at-a-glance’ insights into
progress.
Impacts
At this level, the organization sees a path to real ROI for the solution. There are clear
standards around the implementation, although they may not be used throughout the
entire organization. Users have a sense of security and consistency as they collaborate.

Rather than focusing on specific point solutions, a more strategic view of platform apps
and services leads to a mixed-use set of solutions. Collaborative opportunities exist not
just to facilitate ongoing work, but also to support areas of interest, centers of
excellence, etc. These opportunities lead to serendipitous connections between people
who might not have found each other before.

Culture
-Templates are continuously improved based on usage statistics/feedback
The culture is collaborative – empowerment, trust and permission

Tacit knowledge is transferred through departments and roles
Collaboration is understood beyond task-based activities
Process
Collaboration is governed and compliant
Collaboration supports line of business systems.
Diary management is well-established, and availability for collaborative work is
managed (including real-time presence and ‘focus’ time slots).
Asynchronous collaboration is facilitated by features (e.g. @mentions) that
signpost colleagues to content and actions, ensuring notifications are productive
rather than interruptions.
Productivity and other collaboration metrics provide insights.
Opportunities for informal conversations are actively created (water-cooler
conversations), especially within disciplines
There is a strong understanding of the value and risk of collaboration and

governance and security approaches are implemented to minimize data leakage,
allow and prevent sharing as needed, to reactively review or investigate activities.
There are time, location, device and person limits on access to content and
collaboration between people
Content is protected to ensure history of changes, prior versions etc. remain
accessible for productivity and compliance purposes.
Duplicate content is actively disallowed unless a scenario requires it - single
version of the truth.
Processes are in place to minimize the risk of staff using out-dated information
and files in collaborative decision making or activities.
There is an auditable history of collaboration activities with an understanding of
how it can help support effective governance.
Collaboration extends to appropriate solutions within Microsoft 365 (ex. Task
management in Planner).
Company-wide metadata may integrate with other enterprise systems (e.g., ERP,
CRM). Consistency extends across platforms.
Enforcement of information structure, metadata, site and directory design ensures
consistent use across roles and departments
Content
Communication channels are used to segregate topics.

There is a mechanism to segregate Work-in-Progress from Final / Approved, and
to protect Finalized versions from change.
Content can be shared across organizational boundaries enabling efficient
collaboration with partners, clients etc. without loss of control or governance.
Strategies are in place and effective for remote and offline working on
collaborative content.
Task Management
Task management tools are consistently and widely used to track and monitor
team, department and organizational activities.
There are shared notifications for activity updates alongside on-demand ‘at-a-
glance’ insights.
There is active support for multiple collaboration modes, including real-time co-
working and co-editing, ‘as-needed’ collaboration.
Collaborative activities are largely unconstrained by geography or time zone.
Most activities can be completed collaboratively, with simple mechanisms to find
and access co-workers.
There are tools and processes in place to protect individuals’ time from
interruptions.
Diary management is well-established, and availability for collaborative work is
managed (including real-time presence and ‘focus’ time slots).
Mobile, remote, and office scenarios are equally supported.
Asynchronous collaboration is facilitated by features (e.g. @mentions) that
signpost colleagues to content and actions, ensuring notifications are productive
rather than interruptions.
Productivity and other collaboration metrics provide insights.
Impacts
At this level, users rely on the platform for their day to day work as well as for special
interest areas that contribute to company culture. The platform is seen as work-
enhancing, not detrimental. Users understand and follow governance best practices,
with a high degree of trust in the platform. The collaborative experience is fluid and
largely frictionless, allowing easy access to internal and external colleagues on demand.

At this level, many transactional actions are automated to ensure consistency and good
governance. Because people are connected across the organization based on their skills,
interests, and work, innovative collaborations arise without formal structures. These
innovative efforts are encouraged and given space to work and flourish.
Culture
Collaboration is baked into the culture.
Staff are expected to do non-traditional/non-task collaboration
Deep collaboration enabled through cross-skilling, placements and multi-
disciplinary meetings.
Informal and formal knowledge transfer are designed into the organizational
culture (water-cooler conversations) across disciplines. No one needs an excuse to
collaborate.
Process
Automation enables and protects collaborative efforts, in line with understood

policies.
Downstream collaboration processes are automated & optimised.
Staff are accountable for tasks and commitments; with feedback used to assure
productivity.
Collaboration processes and benefits extend to external partners.
Automated processes exist for de-provisioning and archiving sites when

collaboration ends.
A policy or mechanism is in place to check for duplicates, reducing site and
content sprawl.
Active data loss prevention is in place, including keyword/term flagging,
communication monitoring and deep dive eDiscovery across all technologies.
Graded security with policy enforcement is leveraged to provide different levels of
protection during collaboration depending on sensitivity, risk and environment.
Governance and security intervention are seen as business enablers that provides a
safe framework for collective endeavors.
Metrics are used to measure and improve collaboration outcomes, clearly
connected to strategy.
Metadata is used across site collections to centralize relevant information so that it
can live anywhere but still be found / leveraged.
Automated tagging may be present.
Sensitivity labelling is automated and related to the content, purpose and risk of
the collaborative activity.
Better practices are continually developed to enable effective collaboration across
a wide range of tools, scenarios and roles; existing practice is routinely reviewed
and teams are helped to collaborate more effectively based on insights.
Content
Site designs or templates are enforced and used to reflect project phases.
Content and task status are actively used to provide insights and trigger actions,
including automation of downstream processes.
There is active monitoring of content shared across organizational boundaries.
Lifecycles, redaction, and access revocation are enabled and largely automated.
Live documents are shared as attachments in email only as exceptions.
Task Management
The collaborative platform is highly integrated, serving a wide range of tools and
capabilities that seamlessly support many simultaneous modes of collaboration.
Task management tools are required at multiple levels across an organization and
individuals and teams are held accountable for their collective tasks, including to
board level.
There is organizational level monitoring of collaboration activities, with targets for
the degree of interaction expected based on roles.
There is specific focus on optimizing collaborative activity to enhance productivity,
minimize cost and risk.
Collaborative work is a strategic element of the organization’s culture.
External partners are supported in adopting collaborative approaches.
Legacy ways of working are actively replaced or removed through an active
continuous improvement.
Impacts
At this level, business leaders and platform administrators are implementing continuous
improvements based on user activities and feedback. Users are proud of their
collaboration platform and can show real ROI over the way they previously worked.
Cost & Benefit

When we talk about the benefits of collaboration, we are often asked to provide a clear
ROI. This can be difficult to do, just as it has been with other knowledge-based efforts in
the past.
Some examples of collaboration ROI include:
Faster time to produce results and respond to requests (reduced time spent in
searching, locating latest version, collating changes from multiple users, etc.)
Reduced travel and overhead costs
Increased employee satisfaction (feeling supported rather than hindered by tools
and systems)
Innovation is common (generating and executing on ideas through making
connections that would not have been possible in the old file-share world)
Anecdotes can be incredibly important for demonstrating benefit. It’s powerful when a
team says they reached a goal faster or better and are willing to be quoted on it.
“Better” cannot always be quantified, but if the professionals in your organization claim
it, it is probably real. Collect these anecdotes as you go along; they will prove useful.
Conclusion
Leveling up your collaboration maturity means you are rethinking processes. This leads
to direct benefit as you shift from “the way we’ve always done it” to “how could we do
this better?”
With collaboration at its core, the Microsoft 365 platform can be an incredible enabler of
better practices. This can only be realized if your organization continues to learn, grow,
and evolve its practices, striving for improved collaboration.
Common Microsoft 365 tool sets

Every organization can choose how best to use the Microsoft 365 platform for
collaboration. The best answer for a large multi-national conglomerate would make little
sense for a five-person financial advisory firm. The Microsoft 365 apps and services most
likely included in the mix for collaboration include the following:
Excel
Loop
Microsoft Teams
OneDrive
OneNote
Outlook
Planner
PowerPoint
Project Online
SharePoint Team Sites
To Do
Viva Engage
Viva Goals
Viva Insights
Viva Sales
Viva Topics
Word
Yammer
Resources
 Tip
recent updates.
Principal authors:

Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Elevating Collaboration
７ Note
Introduction
The Collaboration Competency article provides an overview of communication concepts
within Microsoft 365 and details for each of the five maturity levels from Initial to
Optimizing (100 through 500). It adopts a broad, technology-agnostic approach to the
business characteristics of communication plus the expected benefits.
This article
explores how organizations at any level could use the Microsoft 365 suite (and
associated technologies) to reach a higher maturity level.
How to move from Initial to Managed (Level

100 to 200)
Organizations at the 100 level in many cases have completed the first move into
Microsoft 365 as a simple migration of shared folders on a file server into SharePoint. At
this level, most collaboration occurs in an unstructured way, unsupported by specific
technologies. Task and document collaboration together with knowledge exchange in
conversations take place via email or phone, or in person in physical meetings. There is
minimal tracking, and an over-reliance on real-time, co-located, in person working.
The
following are potential approaches to moving from this level of collaboration to more
structured and effective methods of collaboration:
Governance & Security 100 to 200

Provide guidance on how to select different tools for different needs, the key
settings to apply and a contact for asking for help in adopting the
recommendations. Set out expectations for what the organization wants staff to
use and clearly identify and then communicate which tools are not to be used.
Identify key stakeholders to drive strategic decisions around collaboration styles in
the company. This steering committee commonly includes information technology
(specifically IT security), human resources, and key leadership roles. It is important
to have cross-functional representation in this committee as each function may
have different internal and external collaboration needs that should be considered.
In small organizations, this may, instead, rest with a leader or manager who takes
input from colleagues to achieve the same outcome as a committee.
With the committee, determine a scalable approach for intake of new collaboration
site requests, specifically in SharePoint and/or Teams. This may begin as simply as
an email request or form with name, department, site title, internal/external usage,
and description, which is rapidly reviewed and actioned or approved. Identify any
additional information that needs to be tracked for site lifecycle management at
this time.
Review existing sites, tools etc. and start to manage out any which are unused or
create business risk.
Provide feedback to staff in the form of stories, anecdotes and examples of good
and bad use of the tools to support the emerging strategy.
Information Architecture 100 to 200

During site builds, begin evaluating structure of content to determine if there
should be multiple sites or document libraries. In file shares, documents commonly
all stem from one department or project folder. In SharePoint Online, multiple
document libraries can exist in each Team Site .
For example, consider a Human
Resources team site. There may be different teams working on benefits, hiring, and
terminations. These can become different sites or different libraries, depending on
the organizational needs and the scope of that work.
While building document libraries, consider usage of site columns to create
metadata instead of folders.
For example, in the Human Resources benefits site
there may be a site column for “Year” that is used to group the benefits documents
as they change annually. There may also be a content type for “Medical Benefit” or
“Insurance” to support comparing plans over years as well as tracking different
metadata for these document types in the future.
Hint: File names generally
contain at least one or two pieces of metadata already, though it may be
inconsistently used.
Create different Views in Lists and Libraries to introduce staff to the ways to
organize the information they are collaborating on. Think of views as an index for
action, not just a list of objects.
This might include adding Status and
Categorization columns and grouping and filtering by these. For example:
Grouped by Status (“Not Started”, “In progress”, “Awaiting review”, “Complete”),
Filtered by Allocated to person or group=[Me]
Content 100 to 200

Encourage managers to ask staff not to send attachments. Show staff how to save
attachments to a shared space, such as in OneDrive, Teams or SharePoint and to
send sharing links from there.
Provide training on the ability to share document links versus email attachments to
support coauthoring and automatic versioning. This can be a short video on
better collaboration practices or a more intensive training including additional
guidance on better ways to collaborate if you are looking to implement Microsoft
365 at a higher maturity level.
Task Management 100 to 200

During document library builds, inquire around the document lifecycle process to
identify any tracking or business process needs. This can be shifted from a
separate document to be attached directly to the documents in the document
library. In the early stages, this may be as simple as a site column with “Document
Status” which has choice values of “New,” “In Progress,” In Review,” and
“Completed. You may also include a site column for “Assigned To” and choose the
responsible party.
-Shift activity tracking in Excel etc. into SharePoint lists, Planner,
To Do etc. and use these tools in meetings, collaboration sessions and reporting.
General 100 to 200

Reinforce the benefits of using the recommended tools and approaches. Call out
successes and share stories of issues and near misses associated with level 100
characteristics. At this stage, anecdotes are critical.
Encourage good practice, discourage older approaches. Consider incentives and
disincentives for these. It may take a while to get these incentives into place,
generally at a higher maturity level.
How to move from Managed to Defined (Level
200 to 300)
At the 200 level, the focus tends to be on document and file collaboration; workspaces
(Microsoft Teams , SharePoint, etc.) start to have defined structures and content rules
based on specific goals. Each team decides how to best collaborate within that
workspace, though there is little reuse and minimal consistency outside each group.
Lifecycle management begins to be a consideration in collaboration practices.

The steering committee, formed at the 100 level, begins meeting to identify site
auditing needs. This may include oversight to external access and site lifecycle to
create manual processes for managing both.
The steering committee defines and documents better collaboration practices for
how the company should be collaborating internally and externally aligned with
the company culture, size, existing business processes, security, and compliance
requirements. The better collaboration practices should include guidance on what
system to use when and any systems that are not supported for collaboration at
the organization.
For example, if a department is working with a vendor on a
project it is recommended all collaborations occur on a SharePoint team site with
external sharing enabled and the vendor’s access is removed at the end of the
project. For a regulated industry, this may require accounts for the vendor on the
company’s tenant for greater control.
Begin actively migrating, archiving, decommissioning and blocking tools and sites
that are not aligned with policy.
Create a community where Collaboration Leads (often Site Owners) can interact
within a “safe space” to share better practices, ask each other questions about
approaches, and find documentation. This community will lead training and
empower site members in future maturity levels.
Begin the process of Collaboration Leads formally reviewing content within their
team sites. Common mistakes or challenges are tracked.
Begin a beta test for completing user profiles within Microsoft 365 to include
projects, areas of expertise, and specifications on roles to be used as a subject
matter expertise locator. Focus on the beta group completing profiles and locating
other experts with search to improve their ability to collaborate across functions
(versus finding experts via institutional knowledge and forwarded email chains
until the correct contact is identified).
If a file naming conventions document exists for previously used systems, review
this document under the lens of Microsoft 365 to keep applicable processes and
add updates for system changes.
For example, the file naming conventions might
still apply except for tracking department and version date as these pieces of
metadata are captured by which site the document is saved to and the automatic
version history. If you applied document tracking metadata like “Document Status,”
this information will now also be removed from the file naming conventions.
-
Identify common metadata across the organization that will be consistent across
functions and departments. If a file naming conventions document exists at your
organization, use this source to help identify common metadata needs that can be
translated from a file name into site columns.
For example, if your organization has
a list of products, this list should be in the Term Store to ensure all sites using a list
for “Products” is consistent.
Identify the methods for sites to access the common metadata. If site columns
should be automatically applied to all sites, this can be achieved through the
Content Type Hub . If sites should opt into adding the metadata to their sites,
this can be achieved through creating term sets in the Term Store or creating Site
Designs for self-service application of common information architecture.
For
example, you may want each department to manage their own company policies
and have all policies appear on one page based on search based off the content
type. The content type of “Policy” can be created in the Content Type Hub (for
automatic application to the site) or as a Site Design (for self-service application to
the site) with columns for “Effective Date” and “Expiration Date.”
Group sets of collaboration activity together using Hub Sites in SharePoint and
Channels in Teams.
Content 200 to 300

Review the existing sites for collaboration to identify any patterns in site
architecture needs. Begin recording these patterns across all sites to develop site
templates, increasing consistency across sites and reducing implementation time.
For example, all team sites focused on projects for a specific product may have the
same document template and library needs.
With the steering committee, begin identifying better practices for collaboration
discussions and the behaviors the organization wants to encourage. This may
include email, Microsoft Teams, chats, meetings, and phone calls. Outline what
types of conversations belong in each communication method to increase
consistency in collaboration communication across projects. This is especially
important to support effective cross-functional collaboration.
Explore team collaboration needs outside basic document collaboration. Some
teams may need additional capabilities such as ability to take centralized meeting
notes, project tracking, a database for information tracking, a knowledge base,
project or technical training, etc. These needs can be included within the scope of
the team site creating a one-stop-shop for those team members.
Ensure staff are aware of the co-authoring capabilities within MS Office in
conjunction with SharePoint and OneDrive.
Ensure staff are aware of the tools for implementing actions and comments across
MS Office and Microsoft 365, including @mentions, task creation, tab and
document conversations.
Create central content stores for commonly needed information and documents,
such as templates, using Lists and Libraries in SharePoint.
Create shared folders in OneDrive for team members to store ad hoc content for
working on with colleagues within and outside the organization. Define a common
folder structure for these, such as: Temp, Private, Shared with Team, Shared with
Everyone, Shared Externally.
Develop and use common language and terminology for collaboration activity,
tools and locations.

Review the documents used for tracking and current business processes to map
the information needs to capabilities within Microsoft 365 (like Microsoft Lists ,
Planner , Project , and To Do to identify the best solution). Begin beta tests
within working groups to evaluate the transition to these new options that can
integrate into their existing team sites.
Establish common Buckets and Tags in Planner to ensure both consistency and
ease of use for staff operating across multiple plans. Where appropriate, align
these with document categories.
How to move from Managed to Predictable to

(Level 300 to 400)
Organizations at the 300 level being to find commonality across teams driving how
workspaces are created and set up. Sites or Teams are created based on the type of
work which will be done rather than just using out of the box templates. Document
templates exist within the workspaces or are available from a wider intranet.
The process
of collaboration is well defined and agreed as a standard – and understood - business
process. There are sets of defined and documented standard processes established,
signed off, in use and subject to some degree of improvement over time. The processes
may not have been systematically or repeatedly used to the extent needed for their
users to become fully competent or the process to be validated in a range of situations,
hence there are gaps in adoption and consistency. This could be considered a
developmental stage - with use in a wider range of conditions and user competence
development the process can develop to next level of maturity.

The policies on how to collaborate, which technologies to use and what good
practice behaviors processes are required will need to be enforced as part of the
elevation to level 400 working. Legacy approaches should be actively eliminated
(except where there is robust justification for retaining them), late adopters need
to be actively retrained and re-tasked. Line management intervention may be
needed to ensure compliance. Meanwhile, line managers should be made
increasingly responsible for ensuring organizational standards and ways of working
are implemented.
Collaboration Leads train the organization on better collaboration practices to
support productivity and compliance with the collaboration guidelines. More
formal support is added to ensure all collaborators have a deep understanding of
sharing, coauthoring, and external access. The focus in this training is improving
productivity within and outside the organization with an emphasis on the common
mistakes or challenges that have been tracked.
The spectrum of collaboration is considered by the steering group, including:
Ad hoc, regular and structured collaboration
Real-time, near real-time and ‘as-required’
Routinely review data and feedback to identify improvement projects, target
training, and support active teams. In parallel, use the same sources to archive or
remove end of life or unused collaboration areas and tools.
With the steering committee, create a one-pager for external collaboration
guidelines to be socialized across the organization. Depending on the
organization, collaboration might be added to the formal IT security training that is
required for all employees.
Ensure that collaboration need not be constrained by time, location or device: i.e.,
enable anytime, anywhere, any device collaboration, within security boundaries
and practices.
Begin reviewing auditing options to measure and track all security, external
collaboration, and internal collaboration best practices. This was previously done
manually on a case-by-case basis so the exploration is extending to more
automated solutions which may include tools like the audit log .

Begin meeting with other enterprise system owners to identify and align common
metadata across systems. Begin researching integration opportunities for
automatic synchronization of metadata across systems. Seek opportunities to
embed enterprise systems within collaboration spaces; for example, embedding
them within Microsoft Teams as tabs, to allow channel and tab conversations
within teams using the applications.
Collaboration Leads frequently review sites to ensure alignment with collaboration
guidelines. This may include review of permissions, unique permissions,
information structure, metadata, and potentially similar collaboration sites.
Content 300 to 400

The review of auditing options for governance and security will also support
implementing effective strategies for content to be shared across organizational
boundaries and externally without loss of governance or control.
Ensure staff are fully familiar with the co-authoring capabilities within MS Office in
conjunction with SharePoint and OneDrive.
Ensure staff are fully familiar with the tools for implementing actions and
comments across MS Office and Microsoft 365, including @mentions, task
creation, tab and document conversations.

Collaboration Leads train the organization on better collaboration practices
extending past document management and other integrated solutions in
Microsoft 365. More formal support is added to ensure all collaborators have a
deep understanding of where to communicate during collaboration and how to
track tasks across projects. The focus in this training is improving productivity
within and outside the organization with an emphasis on the common mistakes or
challenges that have been tracked.
How to move from Predictable to Optimizing

(Level 400 to 500)
At the 400 level, a more strategic view of platform apps and services leads to a mixed-
use set of solutions. Collaborative opportunities exist not just to facilitate ongoing work,
but also to support areas of interest, centers of excellence, etc. These opportunities lead
to serendipitous connections between people who might not have found each other
before. Usage of the technology may also drive performance improvement efforts, since
high functioning teams usually generate better practice uses of the platform.

Employ data, analytics and feedback to understand collaboration needs and habits
and how to continually improve across the full spectrum of collaboration modes
and across platform, people and process. This could include understanding how to
create more effective teams and configure their collaboration workspaces
accordingly.
Begin exploring automation options to enforce governance and security guidelines
which have been manually maintained to this point. This may include solutions like
retention labels, sensitivity labels, flows in Power Automate for site lifecycle
management, custom development, or third-party solutions. The focus is on
reducing manual interventions to support the business processes so the platform
owners can focus on future innovations.

With the steering committee, determine a feedback cycle to continually review
existing practices to support more effective collaboration. New releases and
improvements to the collaboration guidelines are discussed throughout the year
to ensure the newest Microsoft 365 releases and their impacts to existing
processes are considered.
There is an increased focus on using existing metadata to present content in a
search-based manner, reducing the manual work of content curation and
decreasing the likelihood of duplication of content.
For example, you may being exploring automation of metadata and centralized
knowledge management through tools like Viva Topics to create topic cards,
automatically surface related documents, and showcase subject matter experts.
Content 400 to 500

Begin creating template solutions for the patterns identified earlier across
collaboration sites. These solutions should have a self-service or clear request
process ensuring organizational understanding and usage.
For example, there may
be a common project lifecycle at your organization that can be supported through
multiple site designs for project initiation, project approval, and project closure.
Explore automation opportunities to extend existing metadata to support
downstream business processes.
For example, a document with a “Document
Status” of “Final” triggers a Power Automate flow to email the project manager for
document approval. Once approved, the tasks in Planner are automatically marked
as complete and the document “Approval Date” column is populated.
Explore options for Power Automate based notifications, reminders and discovery
of content and subject matter experts who can contribute to collaborative
activities.
Take advantage of existing and emerging AI driven agents and helpers, such as
Cortana Scheduler , My Analytics and Work Analytics.

With the steering committee, review feedback from the extended collaboration
guidelines focusing on communication and task management improvements.
Identify organizational expectations for all projects’ task management and how to
surface tasks across projects and functions in a centralized location. This
centralized location should also support individual task management tracking.
Implement training on using the centralized location for task management
ensuring enterprise-wide usage. This training may include formal sign-off and a
supporting company policy, depending on the organization. External collaborators
may also be required to attend this training ensuring consistency in collaboration
styles internal and external to the organization.
Conclusion
Leveling up your collaboration maturity means you are rethinking processes -
continually. This leads to direct benefit as you shift from “the way we’ve always done it”
to “how could we do this better?”
With collaboration at its core, the Microsoft 365
platform can be an incredible enabler of better practices. This can only be realized if
your organization continues to learn, grow, and evolve its practices, striving for
improved collaboration.
Resources
 Tip
recent updates.
Related documents
Introduction to the Microsoft 365 Maturity Model
Maturity Model for Microsoft 365 - Collaboration Competency
Principal author: Emily Mancini, MVP, UXMC

Simon Hudson, MVP
Simon Doy
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Communication Competency
７ Note

Communication is a core competency of a successful modern organization. Most
organizations want to be sure their population is well-informed about strategic
direction, operational initiatives, cultural mores and norms, and the like. However, many
organizations fall short.
Knowledge in the board room must get to the mailroom; likewise, senior staff need to
hear the thoughts of people further down the reporting lines. The breadth of
communication needs to be appropriate to the nature and urgency of the message and
its intended audience. This competency focuses of the levels of maturity which
organizations can achieve.

Communication is generally defined as a smaller number of people providing useful
information to a larger group of people. This is most commonly the model for Intranet
sites in SharePoint, Yammer groups, or organization-wide Teams.
Communication encompasses the processes of creation, approval, and distribution of

content. The content itself can take many forms, such as News Posts, discussions about
broad topics, articles and blog posts, benefits descriptions, etc. It can also encompass
high importance alerts and notifications, possibly with feedback and tracking. Concepts
like consistency, predictability, and relevance require both human investment and a
robust technology platform.
Communication professionals will sometimes refer to the Principles of Communication;

these might be worth considering alongside your maturity assessment.

Model levels.
Level 100 - Initial

This is the starting level for a new or untried process. As with all 100 level characteristics,
practices may be somewhat effective, but they don’t take advantage of the power of the
platform, nor do they take into account the multiple use cases which exist in even the
smallest and simplest organization. Typically, they are undocumented and in a state of
dynamic change, tending to be driven in an ad hoc, uncontrolled, and reactive manner
by users or events. This provides a chaotic or unstable environment for the processes.
100 Governance, Risk, Compliance & Security
There are no restrictions or guidance on who should communicate to whom or by

what means.
Communications are frequently ad hoc, not based on templates, lack governance,
and do not tend towards an agreed ‘house’ style.
High impact communications lack a review and approval process.
100 Information Architecture

Most communications are untargeted or weakly targeted to intended audiences.
Navigation and taxonomy have not been formally considered.
100 Content
There is heavy use of email to circulate information, updates, newsletters and

attached documents.
Content in emails becomes stale or out of date as soon as it is sent. Corrections
after the fact require duplicated content.
The folder structure for storage is re-created from shared drives, and published
content largely takes the form of documents or PDFs.
Minimal feedback mechanisms are available for the communications and are not
formalized.
Tracking for readership is absent.
There is no means of prioritizing important communications, nor of scheduling
their availability.
100 Impacts
Frustrated and confused users

Lack of consistency
Inability to meet compliance requirements if any are in place
Poor communication reach, limited engagement, and low levels of awareness.
Gaps in coverage - not everyone who needs to see all relevant content.
Poorly considered, incorrect and misleading communications
Level 200 - Managed

Processes are documented or managed by a central group to enable (but not enforce)
the preferred ways of communicating. Some processes are repeatable, possibly with
consistent results. Process discipline is unlikely to be rigorous, but where it exists it may
help to ensure that existing processes are maintained during times of stress.

Nominated functions for reviewing/creating/releasing some classes of
communications, i.e. nominated communications roles.
A policy is available to guide users on appropriate communications and there are
mechanisms to support them.
Example ‘tone of voice’ guidance, reinforcement of company values and phrases
(including mission statements).

Some degree of targeting, based on groups and distribution lists; users are not
necessarily aware of the ability to do this
Basic mechanisms for prioritization of higher importance messaging exist, but are
ungoverned
200 Content
Use of templates for messages, newsletters, documents are in place, but not
enforced
Standardized images and logos (stored in a shared location)
More than a single method of pushing communication to internal users, leading to
some consideration of which tool in the portfolio is best for specific
communication
Publication of key messages to an intranet or other persistent system for ad hoc
access and later retrieval
Some mechanisms for feedback or further interaction resulting from
communications
Ability to schedule future communications
200 Impacts
At this level, communications often don’t follow expected layouts, style, and standards.
A central set of policies may exist, managed by a central owner, but there is no shared
understanding across the organization of what these are.
Level 300 - Defined

defined and documented standard processes established, signed off, and subject to
some degree of improvement over time. The processes may not have been
systematically or repeatedly used to the extent needed for their users to become fully
competent or the process to be validated in a range of situations. This could be
considered a developmental stage - with use in a wider range of conditions and user
competence development the process can develop to next level of maturity.

Communications policies are published and widely understood; some monitoring
and reinforcement is in place.
Guidance exists on writing style; spelling and grammar checking is in active use.
Feedback and corrections are acted on.
Brand guidelines cover internal as well as external use.

Different communication mechanisms/channels are understood at an
organizational level and often used effectively by staff
The purpose of different types of communication are considered and understood
and appropriate strategies are defined for different categories and constraints.
The portfolio of communication options is broader, and a clear set of rules
determine which to use for specific content types
Mechanisms exist for sharing localized messages with other parts of the
organization; these are based on author judgement
300 Content
Templates, images, and logo assets etc. are available and encouraged.
Top down, bottom up, and peer to peer communications are supported
Mechanisms to prioritize messages exist in multiple channels, are well defined and
broadly understood
Basic, mostly manual mechanisms are in place for scheduling communication,
updating, removing or archiving superseded or expired communications.
300 Impacts
At this level, there is a stated strategy for communication that is understood and
supported at executive level. This encompasses the many types of communication, with
different purposes, approaches, and audiences. Communication is widely accessed and
is broadly effective. There are mechanisms with agreed processes for centrally delivering
the common communications needs using images and templated layouts.
Users experience consistency in core communication and know where to go for specific
information. They can use feedback mechanisms, and most people can access what they
need regardless of device, location etc. Less common scenarios are somewhat
overlooked, ad hoc or lacking consistency. Higher priority/importance communications
can be prioritized, so that they are not lost in the ‘noise’. It is possible to sequence
communications, allowing planned campaigns and timed release of information.

The communication process is actively managed in accordance with agreed processes,
and the governance is well-defined, widely understood, and followed. Metrics are in
place to track communication effectiveness.
Message life cycle management ensures timeliness, approvals, moderation,

accuracy, tracking, and removal at the appropriate time.
Logs, feedback, site usage etc. confirms that content and messages are being
received and that tracking analytics and reporting are available

Communications are displayed in as many locations as needed, in the proper
context, but without duplication of content.
Individuals, groups and roles are consistently targeted, based on well-maintained
profiles and tagging
Different media types are employed to ensure reach and comprehension across
the workforce, e.g. live chat, published documents and pages, live briefings, on
demand video and podcast/audio (for road warriors, for example)
The process for aggregating information from multiple sources, or for pushing
messages from one part of an organization to another are actively curated
400 Content
Templates and standards are mandated and embedded in the communication
process
Mechanisms to prioritize messages are standardized and broadly adopted.
Processes exist to manage inappropriate use and these processes are connected to
incentives
Organizational Assets, such as agreed imagery, iconography, are standardized for
communications use.
Written content is formatted and presented to support online reading patterns and
accessibility standards
Communications are sampled for style, effectiveness etc. and guidance on
improvement is offered.
Some Compliance and DLP rules are enabled
400 Impacts
At this level, users have a high degree of trust in organizational communications. They
understand the communication mechanisms that are available, and feel confident in the
source and appropriateness of what they receive. This maturity level still may create
dissatisfaction in some users who remember the “wild west” days of the organization
when it was less mature, and who feel restricted in their ability to communicate if they
do not have the appropriate role or level of rights.

Management of the communication process includes deliberate and systematic process
improvement and optimization. There is a focus on continually improving
communications through both incremental and innovative technological changes or
improvements. Level 500 is likely to include automation, reduction in manual tasks and
associated variability, strong governance and compliance interventions, as well as
optimization for user interactions and productivity.

Communications are automatically sampled for style, effectiveness etc. and
guidance on improvement is implemented.
Communication training is provided across multiple media types.
Lifecycle management is strongly implemented and largely automated.
Compliance and DLP rules are comprehensively applied and enforced.

Curation of communication is performed by ‘the system’.
AI, based on the understanding of the reader’s interests and role, creates linkages
across knowledge and communication systems and pushes content to individuals
and groups based on role, activity and interests.
Communication stratification is strongly implemented across media types and
roles.
500 Content
Formatting and publication of content to different media types is automated or
instantiated in robust processes (e.g. text to speech, speech to text, automated
publishing, multi-lingual or multi-cultural content)
Longitudinal communications are well understood and carefully managed.
A-B testing of messaging may be in place.
Focus time (non-communication periods) are encouraged and protected.
500 Impacts
At this level, the ROI to the organization is demonstrable, and all users feel they have a
voice through feedback mechanisms and content submission channels. The system
supports communication governance, so users don’t need to remember the rules,
making interactions more intuitive and lightweight.
Scenarios
News and updates

The head of sales shares news about a massive deal with the department and rest
of the organization.
The CEO shares a story about a key new partnership that the organization has
entered.
The marketing department shares news with key customers about the latest
innovations within the organization.
The senior management team holds a town hall meeting with the whole
organization to keep employees informed on the organization's performance.
Alerts and Notifications

The company needs to alert the workforce to an external audit next week.
Employees need to be made aware of a road accident which is causing travel
delays.
Accounting shares that expenses are due at the end of the month.
Vision, goals, mission

The organization embeds an updated mission statement, with values and the rules
of engagement to their staff.
Campaigns
Changing work practices during unusual circumstances are announced and
updated on a rolling basis, with confirmation from staff that they understand and
will comply or adjust
Newsletters
A monthly, mobile-friendly news digest is published in a form that different staff
will access and consume, including frontline shop-floor workers and field-based
staff
Innovation
The organization fosters innovation and improvement by inviting employees to
make suggestions on how to improve the way the business works and suggest
new product ideas.
An employee asks for help across the organization to create a response to tender.
An employee asks a question around whether product X can do Z
Cost & Benefit

Corporate communication is often seen as somehow exempt from the usual ROI driven
business case; it has been difficult to quantify the benefits, while the costs are often
fragmented across multiple approaches and purposes.
Some examples of communication ROI include:
Reduced errors, waste, and inefficiency

Improved completion of objectives based on shared goals and understanding
Active avoidance of risks and non-compliance
Enhanced culture and improved collaboration when everyone is receiving
consistent messaging, especially across boundaries (departmental, geography,
group, company, etc.)
Enhanced customer and/or vendor perception where communication channels
extend outside the organization
Improved employee satisfaction due to feeling engaged, with the ability to provide
feedback and participate in decisions
Innovation (requesting, generating, and executing on ideas through sharing goals
and making connections)
Costs are driven by the need to deploy and support the communication technologies,
up-skill staff in their use and, most importantly, by investing in best practice and policy
adherence.
Conclusion
Organization communication is much broader than email and newsletters. Effective
communication is highly sophisticated, enabling many types of corporate
communications using a range of technologies in order to provide the right message to
the right people in the best format at the right time. Great communications incorporate
feedback, enable action and organizational change, and develop the culture whilst
ensuring compliance and addressing risk.
Organizations should define their desired maturity, based on their needs, circumstances
and capabilities. They should recognize that embedding good communication is more
than implementing a range of technology solutions.
Common Microsoft 365 tool sets

Every organization can choose how best to use the Microsoft 365 platform for
communication. The best answer for a large multi-national conglomerate would make
little sense for a five-person financial advisory firm. The Microsoft 365 apps and services
that are in the mix for communication include the following:
Email
Delve / people cards
Mobile device notifications (via Flow, Teams etc.)
Microsoft Teams
SharePoint Communication Sites
SharePoint News / News Digests
Stream
Sway
Viva Amplify
Viva Connections
Viva Engage
Viva Goals
Viva Insights
Viva Pulse
Viva Topics
Yammer
Resources
 Tip
recent updates.
Related documents
International Association of Business Communicators
Example style guide
Organizational communications: Guidance, methods, and products
Principal authors:

Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Maturity Model for Microsoft 365 *
Elevating Communication
７ Note
Introduction
The Communication Competency article provides an overview of communication
concepts within Microsoft 365 and details for each of the five maturity levels from Initial
to Optimizing (100 through 500). It adopts a broadly technology-agnostic approach to
the business characteristics of communication plus the expected benefits.
This article
explores how organizations at any level could use the Microsoft 365 suite (and
associated technologies) to reach a higher maturity level.

100 to 200)
Organizations at the 100 level of communication may find practices to be somewhat
effective, but they don’t take advantage of the full power of the platform, nor do they
take into account the multiple use cases which exist in even the smallest and simplest
organization. There are no restrictions or guidance on who should communicate to
whom in any standard format. The majority of communication is sent in email without
consideration of varied audiences.
Identify key stakeholders to drive strategic decisions around communication styles

in the company. This group commonly includes corporate communications and/or
marketing, human resources, information technology, and key leadership roles.
This Communication Steering Committee may then focus on:
Creating a communication style guide. This may include items such as defining
tone of voice, reinforcement of company values and phrases, and guidance for
writing for the web.
Developing a communication policy to guide the organization on better
practices for sharing news and events.
Identifying communication leads across departments to serve as champions of
business process changes and technology, reviewers, and voices of the
customer to the steering committee.
Develop templates for communication including approved imagery in a central
repository all employees can easily access.
Begin discussions and review of varying communication channels available to
the organization to identify which messages belong in each channel. For
example, a company may decide to use Yammer for all employee resource
group communications.
Begin identifying varying audiences in the organization to drive better targeting
of communications in the future. The steering committee may find it helpful to
create personas for groups across the organization to form a better mental
model of the varying audiences. This can serve as a true north for the team as
governance continues to evolve.
Identify methods for feedback on communications so impact can be measured
over iterative improvements. At this stage it is strongly recommended to
complete user research to define a baseline so any future changes can measure
the impact to the organization.

200 to 300)
Communication at the 200 level sees some improvement as there is sporadic usage of
the layouts, style, and standards. There is shared understanding of these resources
across the organization though there is no training, support, or enforcement of these
guidelines.
Communications leads socialize the communication style guide and

communication policy within their teams to ensure full understanding of guidance.
This is also an opportunity for additional feedback for the steering committee for
any challenges with the current guidance.
Create a community where communication leads (often Site Owners) can interact
to share better practices, ask each other questions about approaches, and find
documentation.
Begin the process of communication leads formally reviewing content within their
team before it is dispersed. Common mistakes or challenges are tracked.
Company culture, company size, communication security, audience, persistence of
message, and intent of communication have been considered to identify which
communication channels best support the needs. Document this guidance and
share with the communication leads.
Communication leads empower their teams to communicate across newly defined
channels to support bottom-up and peer-to-peer communication.
Varying audiences in the organization have been identified for better targeting of
communications. Begin targeting messages to these audiences across
communication channels to drive engagement in communications that are
relevant.
Begin conversations with the steering committee to identify any needs for
removing or archiving old content and scheduling future content.
How to move from Defined to Predictable to

(Level 300 to 400)
Communication is widely accessed and is broadly effective. There are mechanisms with
agreed processes for centrally delivering the common communications needs using
images and templated layouts. Users experience consistency in core communication and
know where to go for specific information. They can use feedback mechanisms, and
most people can access what they need regardless of device, location etc.
Communication leads train the organization on writing for the web to support
compliance with the communication guidelines. More formal support is added to
ensure all authors have a deep understanding of accessibility standards and online
reading patterns. The focus in this training is creating engaging and inclusive
communications that convey a message resulting in a change in behavior (taking
the action in communication, engaging in communication, etc.).
Communication leads begin monitoring communication sources to ensure there is
one source when topics are shared across channels.
For example, there is a SharePoint news post on the Intranet about the
company’s upcoming re-branding. This post is then shared on Teams within the
Marketing Department, so the team is up to date on what has been shared with
the company for their current initiative. The same post from SharePoint news is
then also shared on Yammer to invite crowd sourced ideas.
Formally add communication templates and imagery to Microsoft 365 removing
friction for company-wide usage. This may include usage of document
templates , site designs for common news layouts across site collections, or
organizational assets.
The Steering Committee and communication leads begin reviewing feedback for
trends and areas of improvement across communication channels. This feedback is
then shared through the communication leads to their respective teams. Page
analytics and other usage data are used to expand on anecdotal feedback. This
usage data is also tracked to proactively identify trends in engagement with
communication better informing ideal communication channels and posting times.
For example, usage data may show leadership posting on Thursday mornings in
Yammer about employee resource groups gets the highest engagement.
Communications may have previously been sent via email with little
engagement, so the first shift was to bring these messages to Yammer allowing
more interaction from employees. The second shift may be around the time
these posts are released as the posts on Mondays showed little engagement as
employees focused on their tasks for the week.
Implement a business process to review employee profile data with the cross-
functional teams who are responsible for this data. In many companies this may be
Information Technology, Human Resources, or a mix of both. The review of this
employee profile data is to ensure alignment on which fields are being completed
to support the specific audiences the Steering Committee has identified for
targeted communications.
Communication leads begin training their respective teams on alternate media
types in addition to text to ensure the multimedia format communication is shared
and also supports engagement with the messages.
For example, you may have a desk-less workforce who finds news updates
easier to consume in short videos rather than a written page. The teams are
trained on usage of Microsoft Stream functionality to embed videos in
SharePoint news posts. Key messages are also written in text on the news posts
to support varied learning styles.
If communication approvals need to be implemented (as determined by the
steering committee), the impacted communication channels are identified, and a
business process is in place. For most organizations, the focus should remain on
keeping as much freedom in sharing communication across the organization as
possible to ensure timely updates. Highly regulated industries may need more
control.

(Level 400 to 500)
At the 400 level of Communications, users have a high degree of trust in organizational
communications. They understand the communication mechanisms that are available
and feel confident in the source and appropriateness of what they receive.
Communication leads and the steering committee shift focus from creating
audience targets and groups to ensuring these groups are used effectively in the
right places at the right times. Begin filtering communication across channels with
an automated process. This may include Power Automate flows, Teams
connectors , or automated news digests .
Communication leads and the steering committee focus on a consistent and
robust information architecture of topics across all communication channels to
support the Microsoft Graph’s ability to understand the reader’s interests and role
creating linkages across knowledge and communication systems, pushing content
to that individual based on known information.
Page-level metadata may be added to surface and filter news. This page-level
metadata may also be used to pull similar news content into search-based web
parts so employees can consume news by topic across sites.
Communication leads and the steering committee identify the period of lowest
engagement from employees on all communication channels to create dedicated
focus time for work deliverables that is strongly protected across the organization.
For example, company-wide news is never shared on Monday mornings unless
urgent and business critical to that day’s tasks. Monday mornings are reserved
for team-wide news to ensure each group can focus on their deliverables for the
week before focusing on higher-level goals across the organization.
Employee feedback and usage data are applied to communication formats. In
addition to the user research and interviews conducted previously for feedback on
communications, begin A-B testing communication iterations to gather
quantitative data on which format best supports engagement, understanding, and
action.
Conclusion
Organizational communication is much broader than email and newsletters. Effective
communication is highly sophisticated, enabling many types of corporate
communications using a range of technologies to provide the right message to the right
people in the best format at the right time. By utilizing different communication
channels for their best use cases and focusing messaging to specific audiences,
organizations can improve engagement and gain more understanding of the business.
Great communications incorporate feedback, enable action and organizational change,
and develop the culture whilst ensuring compliance and addressing risk.
Resources
 Tip
recent updates.
Related documents
Introduction to the Microsoft 365 Maturity Model
Communication Competency* Maturity Model for Microsoft 365
The Evolution of Company-Wide Email Communication to SharePoint News
Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

The Microsoft 365 Maturity Model -
Customization and Development
Competency

Traditionally, there has been a reliance on 'deep' or 'pro' development to build business
solutions. Any gaps in availability of these skills have commonly been filled by 'shadow
IT' approaches and unmanaged applications.
Over the years as platforms have evolved, it became increasingly possible for viable
business applications to be delivered without code. Today there is a continuum from out
of the box, through configuration (No Code), to citizen developer (Low Code) and finally
'proper' development (Pro Code). The separation between these stages can be highly
porous; artificially segregating them is frequently meaningless and often counter-
productive. Management tools traditionally associated with Pro Code development are
gradually providing an opportunity to wrap development rigor around the No Code and
Low Code approaches and to introduce many of the effective development operations
(DevOps) techniques and tools.
At the same time, even nominally out-of-the-box products and services often support
options for customization and extension. The ways of achieving this vary widely,
including interaction via Application Programming Interfaces (APIs), 'overlay' coding of
UI, deep configuration, Add-ins and more.
Increasingly, Machine Learning and AI based solutions operate in the same way as
software solution development, also providing a continuous path through configuration,
Low Code and Data Science driven professional development. As such, this competency
applies equally to this technology

This competency considers the management and governance processes required for
different approaches to solution development and how to blend those different
approaches effectively.
The concepts of customization and development have evolved over the lifespan of
Microsoft 365 and the IT landscape in general. In the early days of SharePoint, for
example, almost all organizations found themselves developing Pro Code solutions to
make the platform work well for them. Fast forward to today, and Microsoft 365 offers a
wide variety of apps and services that meet many needs right out of the box or with
minimal configuration.
Our ability to extend the platform has changed significantly as well. Rather than writing
code that is packaged and deployed to the server, almost all custom development for
Microsoft 365 is done using client-side scripting, extensions via SaaS platforms like
Microsoft Azure, or some combination. The SharePoint Framework (SPFx) allows us to
build solutions for SharePoint, Microsoft Teams, Microsoft Outlook, and potentially other
products in the future, potentially extending to other products in the Microsoft stack.
Further the Office Add-In model also uses client-side scripting methods to extend Office
applications. And finally, the Microsoft Graph gives us an API layer that exposes much of
the Microsoft 365 landscape to help build robust and integrated solutions across the
workloads.
These days, the question is as much whether to customize as it is how to customize.

Custom coding absolutely has its place in Microsoft 365, but in many cases the platform
provides robust tools which only require some configuration to meet your needs.
The reality is that there has always been a dynamic equilibrium between what can be
delivered with different technologies by people with a range of skill sets. Perhaps
unexpectedly, increasing maturity is less about a progression from Out-of-the-Box and
No Code to Pro Code; it is more about how organizations coordinate and integrate this
continuum.

Level 100 - Initial
The customization and development continuum are poorly understood, unmanaged and
chaotic. Staff are frustrated with poor functionality but have no mechanism for
requesting or implementing change. Development is characterized by building in live
without going through a release process where development is tested before being put
live.
100 No Code
Configurable platforms and products are generally used in their default state.
There is little appreciation of the capabilities of platforms to meet business needs
more closely.
There is no systematic review of platform capabilities, feature road map or
application of features sets to unaddressed business needs.
100 Low Code

Individuals use the skills and tools they have, developing solutions to local needs
without oversight, review or recognition of the impact or interaction with wider
strategic needs and activities.
The solutions are not backed up, documented, publicized, or resilient.
People creating solutions use hacks and inefficient approaches.
Code is often copied from the Web with little understanding of its effects.
No security or governance design or impact assessment.
Solutions are not backed up in source control.
Solutions are not documented.
There is no formal support; the citizen developer may be unavailable to provide
fixes, enhancements, or guidance.
100 Pro Code

Developers don't know the platform, so write code instead of using native features.
(This is sometimes called the "code first mentality".) Code is written to build
components which reinvent the wheel due to lack of understanding of what is
available out of the box with the platform.
IT are insular and internally focused. There is little support for department or
process driven needs.
The IT function often has no development capability at all. Equally, IT may be
inflexible in their approach, all developments are treated as 'enterprise-level'
activities, making many solution-needs non-viable (too expensive, too slow, overly
technical expectations from stakeholders).
No development tools, such as source control and test methodologies are in use.
Systems are developed which use Microsoft 365 services as a data store but the
user interface is held outside of Microsoft 365.
Systems are designed and built with little thought, on the Microsoft 365 services
that can be glued together to deliver the system.
There are no agreed development platforms, tools, languages, etc.

There is a lack of ownership of development on behalf of the organization.
No standards have been considered or published. User Interfaces, branding,
coding standards and quality, platforms and security are left to the knowledge and
skill of staff members.
There is no capture of development needs at a granular level and no visibility of
(local) solutions that have been put in place.
Teams and departments commission their own developments with third party
contractors and developers, without procurement standards, contract reviews, or
data and security agreements.
No source control is used to hold the code repository.
Development is frequently performed on the live environment, with no release
management.
Systems are delivered with no documentation of how they are administered or
used (for example, User Guides and Admin Guides).
There are no separate environments, such as Dev, QA, Production, so, changes are
made to Production/Live. (With understanding, this may not be a bad thing;
without understanding it is.)
Systems that run in the organization are not known about by IT. These shadow
systems are discovered when things go wrong.
There is no DevOps process which takes the solution built by the developer for
deployment in a controlled manner. DevOps
Systems are built without thinking of how the system will be supported and
maintained.
100 Impacts

Inconsistent looking systems and solutions.
The organization risks systems breaking due to misconfiguration and/or setup
problems.
The organization risks not being able to rebuild a solution if it is corrupted.
Money is wasted on development when other approaches using low-code or no-
code could be used to achieve similar results.
Level 200 - Managed

Different types of development are recognized as occurring, but there are tensions
between parts of the organization adopting different approaches. Shadow development
continues to occur or is prohibited without providing alternatives.
Staff are frustrated with poor functionality but have no mechanism for requesting or
implementing change.
Development is characterized by build to live, though there may be some testing and
control within that environment.
200 No Code
Customized business solutions are developed using no-code technologies;

however, these are done with limited knowledge of good practice. Solutions are
modelled on existing practice, using superficial capabilities and generally avoid use
of deeper platform features.
Solutions tend to be built 'on the fly', without a clear deliverable and specification.
There is no documentation around the design and build process.
Users are shown how to use the system and core documentation may exist, within
the process or procedure documents.
Updates and changes are ad-hoc. There is no equivalent of source control.
A small number of people have some expertise with configuring the platform.
Maintenance and support of the solutions are dependent on the availability of
these people. The 'experts' maintain their knowledge of platform capabilities, road
map etc. out of personal interest.
200 Low Code
Some Power Platform projects have consistent color standards and make use of
components.
Some low-code solutions are exported to basic source control.
Some low code solutions have separate environments for development, user
acceptance testing, and production.
There is some guidance on the decision to use low-code approaches and who to
engage to do the development, for instance a citizen developer or an external
partner.
200 Pro Code

Source Control is used for some projects. However, the source control system is
not standardized across the organization. There are multiple repositories and
multiple source control systems in use.
Deployment processes are ad hoc and unreliable, frequently requiring roll back.
Projects start to use Microsoft 365 design standards when delivering systems.
Development approaches and best practice start to be understood and are
adopted by members of the project team. However, they are not enforced.
Developers don't know the platform, so write code instead of using native features
which often creates unnecessary technical debt and confusion.
Some projects deliver systems with user guides and administration guides.
Release Management is considered, and the delivery of a system and its upgrades
are announced before deployment. However, there are no testing environments
which the deployment is released to first.
The organization's Microsoft 365 community start to share wins and stories via ad
hoc discussions.
There are no development standards shared between projects.
Solutions are often developed, especially using no-code and low-code, without
having a related plan for deployment, support and management and without
assessment of impact on other processes and solutions.
Basic Source Control maybe used, with multiple source control systems in use.
Some projects make use of Cloud platforms such as Microsoft Azure.
There are little in the way of DevOps Practices.
200 Impacts
Money is wasted on development when other approaches using low-code or no-

code could be used to achieve similar results.
Inconsistent delivery approaches.
The quality of developed solutions is low, and those solutions struggle for
adoption.
There are issues when deployments occur as deployments are not repeatable and
cannot be practiced.
Level 300 - Defined

There is an appreciation of the limits of the no-code approach, low-code and pro-code
approaches and some effort to introduce standards, guidance, and collaboration to
structure the co-existence of different approaches against different business needs.
Attempts are made to bring all approaches under some form of oversight.
Staff are generally satisfied with functionality but struggle to consistently get non-critical
feature gaps, inconsistencies and updates rolled out. Support is generally available.
300 No Code
Steps to create customized business solutions are captured with some form of
specification, setup is documented, and a final solution description exists.
Developers are aware of and use some normal development methodologies or
hybrids of them.
Legacy approaches are modified to take advantage of platform capabilities and
some business processes are actively redesigned to deliver improvement based on
these.
Updates and enhancement should be scheduled, planned, and executed, but
exceptions to this are frequent.
User documentation and training is appropriate to the system, though tends to lag
updates. Documentation is still not seen as part of the deliverable.
Solutions considered important to the business are recognized and some level of
support has been implemented. Support staff are skilled up to maintain the
platform and any solutions, reducing the reliance on 'solution experts'.
There is some consolidation of no-code platforms; road maps and updates for
standard platforms are actively tracked.
Customization of live platforms is only carried out after consideration of impact on
staff and other systems.
300 Low Code

Rigor is put in place around the documentation of low code solutions such as
solutions built on the Power Platform.
Low code solutions are backed up as solutions and stored in source control.
Low code solutions have separate environments or equivalent for development,

user acceptance testing, and production.
300 Pro Code

Source control is used for the majority of development projects.
Systems are deployed mainly through manual processes but augmented with
scripts for some of the steps.
Solutions have separate environments or equivalent for development, user
acceptance testing, and production.
Continuous Integration and Continuous Deployment may be introduced alongside
other approaches.
Pro Code developers appreciate when not to develop solutions, only writing code
when it is necessary and can make a difference. They begin to hand off to Low
Code and configuration alternatives.
There is an appreciation of the limits of the no-code approach, low-code, and pro-
code approaches. Needs that trigger a transition from one approach to another
are often identified and options for delivering extended needs or features with pro
code are understood. This is often based on business need with measurable return
on investment.
Good practice is understood by a core of experts and is used to guide solution
development. There is a recognition of the roles of no-code and low-code
alongside pro-code approaches. The 80/20 rule is increasingly applied, using out
of the box functionality that is good enough to provide utility, often adapting a
process to accommodate Out of the Box (OOTB) functionality rather than build
customer solutions.
Build is focused on solutions that represent the organization's "special sauce",
delivering the highest impact.
There is understanding around technical debt and how to service it.
Systems are delivered which are documented and can be managed, maintained,
and supported.
The pro development team and citizen developer community understand how to
build solutions on the Microsoft 365 platform. Resources from Microsoft and the
community are used to enhancing their knowledge. Pro developers and citizen
developers support each other.
Development at all levels starts to be underpinned by training and learning to
improve skills. There may be formal certifications to support and demonstrate
competence.
Release Management processes are put in place but are manual.
Standards for user interface (UI), themes and styling are created and shared.
Design standards are published and allow a consistent approach for UI and
functional behavior. Existing solutions may be updated in line with these.
Source Control is standardized and used for Pro-code development but not for low
code approaches.
DevOps practices are being introduced, though non-Pro-code often are not
included in these standards.
User research employed to define requirements for some systems; there is some
attempt to standardize approaches to capturing and defining requirements, such
as user stories, etc.
There is an emergence of a community of M365 Champions. This supports the
need for governance, documentation, training, and development processes to
support alignment of solutions to the strategic plan. Community members meet
periodically to discuss problems citizen developers are trying to solve. These meet
ups are part tech therapy and part continued training as Microsoft 365 is
continually changing. There is management appreciation and support for these
efforts.
Separate environments or equivalent are available for Development, Test, and
Production for Pro Code and, often to a limited extent, for other approaches.
300 Impacts
Proponents of different development approaches show some appreciation for each

other and openly discuss how to work together. Solutions emerge that combine
customization, low code and pro code to create more capable, supportable
solutions.
Processes are introduced to encourage management, governance, and
standardization, leading to easier development, adoption, and support.
The organization has a forum for sharing systems and solutions that have been
built.
Improved release of systems as the structure, processes, and rigor for deployment
is put in place, simplifying the IT estate, and reducing support burden and
corporate risk.
There are clear processes and decision support for solution design and road-mapping
consistent with business needs and impacts, encompassing the code-continuum.
Standards exist, are functional, and reviewed and inconsistencies are actively eliminated.
The portfolio of solutions is well understood and managed.
Staff are able to work efficiently across the spectrum of solutions and adopt new
solutions readily due to their consistency and interoperability. Support-driven insights
are used to proactively feedback to solution teams to drive improvements. Upcoming
changes are communicated clearly and well in advance.
400 No Code
Configurations are well documented and used as the basis for scripts and
templates to automate site creation and updates. These are well managed and
maintained via source control.
Solutions are developed and tested against a set of good practice guidelines that
include common layout based on good User Interface/User Experience (UI/UX)
approaches, incorporating company branding and standards.
No code developers have strong knowledge of the platform and are supported to
maintain and extend their knowledge. They also know when to reach out for advice
and guidance from colleagues with complementary development skills.
Solution design and information architecture are carefully considered; constraints
are understood and approaches to avoid these are implemented, including
inclusion of or switch to low-code and pro-code development.
Security, governance, management, and integration are considered as part of
solution design and are included in the specification for important business
solutions. These are therefore tested as part of the development lifecycle.
The purpose, impact, and anticipated lifecycle and scale of the solution are
considered, and appropriate development methodologies are applied accordingly.
Solutions are reviewed to ensure they remain fit for purpose. Changes are
managed appropriately.
Changing platform capabilities are proactively applied to existing solutions.
Important business solutions are actively managed and supported.
The organization invests in a full range of platform skills against a broad
development strategy that includes no-code, low code and pro-code standards
and an integrated design and development approach.
400 Low Code
Solution design is carefully considered; constraints are understood and approaches
to avoid or mitigate these are implemented.
Low code solutions make use of source control to help manage the release
process, where possible. The release process includes metrics which can be shared
within the organization to show the benefit of the low code solutions.
Low code solutions use metrics from tools such as Application Insights to measure
adoption. This allows decisions to be made as to where to focus effort on
successful applications and cancel or rework unsuccessful applications. These
metrics are published and shared within the organization.
There is an active process for testing and for user evaluation and feedback, which
is used to drive a road map for ongoing enhancements.
Lifecycle of the solutions is anticipated, and solution designs take this into
consideration.
Standardized User-Centric-Design processes ensure that the solution meets the
needs of the users and is designed appropriately for the audience.
The organization continues to invest in training for citizen developers and in the
tools to support them.
The organization has invested in the licensing to ensure that there is low friction
and decisions are easier to make when building low code solutions.
Pro code components are developed to extend low code solutions, as part of a
well-understood, holistic 'systems' approach.
Pro code methodologies are adopted wherever appropriate.
400 Pro Code

Pro code solutions make use of source control to help manage the release process.
The release process includes metrics which be shared within the organization to
show the benefit of the pro code solutions.
Pro code solutions use metrics from tools such as Application Insights to show
many users/applications are using them each day. This allows decisions to be
made on the success of an application. A decision can be made as to which
applications should be focused on. These metrics are shared within the
organization.
Low use solutions are regularly revisited to determine useful improvements to
increase usage, where needed.
Lessons learnt from the development of Pro code solutions are shared within the
organization.
APIs are proactively developed to allow No Code and Low Code to easily access
sophisticated data sources, functions, and business automations.
Application usage is measured using tooling such as Application Insights.
Applications are instrumented to detect errors and events using tools such as
Application Insights.
Development integration occurs across the code-continuum, pro code component,
and solutions are built to be consumed by low code and no code solutions.
Libraries of these 'extensions' and registers of where they are employed published
and maintained.
Statistics on the number of deployments and releases are provided by release
management tools such as Azure DevOps.
User research is employed to define requirements and provide metrics on usability,
enhancements, and productivity.
Design standards are applied consistently to ensure all applications meet staff
expectations for UI and behavior.
Source control is used effectively and consistently, some automated testing is in
place.
A Steering Committee is created to develop and oversee solution road maps.
Code reviews occur to ensure code quality before being introduced into the
codebase.
400 Impacts
Higher quality applications and systems are delivered.

Design standards mean that users can pick up the application more easily,
boosting adoption.
Applications meet the needs of their users due to the user centered design
approach.

Design decisions are routinely reviewed for effectiveness and learning is applied to
continually refine and optimize solutions. Advanced tools are used to measure User
Experience and solution efficacy and drive up the quality of all solutions. These are also
used to proactively enhance standards and to help shape training of developers.
The effectiveness of solutions is continually assessed via a range of metrics to optimize

staff productivity and to ensure agility for changing needs.

500 No Code
The repository for customizations and templates which promotes solution reuse is
actively maintained by the business and enhanced based on emerging
technologies and business needs.
Sophisticated no code solutions are easily created by extending them with low
code and pro code extensions that operate in a similar way to the no code
platform that staff are familiar with.
Management processes actively look for opportunities to use no code to reduce
costs and take advantage of platform feature roll out. The impact of these is
assessed on an ongoing basis and used to refine the code transition points.
500 Low Code

The repository for components, modules and templates which promotes solution
reuse is actively maintained by the business and enhanced based on emerging
technologies and business needs.
Low code citizen developers use the hooks and extension points built by the pro
code developers, and provide enhancements to no code. These are standardized,
with defined integration points and embedded monitoring elements.
Compliance with standards is routinely assessed and used to improve the quality
of the solution and the developer.
500 Pro Code

A Package Management feed (such as internal NuGet or NPM feed) is used for
managing and promoting the reuse of components and patterns.
Pro code develops extension points and components for no code/low code citizen
developers to use. Examples include custom connectors for Power Platform or SPFx
web parts for SharePoint and Teams.
Analytics on the use of APIs for data sources, functions and business automations is
used to optimize their use and performance.

Development is proactively managed across the code-continuum; a dynamic
equilibrium is maintained between the different code approaches, shifting to take
advantage of changes in the technology and platform landscape. Active
monitoring of the source technologies allows these changes to be anticipated and
included in the development road maps.
There is granular insight into the developed solution portfolio and code-
continuum, with understanding of origination costs, technical debt, support costs,
and benefits. These are integrated with user metrics. These are used to direct
development strategies and investments.
Application Insights metrics are used to measure adoption and are shared with the
organization.
Application Insights funnels and user flows are used to see how people are
behaving and using the solutions.
A/B Testing with usability metrics in place allow the organization to measure which
approaches are best.
Source control provides robust and highly automated testing, Continuous
Integration / Continuous Delivery (CI/CD) techniques.
A Centre of Excellence and Steering Committee is empowered to drive a road map
to guide the extensibility points built with pro code for the no/Low code citizen
developers.
Solutions are designed and published to the organization's App Stores such as
SharePoint and Microsoft Teams.
500 Impacts
Innovation within the organization is actively supported with rapid deployment of

tools that, in turn, improve the maturity of the new product, process, etc.
An ability to rapidly develop solutions to new business needs at a pace that creates
business advantage and then mature these to ensure compliance and
supportability.
A more productive workforce with users having the tools and information that they
need when they need them.
Seamless and invisible coordination of different approaches, leading to rapid staff
adoption and improved productivity through consistency and standardization.
Improved ROI as solutions can be reused throughout the organization.
Promotion of best practice and lessons learned so the organization does not suffer
the same problem time and time again.
Scenarios
Customer service representatives can easily answer common questions by
customers, improving customer support and satisfaction.
An electrical engineer can perform a site survey. They capture the required
information with their mobile device so that the installation of the electricity point
can be planned and executed successfully and minimize the cost.
A salesperson can produce and send a quote to a customer in a consistent way
which meets the quality standards of the organization.
Employees can submit their ideas and suggestions to a panel via the corporate
Intranet.
A manufacturer can produce the required certificates and documentation to
support the release of a new product in a managed way.
Using Machine Learning to improve the efficiency in how a logistics company
routes its delivery drivers.
Cost & benefit

When we talk about benefits of customization and development, it is easier to see the
benefit and the ROI. Often only the time savings are used to quantify the ROI. When
development enables a new capability within a business, the revenue that is realized
with the new capability can drive previously unconsidered ROI.
Examples of benefit include:
Reducing the time to achieve a common task.

Reducing the error rate when copying information from one system to another
system manually.
Enabling insights to be gained by pulling data from one system and integrating it
with another.
Enhancing productivity by enabling the business to process more for less.
Improving consistency when delivering content to customers.
Enabling innovation within the organization.
Increased employee satisfaction (employees get to work on the tasks that provide
the most value that computers cannot deliver).
Decreased "time to productivity" with new systems: reduced training costs and
faster cycle times.
Reducing corporate risk.
The cost of development is expensive and can be controlled by only embarking on

projects that really need it and provide value. Additionally, moving development from
pro code to low code when appropriate will help increase the value and innovation.
Resources to Learn More

Learn how to design awesome UIs by yourself using specific tactics explained from
a developer's point-of-view: Refactoring UI
Microsoft Developer Portal
Power Platform Centre of Excellence (CoE) Kit
Conclusion
Customization and Development is an essential ingredient to get the most value from
Microsoft 365. However, it is important that customization and development is not
entered to lightly and there is an understanding of the commitment that is taken on.
When customization and development is performed there will be a level of management
and support required to ensure solutions continue to work as the platform evolves and
unforeseen issues can be resolved.
Organizations should minimize customization and development unless it provides

accompanying value. It should be used for essential business functions where the
platform does not provide the required feature set. The activity should be measured and
ensure that it provides significant return on investment.
Traditionally, organizations have treated no code and low code approaches as 'second
class citizens' to pro code. In maturing organizations, however, each approach has a part
to play, and the right blend can create an integrated approach to addressing business
using a code-continuum. As silos and 'code-snobbery' are reduced, opportunities to
improve standardization, development efficiency/assurance and to provide increased
rapidity or cadence on delivery of solutions to the business improve.
When development is performed it needs to be done in a way which reduces the risk to
the organization. So, implementing source code repositories to backup code and ensure
that the developers are productive. This is important as too often there are stories where
an organization has a solution which is used but they have lost the source code.
Customization and development can only contribute maximally to the organization if it

is part of an overall view of organizational maturity which includes the other
competencies as well. At the end of the day, technology is a set of tools, but people can
use technology to accomplish their shared goals. Technology without focus on the
people aspects rarely succeeds.
Common Toolsets
Artificial Intelligence / Machine Learning
Azure DevOps
Dataverse for Teams
Microsoft Azure
Microsoft Graph
Microsoft PnP Frameworks
Microsoft Teams App Source
Power Platform
SharePoint Framework (SPFx)
Serverless Technologies
Customizable products and services
Dynamics
Microsoft 365 apps
Microsoft Forms
Microsoft Lists
Microsoft Teams
Outlook/Exchange Server
Power BI
Project
SharePoint
Visio
Resources
 Tip
recent updates.
Principal authors:
Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

The Microsoft 365 Maturity Model –
Governance, Risk, and Compliance
Competency

Organizations face increasing complexity and change in regulatory environments, calling
for a more structured approach for managing Governance, Risk, and Compliance (GRC).
The Governance, Risk, and Compliance Competency is focused on helping an

organization reduce risk and improve compliance effectiveness by implementing a
framework for compliance and risk management.
Governance, Risk and Compliance framework

Governance is the system of rules, practices, and processes an organization uses to
direct and control its activities. Many governance activities arise from external standards,
obligations and expectations. It also provides a framework for attaining a company's
objectives and encompasses most areas management, from action plans and internal
controls to performance measurement and corporate disclosure.
Risk enables an organization to evaluate all relevant business and regulatory risks and
controls and monitor mitigation actions in a structured manner.
Compliance refers to the country, state or federal laws or even multi-national

regulations such as GDPR regulations that an organization must follow. These
regulations define what types of data must be protected, what processes are required
under the legislation, and what penalties are issued to organizations that fail to comply.
For Microsoft 365, this means implementing specific policies, operational processes, and
technical controls to protect the data in Microsoft and cover some or all of using,
storing, sharing, disclosing, erasing and destruction of data. The data should also be
secured appropriately to guard against loss, theft and misuse.
Smaller organizations may only need to comply with the baseline general data
protection rules that apply to every organization. Other organizations must comply with
industry-specific and/ or country specific regulations which may overlap and/or conflict.
Example compliance regulations are:
CCPA (California Consumer Privacy Act; USA)

GDPR (General Data Protection Regulation; Europe)
HIPAA (Health Insurance Portability and Accountability Act; USA)
PCI DSS (Payment Card Industry Data Security Standard; international)
SOX (Sarbanes–Oxley Act; US)
Compliance is not the same as security, but security should be considered when
building your plan as effective security is frequently a compliance requirement.
Compliance requires only that the legally mandated minimum standards are met
whereas data security covers all the processes, procedures and technologies that define
how you look after sensitive data and guard against breaches.
To address the gap between compliance and security many organizations also follow
compliance and regulatory frameworks, such as COBIT, ISO 27001, or ITIL. These provide
guidelines and best practices to meet regulatory requirements, improve processes,
strengthen security, and achieve other business objectives (such as adopting a ‘cloud-
first’ strategy).
Model levels.
Level 100 - Initial

At level 100 maturity an organization does not believe that governance and compliance
is important to its overall objectives.
Management does not consider investing in the Governance, Risk, and Compliance
(GRC) related systems necessary for the overall business strategies. In addition, the
organization does not assess the business impact of its vulnerabilities and it does not
understand the risks involved due to these vulnerabilities.
Organizations at level 100 maturity pay little attention to compliance and are
characterized by the absence of policies and procedures for information/ data
compliance of governance.
The organization addresses compliance in a reactive mode — doing assessments when

forced to. There is no ownership or monitoring of GRC. Management does not invest in
a compliance framework, technology controls, or employee training to meet baseline
standards for managing risks and remaining compliant with regulations and standards.
People and Culture (100)

The leadership team do not believe that compliance is fundamental to their overall
objectives. It is a means to an end.
Compliance obligations and risks are not understood.
No individual or department is responsible for governance, risk and compliance,
nor is it clear where these activities are taking place on a devolved basis
Roles, training, and competencies needed for compliance are not developed.
Employees are not aware of how compliance impacts their daily work.
Process (100)
No process for keeping up with regulations that may affect their market and
industry.
GRC processes and controls are either absent or ad hoc or out of date.
Risks assessments not undertaken.
Compliance and governance obligations are not reviewed or monitored
There is ad-hoc implementation and response to incidents (reactive).
Compliance controls and evidence is ad hoc or does not exist.
Technology (100)
No standardized storage location for documentation and supporting evidence.
No technical controls in place to support compliance.
Impacts (100)
Due to the lack of policies, controls and user training to support information/ data
compliance in Microsoft 365 the organization is at risk of:
Overlooking changes and/or additions to existing compliance requirements.

Employees accidentally exposing sensitive data to third parties.
Employees stealing information of value, such as customer lists or proprietary
trade secrets.
Consequences such as data breaches, erosion of customer trust, severe fines and
other penalties due to non-compliance with regulations.
Elevated eDiscovery costs.
Level 200 - Managed
At level 200 maturity an organization tends to believe governance and compliance is a
series of boxes to check.
At this maturity level organizations acknowledge compliance regulations and standards.

However, organizations may take a ‘tick box’ approach to Governance, Risk and
Compliance (GRC). Policies have been written, intended to avoid the damages that level
100 organizations can face, but the polices are not enforced in the organization.

Leadership understands and accepts the importance of governance and
compliance but has not driven it into the organization nor recognized it as a
business enabler.
Some policies have been written but are not enforced or comprehensively
adopted.
No formal compliance roles in place or roles have been allocated but without
suitable training or assessment of competence. Governance, Risk and Compliance
relies on individuals being responsible for actions and approaches in their own
areas.
No formal GRC training; communication is ad hoc or occurs in response to a GRC
event. Most employees are not aware of how governance, risk and compliance
impact their daily work.
Process (200)
Governance and compliance management is local, uncoordinated or sporadic It is
dependent on individual people to action and monitor.
Processes exist but are manual and lack standardization, making it hard to measure
their effectiveness, enforce them or obtain an overview of activity and status.
Limited collaboration between compliance and operational teams. Often
compliance is an afterthought.
Response to incidents is reactive /ad hoc, lacking consistency, formality and may
result in ineffective actions.
Risk management is perceived as a process.
Technology (200)
Storage locations for documentation and supporting evidence are inconsistent and
fragmented.
Basic technical controls may exist but may not be appropriately implemented to
ensure compliance.
There is a tendency to focus on email rather than a wider view of content and
processes that need to be compliant.
Technical controls to manage retention and deletion exist, however there are
minimal processes to implement these effectively; retention and deletion is largely
a manual, ad hoc activity, though there may be reminders and triggers in
processes to act as prompts.
Impacts (200)
Employees see compliance as painful and "extra" to their day job.

The organization is unaware of new and changing compliance laws and regulations
so unaware of any new, increasing, or decreasing compliance risks.
Organizations do not know what sensitive data they have, where it is, who can
access it, and its risk of exposure. This makes it difficult to apply effective policies
and controls to protect the most critical data assets. Organizations will retain
nothing or everything ‘just in case’.
Information clutter and duplication degrades productivity.
The organization remains at risk from both deleted/lost information and from
‘over-retained’ information
Action is only taken after a major violation or ‘near miss’ has occurred, to show
they are trying to meet compliance standards. Even then, it is implemented as a
tactical response to a serious problem, rather than a strategy for permanent
improvement.
Discovery exercises are costly and complex as no specialist tools are used.
Level 300 - Defined

At level 300 maturity, an organization believes compliance is essential to the business.
They begin to affect a ‘top-down’ cultural change in working to incorporate governance,
risk and compliance-led practices. It’s understood that it is the job of executives to
enforce adoption and training among managers, and the job of managers to do so with
their staff.
A baseline compliance framework is implemented with a standardized set of policies

and controls.
Processes measured and controlled
The leadership team see compliance as essential to business continuity and may
value the rigor as a business improvement tool.
Compliance roles and responsibilities are assigned to accountable individuals, who
have been trained but may lack expertise and experience. They understand the
importance of the role and will reach out, reactively to legal and other experts for
guidance and counsel.
Where GRC sits across multiple departments and activities in the organization
individuals with those roles will coordinate their activities, possibly through a
Compliance committee or similar mechanism.
A Compliance framework, in some form, has been documented and communicated
to process owners. However, the implementation decisions are left to local
business and system owners so GRC initiatives are managed in silos.
Compliance activities are frequently event driven, such as an audit or a regulatory
deadline.
Training, education, and awareness are run annually. Staff have a broad awareness
of their responsibilities.
The organization invests significant time on stakeholder education, ensuring that
the new ways of working together and the value of risk and adopting compliant
processes are understood. However, commitment to upholding standards varies
across the organization.
Process (300)
There are staff with a role that includes monitoring regulatory updates and
translating them into new company policies. In large organizations or those in
industries with strong compliance needs, example roles may include Director of
Compliance, General Counsel, Senior Information Risk Officer, Data Protection
Officer). In smaller organizations it is likely to sit with members of the executive
team or the functional head of departments with strong compliance alignment.
This is in addition to staff dedicated to security measures (for example a Chief
Information Security Officer).
The organization measures and assesses controls and activity, but largely at an
individual or devolved level.
Risk level is periodically reviewed & updated.
Limited information and records available for audit, these are generally specific to
the function rather than providing an aggregated or holistic vie.
There is limited or misplaced confidence that all governance and compliance risks
are known and managed.
There are systems, tools and processes for managing the Governance, Risk and
Compliance processes. While these vary according to the standards and
requirements imposed, they may include: training and knowledge content; risk,
issue and status logs; asset and impact lists; action plans; processes for reviews and
updates; systematic audits and assessments, staff training and competency logs.
Strong content management tools and processes that include effective lifecycle
management are in place.
Technology (300)
Has a central (digital) system of record for compliance. However, usage varies
across the organization and local solutions may be in use.
Software solutions are used but typically in a tactical manner, without a thought
for a broader set of requirements. This results in multiple systems to manage
individual governance, risk and compliance initiatives, each operating in its own
silo.
Governance, risk and compliance controls are implemented but are reliant on the
user to apply the right controls to the right content.
Technical controls to manage retention and deletion are in use and are generally
effective for recognized classes of content (e.g. finance and HR files). A degree of
automation supports this, reducing user burden and driving some level of
consistency.
Use of automated tagging, sensitivity labelling and policies is not broadly or well
implemented, though it may be being piloted.
Impacts (300)
At this level:
The organization starts to build a compliance culture with roles and responsibilities
being defined.
A Governance, Risk and Compliance framework, consisting of strategy, policies,
processes, controls, technologies and staff competence, is implemented. However,
implementation is uncoordinated and siloed
Employees start to understand the impact of non-compliance in their job roles.
eDiscovery investigations are still complex and costly as multiple versions of data
exist
Not all Governance, Risk and Compliance risks are addressed and there are
frequently unknown risks.
There are processes for dealing with finding, breaches and risks, however there are
gaps and a tendency to be reactive.

At level 400 maturity an organization’s approach to governance and compliance
becomes more well defined and acts as a foundation for activity, the focus shifts from
extensive written procedures to empowering individual employees to make informed
decisions to reinforce the company’s compliance culture. This occurs as a by-product of
establishing a culture with high compliance awareness.
The Compliance framework is
now tailored to include an up-to-date and accurate catalog of information and data
laws, regulations, and policies by country and is readily accessible to all relevant
employees.
An overarching Governance, Risk, and Compliance process, through control,
definition, enforcement, and monitoring, has the ability to coordinate and integrate
these initiatives.
Proactive rather than reactive

The leadership team sees value in continuously improving the governance, risk and
compliance program. Governance, risk and compliance are factored into all
business decisions and GRC is represented at board level.
Dedicated teams and individuals are in place with clearly defined roles and
responsibilities. The limits of competency are understood, with supporting metrics,
and reflected in defined decision making authority for accountable individuals.
Processes are in place to support GRC decision making when these limits are
reached, with defined access to legal and other expert external advisors.
Compliance and operations teams work in partnership to assess risk and
compliance.
Compliance workloads are reduced through standardization, process
improvements and use of technology.
Policy communications are routine and semi-automated. Most employees
understand the importance of risk and compliance and their role in protecting the
organization.
Training, education, and awareness includes annual training matched to business
needs. Who has been trained in what is tracked.
Regular training needs analysis for compliance training is undertaken to identity
gaps and improve content.
Process (400)
Conversations about risks and compliance are held at all levels of the organization
and compliance is embedded into business processes.
Organization wide processes and policies are streamlined & simplified, they are
reviewed and updated as needed according to an approved schedule.
Process metrics are in place, controls monitored, and compliance is measured.
Feedback processes are used to improve consistency.
There are mechanisms to continuously assess compliance control and process gaps
to prevent compliance failures.
A data architecture has been implemented to govern which data is collected, how
it is used, where it is stored, how long it is stored when it is destroyed
Business continuity planning and disaster recovery plans are well developed,
maintained and tested.
Technology (400)
Productivity and analytical tools are in place to make tracking tasks, reporting and
collaboration easy.
Compliance controls are automated and tailored to different usage scenarios.
There is a central digital system of record to manage compliance program and to
store evidence.
There is an auditable history of data activities with an understanding of how it can
help support effective Governance, Risk and Compliance.
Content can be shared across organizational boundaries enabling efficient and
secure collaboration with partners, clients, and other third parties without loss of
control or governance.
Compliance specific solutions purchased to manage compliance requirements.
Integrated dashboards, balanced scorecards etc. are available to executives and
across the organization as needed.
Impacts (400)
At this level
Everyone in the company at all levels shares accountability for following a higher
standard.
Compliance is embedded in the culture of the organization so all employees
understand the importance of compliance and their role in protecting the
organization. Policies are understood and the reasons behind the policies are
clearly explained. Engagement is high at this level because all members of the
organization are now responsible for the success of the program.
Data investigation become simpler due to advanced tools and only the right data
being retained.

At level 500 maturity, an organization believes that taking a strategic approach to
governance and compliance will actively support business goals as opposed to serving
merely as a function of risk mitigation.
Metrics are reviewed regularly & updated as needed; results monitored & processes
Compliance is embedded in the organization and business activities are ‘compliant by

design’.
Organizations at this level use technology strategically to gain operational efficiencies,

greater visibility into their operations, reduce risks, and drive down compliance costs.
Tools are integrated in order to monitor controls and gain insights into their
governance, risk and compliance program.
Leadership team sees value in achieving compliance as providing a strategic

advantage to the organization.
The dedicated compliance team now includes a focus on strategy, is future
looking, proactively identifying emerging regulation and market change to
understand the impact, risks and opportunities for the business; these are fed into
the board as a basis for strategic decision making. Process improvement and
continuous professional development for the accountable people is embedded int
eh GRC and executive functions.
Collaboration between the compliance team, security team, operations teams, and
system owners to ensure systems (e.g., data storage and processing systems) are
secure and compliant by design.
Compliance workload shifts from administrative to strategic (due to automation).
Decision-makers becoming risk seeking rather than risk adverse, knowing that they
can and must manage the risks they identify.
There is a pervasive compliance culture where all employees understand the
importance of compliance and their role in protecting the organization.
Process (500)
Compliance and risk are coordinated across upstream and downstream processes /
requirements to ensure consistency.
The organization proactively reviews and updates risk and compliance metrics to
address gaps and prevent compliance failures. Results are monitored & used for
Processes and controls and reporting are automated and centralized
Independent information security compliance standards such as ISO/IEC 27001 are
used to benchmark best practice and align security and compliance.
Metrics are used to measure and improve collaboration outcomes and these
metrics are clearly connected to business strategy.
Compliance embedded in strategic planning as well as in daily strategic and
tactical decision-making.
Business continuity planning and disaster recovery are regularly tested.
Compliance processes and practices are externally audited.
Technology (500)
Compliance and DLP rules are comprehensively applied and enforced.
Controls are automated and subject to continuous improvement
Tailored compliance controls with policy enforcement are implemented to provide
different levels of protection during collaboration depending on sensitivity, risk,
and environment.
The organization invests in compliance management solutions that encompass
multiple systems.
Impacts (500)
At this level, the governance, risk and compliance controls are aligned to the
organizations risk appetite. Employees, managers, and executives understand their
responsibility to the organization to ensure the success of the compliance program.
Honesty, accountability, respect, and leadership are principles of these organizations,
and transparency is a default.
Compliance maturity is benchmarked against industry best practice.
Scenarios
TBD - please submit suggestions or role plays for this
Cost & benefit
Many characteristics can be delivered using the M365 platform to develop Governance
and Compliance solutions and processes, especially using SharePoint, Microsoft Teams,
Power Automate etc. available with any Business or Enterprise license. The native
compliance capabilities of M365, such as those in the Compliance Center, do depend on
the Microsoft 365 licensing level. While there is not a direct mapping, a useful guide is
provided below. Some functionality requires additional licenses.
Download the Microsoft 365 Comparison table to see which security and compliance
features are available with each option.
Common toolsets
Organizations have different compliance needs depending on the national, regional and
industry-specific standards they need to comply with. Microsoft 365 provides a set of
integrated capabilities that you can use to help you manage end-to-end compliance
scenarios. The 4 groups of compliance and risk management capabilities are listed in the
following section. Capabilities that require an E5 license are marked with an asterisk (*).
Information protection
Customer key*
Data Loss prevention
Data Loss prevention for Teams DLP*
Hold your own key*
Message encryption
Advanced message encryption*
Multi geo (extra)
Sensitive information types*
Sensitivity labels
Sensitivity labels for automated labelling*
Information governance
Records management*
Retention labels
Retention labels for automated labelling*
Retention policies
Retention policies for rules based policies*
Insider risk management

Communications compliance*
Customer lock box*
Information barriers*
Insider risk management*
Privacy Management*
Privileged access management*
eDiscovery and Audit

Audit* for Advanced Audit
Cloud app discovery
Compliance Manager
Compliance Manager custom assessments*
eDiscovery for Advanced eDiscovery*
Litigation hold
Microsoft Defender for Cloud Apps (MCAS)*
Search
The available compliance capabilities in your tenant will depend on your Microsoft 365
licensing. Some of the functionality requires additional licenses. Download the Microsoft
365 Comparison table to see what security and compliance features you have with
your licensing.
Resources to learn more
Microsoft 365 compliance documentation | Microsoft Docs
Microsoft 365 guidance for security & compliance - Service Descriptions |
Microsoft Docs
Get started with the Microsoft Service Trust Portal - Microsoft 365 Compliance |
Microsoft Docs
Microsoft Purview compliance portal
Conclusion
Achieving compliance is not a project. It is an ongoing process that needs embedding
into the culture of the organization. Regulations continually change, your environment is
always changing, and the operating effectiveness of a control may break down. Regular
monitoring and reporting are a must, and guidance on exactly what “regular
monitoring” entails is also outlined within each framework.
Principal authors:
Nikki Chapple
Simon Hudson, MVP
Mike Cox
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

How to run a Maturity Model for
Microsoft 365 workshop
７ Note
Introduction
The Maturity Model for Microsoft 365 offers a wide set of tools, approaches and insights
into the platform, allowing organizations to:
Understand the benefit and impact that Microsoft 365 can have on their business.
Support building a holistic view of the organization to gain an understanding of
current state vs. desired state to help
Understand and compare options for solving business problems
Focus time, energy, and resources on the right priorities
Establish a baseline to measure improvement over time
However, introducing the Maturity Model into an organization is often a significant

challenge, requiring executive support, stakeholder buy-in and user engagement.
There are many possible approaches to doing this successfully, just as there are many
approaches to the MM4M365 itself. This article describes a multi-level workshop
approach that has been used successfully. It is designed to provide both a 'quick and
dirty' assessment of the current and desired maturity and a more analytical and granular
assessment, with an option to use either or both in your organization or practice. These
are supported by tools developed for that purpose.
Challenges when planning and running a
workshop
Introducing the MM4M365 approach in any organization is a complex undertaking. It is
worth bearing the following in mind:
Microsoft 365 is HUGE, complex and addresses many different needs across
different parts of the organization.
It's difficult to know where to start, both with the platform and with the
organizational needs.
Doing everything, everywhere, if that's what your intention is, will take a long time
and substantial commitment. It's a strategic change management process, not a
technological first-aid dressing (though it can help with emergency improvements
when needed).
Because of the above, people can easily become overwhelmed, lose faith or lack
commitment. This is compounded by an individual and/or organizational desire to
run before learning to walk.
Not everyone sees the benefit in thinking it through, establishing a base line and
assessing your current position and future target before jumping in – the “Can't we
just do it?” and “How hard can it be” mindset needs to be headed off before you
even begin with workshops. Equally, there are those who may ask, “Wouldn't it be
better to focus on what the technology can do?” instead of defining what the
organization and its departments or teams need.
Different levels of seniority/different roles and skills will have a different view.
People identify needs and solutions through the lens of their own role and
experience. Also be aware that staff will often defer to managers and managers to
directors, rather than expressing their view.
Some people think it's ITs job to make the company more mature (Hint. It's not)
Every business and culture are different. This approach may work brilliantly for
some and not at all for others.
It's hard to get everyone together to do the deep dive analysis (and keep them on
mission if you do).
You don't need to be great at everything. A good rule of thumb is to be level 300
for all the functions that really matter (because they impact quality, profitability or
liability), higher for critical functions (400) and allow low impact or early stage
activities to start low (200) and mature when needed.
There are probably others…
An approach
The suggested approach is to gain executive support for doing something, then run a
few of simple, rapid, qualitative assessment workshops to confirm where the biggest
needs are and the quickest benefits. Follow these up with deep dive workshops
targeting specific competencies in particular parts of the organization. It can be helpful
to think of these like an Agile sprint, where you do an assessment and action the
findings, review and either repeat or move on to a different workload (a different
competency or area). Where resources allow, you can run parallel 'sprints'. Keep these
going until you run out of resources (or have achieved everything you desire!).
Six or 12 months later, review progress and set new goals by running some of the
process again.
The diagram provides and overview and some further detail.
Get approval and buy-in

Some thoughts on getting that important executive support and key stakeholder
support:
Start with the 'Why'. What is the purpose and vision for the change program being
undertaken.
A good way to phrase a Purpose statement is “We will do X in order to
achieve/deliver/improve Y'
A good way to phrase a Vision statement is “We imagine a
world/organization/future where…”; for example, “We imagine our company
having elegant business processes that improve the experience and
effectiveness of our teams and our clients”
Emphasize how it makes life better for individuals in the company, how it
removes the 'grit in the machine' and how it protects the organization (and
thereby the execs) from financial, compliance and legal risks.
Carefully review the MM4M365 Introduction and the definitions of each
competency. Now ensure you understand what each Competency Level
signifies.
Run investigative workshops to develop an action plan

The workshop process should start with a few quick sessions across the company, using
the Quick Assessment tool.
Once you have completed these and gathered some insights, you may need to drill in
deeper, using one of the Characteristic-based Deep Dive tools. This could be to:
Help a team or department that has immature processes (200 or below)

Upgrade a team or process that needs especially mature processes (400 or even
500)
Address organizational weaknesses in particular competencies
Accelerate change in some areas in response to strategy, opportunity or threat.
If you have the buy-in you could do these in multiple departments, however it's also fine
to have multi-disciplinary or interdepartmental groups participate.
It is often a good plan to separate decisions makers (managers and executives) into a
different group from staff and colleagues. People often are less forthright in front of
senior staff.
Aim to have between 5 and 10 people in each group.

Brief attendees in advance and ask them to bring examples of content, artifacts,
issues and opportunities that they would like to have considered. Ask them to
think about needs, strengths and weaknesses in their area and what they see in
other areas of the organization. In their experience, what takes too long, is
annoying, costly or annoys the team or their (internal and external) customers.
De-emphasize the technology and ensure they understand it's about laying out
business needs and business-driven competencies (which will later be underpinned
by M365 technologies).
Think about who you want at the sessions. There is no right or wrong approach; a
blend is frequently helpful.
Set the expectations for attendees. You want everyone to participate and be open;
impress on them that there are no wrong answers or views, that it's about
consensus not seniority and that you aren't promising to fix everything all at once.
Overview Workshops
These workshops are about getting a representative group of staff to say what maturity
level they think the organization is at for each Competency. It is based on the
judgement of participants rather than detailed analysis if individual characteristics in
each competency (as that would take far too long), and should provide a 'helicopter' or
'fifty thousand fot' view of the organization that can be used to prioritize next steps.
Aim to have at least two sessions, up to half a dozen can be instructive.
The approach is to:
Ensure everyone understands what the maturity levels definitions and

characteristics are.
Clarify what each Competency covers.
For each competency, discuss and reach consensus on what the overall level the
company is at, by scoring each between 100 and 500.
It is unlikely that an absolute consensus can be reached; it is suggested that you
allow fractions of a level, probably in multiples of 10. So if everyone things
Collaboration is better than 200, but not quite at 300 then they can settle on
280, for example. Don't get hung up on 20 or 30 points either way.
It is likely that some departments are outliers, being especially mature or
immature. It is suggested that you capture these outliers with an individual
Competency maturity score and then put that exception to one side and try to
achieve consensus again.
Typically, this will take a while!
Once you have completed the 'current status' for the full set of competencies, take
the workshop group through it again, but this time get them to agree where the
organization should be this time next year (or some other time scale if you prefer)
for each Competency. Limit them to the proper levels (100, 200, 300, 400, 500); no
in between scores are allowed, but it is OK to call out specific areas that should be
different from the general target.
The Workbook - MM4M365 workshop tool (Quick assessment) Excel tool includes the
definitions and links to the Competency documents. The Data Capture tab allows you to
capture the consensus scores for each competency and allows you to run the workshop
with different groups and/or focus on specific teams. It takes care of presenting the data
in a set of 'radar' charts and highlights high and low performers. It also highlights and
maturity improvements that should be addressed in a couple of phases. It includes
further instructions on using the tool.
Take care, as the facilitator, not to impose your view on the discussion, be impartial and
support the group in reaching a consensus even if it isn't one you agree with (you can
comment on that in the report/action plan).
You could even run something similar with suppliers and clients if you can get them on
board.
When it is complete you should do some analysis and prepare an executive summary
highlighting issues, opportunities, quick wins and any insights or concerns that arise.
You should give some thought to how the M365 platform could be used to address
these and be ready to offer an Action Plan that could include Deep Dive workshops that
might be needed.
Deep Dive Workshops

These workshops are far more intense than the Overview workshops and are about
getting very specific insights into a narrow-focused team or competency. It is impractical
to run them for every competency across the entire organization.
Running these workshops can be challenging. Participants should be ready for several
hours of concentration; as a facilitator you will need to keep things moving along,
avoiding the debate getting bogged down on particular issues. You should elevate the
discussion back to a general case any time it is in danger of getting stuck or generating
significant dissent.
These sessions require review of the individual characteristic described in each

Competency article to assess how mature each sub-competency is.
There are a set of workbooks that include 4 thematically related competencies each; it is
not practical to put all the competencies and sub-competencies into a single sheet. They
function in broadly the same way as the Quick Assessment tool; you should modify
them by combining whichever competencies you need. Once again, scores are reached
via consensus, but at a more granular level and you should drill into individual
characteristics to confirm that the full spread of activities has been considered.
As before, outliers and comments should be captured and fed into an Action plan and
report.
Progress Workshops
It is very useful to review progress of the Action Plan and confirm that it is having the
desired effect of shifting the Maturity Level. This can be done by repeating the Overview
or Deep Dive workshops after an appropriate period of time, using the same workbook
tools. There are radar charts that will allow progress to be visualized.
It is not essential (or even likely) that you have the same participants.
As before, use these to refine the action plan, redirect focus onto new areas of the
organization, or even to celebrate success!
Resources
All MM4M365 workshop tools
Workbook - MM4M365 workshop tool - Content Set
Workbook - MM4M365 workshop tool - Hardcore Set
Workbook - MM4M365 workshop tool - People Set
Workbook - MM4M365 workshop tool - Quick Assessment
Principal authors:
Simon Hudson, MVP
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Management of Content Competency
７ Note

Content and its management are a large topic area, with many decades of technology
and expertise leading us to this point. This competency extends beyond the common
storage and structure debate; we have tried to encompass commonly overlooked areas
including internal layout and presentation standards within document types, different
classes of content beyond office suite file types, classification and labelling, as well as
extended life cycle management to include retention and disposal. It should be
remembered that content includes information not stored as discrete files, so also
covers, for example, items in lists, web pages in a content management system; it could
encompass emails and conversations, tasks, contacts and many other types of
information in a variety of systems, all of which need to be created, retrieved, used
effectively and ultimately removed in a way that supports the wider business context.

Content covers a wide variety of different types of digital items, including files, snippets
of information, emails, media content such as audio and video and many other things.
Often these are discreet files such as office documents, but equally they can be web
pages, list items, or content records in a database. A key characteristic of these many
types of content is it but they have a life cycle which includes their creation use and
ultimately their disposal, they typically require storing somewhere, need to be described
in some way, presented in such a way that people can find and use them when required
and made available in a format suitable for their intended use which may include Bing
machine readable and all interpretable by people.
This competency focuses on many aspects with management of content, including

presentation, life cycle, identification and classification and storage. For the sake of
clarity and relative brevity, it does not cover management of 'content containers' such as
SharePoint libraries and sites, Teams Areas, Planner plans etc. It does cover:
Types of content
Documents
Web pages & News
Conversations
Items (e.g. snippets of information, FAQs, tasks, contacts, notifications, list items)
Email
Media
Aspects of content that can be managed
Presentation
Consistency
Standards
Views, marking, formatting, RAG, iconography
Headings and styles
Readability and cognitive load
Accessibility
Lifecycle Management
Creation
Co-authoring
Templates
Content Structure and sematic design
Release/Approval/Scheduling
Management
Versioning
eDiscovery
Protection of content
Information Rights Management, DLP, Permissions, security
Versioning and Version History
Retention and Disposal
Archive
Destruction
"Cradle to grave"
Identification
Tagging
Sensitivity Labelling
Retention Labelling
Protection Labelling
Metadata
Storage
Structure
Platforms and tools
"Putability"
Duplicate management
Costs
Offline and sync
Level 100 - Initial

Content is created and stored inconsistently in a variety of applications, in many
styles. Often the content format is not appropriate, for example, notifications are
created as documents attached to an email, contacts are stored in Excel, images
are stored in slide decks.
No process for lifecycle management is in place.

Documents are created on an ad hoc basis either from a blank copy or by re-using
a previous version (without clearing previous metadata).
File formats for newly created content are not standardized and out of date or
unexpected formats are in use.
Content creation tools are not standardized, may uses use older versions of
software or tools from different companies, creating further content
inconsistencies.
Templates may exist, but they are "lost" in the folder hierarchy and infrequently
used; templates are not integrated into the into the ‘New Document’ setting
Editing, updates and reviews are largely serial activities or conducted in parallel via
email which results in multiple versions which must be manually reassembled.
Version control is absent, achieved through unmanaged file names or

implemented via a separate list or database. Access to version history is absent or
unreliable.
Content governance and protection are absent or achieved manually.
Disposal of superseded content is largely ad hoc. Removal policies are absent,

secure destruction is not understood and a large proportion of retained content is
out of date, duplicated or incomplete.
Users are uncertain of how and where to create list items, typically creating them
as documents.
Lists do not contain granular items. They are mostly embedded in a master
document.
Options for sorting, filtering and grouping items are limited or absent.
Identification
Naming conventions are arbitrary and unmanaged.

Version control is achieved via file names and or document location.
Tagging and metadata is not in general use; metadata that has been applied is
inconsistent, frequently incorrect and often applies to a previous document that
has been used as a defacto template.
Presentation
Templates are not managed and deployed across the organization to ensure
standards. Templates that do exist are not managed, updated, tested for
effectiveness nor do they include appropriate settings such as language, default
fonts.
Consistent styling and branding are not used consistently. Formatting is left to the
end user, without guidance. Staff make their own decisions on logos and images to
include.
A large proportion of content fails to meet accessibility guidelines.
Users are not well trained in use of content creation tools, not is there a process
for review and quality improvement.
Regionalization has not been implemented. Documents are in variants on core
languages, custom dictionaries are not used.
Headings and styles are unmanaged and no guidance on what to use is in place.
List items are frequently stored as files in spreadsheets, in word processor
documents or as simple text files. Formatting is arbitrary; presentation and
readability are left to the individual.
There little or no guidance on emails footers; some staff use the tools in their email
client to add these, but most are unaware of the value or mechanism of doing this.
Storage
Users are uncertain where to save documents; frequently creating multiple copies
in different places.
No strong file management strategy is in place. While a file server may be in use,
users may store content on a local hard drive or a removable drive.
Folder/directory structures are arbitrary.
Access permissions to content may exist but are not managed or documented.
Impacts
Users have to guess where content is stored and where to store their content,
consuming significant amounts of time.
Cognitive load is high due to inconsistencies in document layouts and styles; staff
find it hard to scan, understand and assimilate information.
Multiple copies of content with slight differences exist and there is no central
source of truth.
Applications that use the content have usability issues and mistakes are easily
made.
Poor decisions are made due to incomplete or out of date information.
Productivity is poor as staff recreate content that already exists. Timescales are
often missed and quality is often low and inconsistent, leading to poor outcomes.
Staff are unnecessarily busy, stressed and frustrated.
Level 200 - Managed

While there is some expectation that content is created and stored consistently in
appropriate applications, a lack of staff awareness and monitoring results in
inappropriate content approaches. Notifications as attached documents, contacts
are in personal lists, etc. remain widespread. Managers do not set observable
standards or expectations and inadvertently undermine improvement attempts.
There is an understanding of lifecycle management and some process for this is
outlined but not embedded in the organization other than in a few key areas.
Document lifecycle tracking is largely managed through external lists and
document registers. Documents are generally created from a blank copy or by re-
using a previous version. Staff remain free to deviate from the processes and there
is little enforcement by the system or management.
Lifecycle management of list items is largely absent.
Content creation tools and file formats have been standardized across the
organization, but this is not enforced and some staff continue to use non-
compliant formats. There is no systematic standardization of legacy content. There
may be overzealous application of the standards in some areas, overlooking the
specific business need in the local pursuit of standardization.
Templates exist, but are not well managed and not published in a way that
promotes their active use across the organization; templates are not integrated
into the 'New Document settings
Some teams and staff understand the power of multi-author editing by storing
their content in an online content management platform. While they use and
promote this approach, many staff still expect to receive attachments rather than
live link, resulting in serial editing in many cases. Content management approaches
are rarely mandated outside critical documents. Version control is in use in these
cases though much remains unmanaged or handled through manual update of
document registers. Staff members are often unaware of how to use version
history and version control.
Files within the content management platforms have some level of role-based
access, governance and protection, though this is not mandated, well documented,
centrally managed or built to best practice.
Disposal of superseded content remains ad hoc, though there may be a periodic
clean up and bulk review, especially for managed content. This is true of
documents, web pages, items and most other forms of content. There is limited
appreciation of the need to declutter, deduplicate, decommission and delete.
There are no standards or expectations for how emails should be managed; staff
frequently have thousands of emails in their Inbox, many unread. Flagging, storage
in email folders or offloading of content and actions to other systems is not well
understood and adopted.
List items tend to be created in spreadsheets, allowing a limited degree of item
level management. Some users understand how to sort and filter. Headings, field
types and structure remain inconsistent. Default names are used rather using a
naming convention
List items are not connected, centralized or created for reuse.
Identification
Tagging and metadata is sporadic, via file metadata or within the content
management system; though a document register often services this purpose.
There are some efforts to standardize some terms and categories, though this is
not applied uniformly across the organization. Status (e.g. Not Started, In Progress,
Ready for Review, Complete), is in place for routine processes, however there is no
consistency across the organization and the status is often out of date.
Naming conventions are in place for many classes of content, though this is not
enforced and there are large amounts of content where naming approaches are
opaque to other users.
Documents frequently lack clear sections with structured headings. Subject lines in
emails are often unclear and not updated as a conversation evolves. Contacts are
labelled arbitrarily or inconsistently.
The same names are used for different things and v.v. The organization lacks a
maintained glossary and agreed set of terms.
Presentation
Templates are created for many types of content and are made available to staff.
They are often updated. Users generally know where to find them, but default to
using previous published documents. Some staff have added templates to their
default location to make it easier to access, especially for frequent processes;
however, this is not embedded across the organization. Some effort has been put
into creating well-formed templates and many have been tested for standardized
style, language and other settings. These have reasonably consistent styling and
branding.
Many users understand the importance of using Headings and other styles in
content, however poor, ad hoc formatting remains commonplace.
A large proportion of content fails to meet accessibility guidelines.
Some users are trained, however most are expected to learn on the job, line
management are thought to manage this process to drive improvements, however
it is likely that most managers also lack the understanding and skills.
Regionalization is imperfect and users are often unaware of how to address this.
Custom dictionaries are generally not used.
There are often standard libraries of images, logos and iconography for use, this is
generally at a department level.
List items generally are not well formatted to improve the presentation of the
content or to automatically highlight important items or elements.
There is guidance on emails footers and staff are asked to manually update these
when changes are needed.
Storage
Users remain uncertain where to save documents and content; frequently creating
multiple copies in different places. No deduplication process exists.
Multiple file management strategies exist, often with overlap. File server storage is
the predominant approach, with local storage on hard drives or removable devices
discouraged or disallowed.
There is often an attempt to create structure within the storage solution, especially
at department or project levels; however, the limitations of hierarchical approaches
is poorly understood and largely unaddressed. Folder/directory structures
inconsistent across different parts of the organization and rely on "local"
knowledge to navigate. Where content management platforms are used, storage
strategy replicates directory structures.
Access permissions are applied at the directory or "drive" level and some attempt
is made to manage these; however, the lack of a robust process results in
inconsistencies and out of date permissions.
Impacts
made
Users understand where content should be stored, but find that there are many
exceptions, conflicts and inconsistencies; this consumes significant amounts of
time and creates uncertainty and degrades compliance with the recommendations.
While there are improvements in key areas, overall cognitive load remains high
due to inconsistencies in document layouts and styles; staff find it hard to scan,
understand and assimilate information.
Multiple copies of content with slight differences exist and there is no central
source of truth.
made.
Poor decisions are made due to incomplete or out of date information.
Productivity is poor as staff recreate content that already exists. Timescales are
often missed and quality is often low and inconsistent, leading to poor outcomes.
Staff are unnecessarily busy, stressed and frustrated.
Multiple attempts are made to introduce improvements, however adoption
remains poor and managers are unnecessarily busy, stressed and frustrated by the
lack of progress.
Level 300 - Defined

Basic Content Lifecycle Management is in place for key business operations,
commonly via content management systems (CMS) rather than file servers; this
ensures that draft, active/published and superseded content items are easily
identified. Document registers are discouraged in favor of tools with the CMS,
though legacy registers may persist. There is some effort to ensure important
content is retained and there are occasional efforts to cleanse old documents; this
may result in loss of important information due to absence of robust controls. Staff
can deviate from many processes, though this is actively discouraged.
Content creation tools and file formats have been standardized across the
organization, policies and management processes actively discourage use of non-
compliant formats. Some effort is made to update legacy content where it is in
current use.
Templates are lifecycle managed and processes make it easy to create new content
from these.
Use of CMS storage widely enables multi-author editing and staff are generally
aware of this approach, though some (passive and active) resistance remains. Use
of email attachments is in decline, many staff actively discourage this and remind
others about the storage and sharing policy.
Version control is in general use and version-duplicates are largely absent (though
other sources of duplicates do occur)
Role-based access, governance and protection is in use; comprehensive

implementation not yet been achieved.
Important content has processes for lifecycle tracking, with periodic clean up and
disposal. Retention mechanisms are attempted, sporadically. Many documents lack
appropriate protection or governance, despite an understanding of the need for
compliance and other controls.
There is guidance on effective use of email and recommendations on how to store

email. Some email activity has migrated to real time conversations, there is limited
recognition that this represents another type of content to manage.
Items previously stored in freeform documents or in Excel are beginning to be

managed in dedicated List applications. This allows granular management of each
item, with item level security, version history etc.
The use of List applications enables content reuse, with list items able to act as
data sources. Column/field headings show some evidence of standardization as a
result. Column/Field types are generally appropriate; some consistency and
standards are emerging.
Identification
There are standard content categories, and these are frequently used to group and
tag content, aiding in search and productivity. A standard set of consistent content
statuses have been developed (e.g. Not Started, In Progress, Ready for Review,
Complete), however there is no consistency across the organization.
Naming conventions are in place for many classes of content, including items, files,
media and these are often enforced using technical or process measures.
Some areas are experimenting with "content classes" that describe organization-
wide document and items, however this is not widely adopted nor
comprehensively designed.
Presentation
Routine processes have well defined and maintained templates which are
accessible from withing the process and are mandated and adopted for those
processes. Templates are generally "on-brand", fit for purpose and have been
reviewed for quality. These have reasonably consistent styling and branding. Re-
use of previous documents is avoided, though prior content is often copied into
the new documents. Some staff have added general templates to their default
location to make it easier to access and there may be efforts to implement this
across the organization.
Emails have automated footers.
Templates and many ad hoc documents are developed using Headings and other
presentation and layout formats; some effort has been put into creating company-
wide document styles. Content tends to meet basic accessibility guidelines by
default. There are some management processes to drive adoption of this practice
and to drive improvements.
Basic content skills are provided through training or self-learning as well as
through on the job mentoring and feedback.
Regionalization is actively addressed through templates, configuration and policy;
however, gaps remain and are often allowed to persist.
Custom dictionaries use is in place in some parts of the organization, though there
is limited understanding of how to maintain and cleanse these dictionaries, leading
to degradation over time.
Standard media and content libraries are commonly used, through maintenance is
variable and managed at a department level.
Lists of items generally are presented using out of the box formatting and layouts.
Automatic formatting and standardized layouts, column ordering etc. is not well
developed.
Some use of views to sort, filter and group items is in use is emerging, but users
frequently overlook these tools. Standards for views and view naming conventions
have not been established
Storage
There is a designed storage approach, with signposting, guidance, and some

enforcement of where to put content. Content management strategies are
understood and are increasingly robust, effort is put into maintaining staff
understanding and compliance. File server storage is in active decline, is described
as part of the contentment strategy and legacy file stores are understood with an
intention to migrate/deprecate them where possible. Use of local storage on hard
drives or removable devices is mostly disallowed by policy and technical measures;
staff are familiar with the mandated approaches.
Centralized storage areas are carefully structured, providing access to managed
assets, publication and resource areas across the organization, with appropriate
permissions. Well-designed information architecture flows down to most
departments and projects. Collaboration and personal or team areas remain largely
unstructured and somewhat chaotic. Use of folders persists but is in decline in
some areas in favor of content tagging and filtered views.
Access permissions are as granular as needed, applying to entire content
repositories and/or to individual items. Management remains somewhat
inconsistent in the absence of strong governance processes linked to roles.
Legacy lists are updated to be stored in appropriate systems, reducing the reliance
on direct file storage in favor of task specific applications and platforms.
The rate of increase in email storage show signs of reducing.
Impacts
Use of content across core business process applications has improved markedly,
resulting in fewer mistakes and less wasted time.
Users understand where content should be stored. Exceptions, conflicts and
inconsistencies are greatly reduced and staff have some confidence, begin to
understand the benefits and are more willing to adopt it.
Staff find it easier to find, understand and act on existing content. Productivity
improves; rework and errors are noticeably in decline.
Staff recognize central sources of truth and turn to it in preference to other
sources.
Improvements are able to be introduced and are widely adopted in key processes.
Managers are seen as leaders of this adoption and benefit from their staff
productivity. Some changes remain ineffective, rushed or only partially effective
due to the corrosive effects of legacy content and some staff resistance.

Content Lifecycle Management is in active use in all regulated or quality assured

processes and elsewhere that has impacts on the business. Most documents are
tagged with sensitivity, status and retention information or reside in a location
where this is enforced.
All types of content have similar levels of management:

List items have version control, retention, deletion etc. at the item level.
Media files are managed in the same way as documents, with metadata, reviews
and lifecycles. They are linked to associated assets, such as transcriptions and
related media and lifecycle management applies to both the components and
the content sets.
Email items are actively managed and redirected into other types of content or
messaging as part of a comprehensive content management approach
Publication and removal schedules are applied to web pages and news items.
Retained web pages are regularly reviewed to ensure they remain up to date
and useful/relevant. They are actively linked to related content, with these links
dynamically updating as the related content changes, is created or removed.
Document management capabilities are designed into repositories to be compliant
with lifecycle policies. Most content is based on managed content types; these
include definitions of the template, identification metadata, lifecycle and
disposition markers, status and other policies by default.
File servers and local file systems are not in general use except where there is a
documented need.
There is active, managed removal of content from managed content areas in

accordance with policies and staff are responsible for ongoing "decluttering" and
organization of collaboration and personal content. Controls and monitoring are in
place and used to review these activities, though typically without automation or
strong enforcement.
Multi-author content creation and editing is the norm and extends beyond
organization boundaries to incorporate suppliers, partners and clients where
appropriate and with well understood and monitored security and governance
(such as use of time windows for editability). Use of email attachments is the
exception within the company and is in decline with external content sharing.
Duplication of content is actively avoided and there are periodic checks to identify
unnecessary duplicates. There is good understanding of version control and
version history, and these are appropriately used.
Role-based access, governance and protection is well designed, documented and

consistently implemented.
Document Retention mechanisms are in -lace for all important classes of content
and are reviewed annually to ensure policies and technical controls are effective
and appropriate. attempted, sporadically. A governance board reviews new needs
and oversees decisions on retention, disposition and destruction of content.
Schema exist for common list types, often based on open standards, to ensure
consistency and interoperability. Extensions to schema are carefully considered,
reviewed against other schema in use and rolled out in an integrated way that
updates all dependent lists.
Content classes are developed based on the agreed schema.

Identification
There are standard content categories and these are widely used to group and tag
content, aiding in search and productivity. A standard set of consistent content
statuses, classifications and other business wide approaches to naming and
identifying content are in place. There is some automation of tagging and
classification.
"Content classes" are widely in use and there are processes for creating new
classes as needed.
Presentation
There is an active process for updating templates across the organization to ensure
they are up to date, fit for purpose and support brand and style guidelines
Emails have automated footers, with role-based variants and active insertion of
content in support of campaigns and other business communication needs.
Documents are carefully structured, with consistent use of semantic elements such
as headings, default styling, insertable standard content and images. They are
designed to support appropriate and effective presentation of content (i.e. the
purpose of the document defines the style of the document) while supporting
accessibility guidelines, effective search and other busines needs. Staff are well
versed in use of these and use them consistently.
Staff are familiar with best practice across a wide range of content creation.
Presentation and management and actively skilled for the needs within their role.
Regionalization is actively addressed and implemented through templates,
configuration and policy. There are processes for identifying errors and
inconsistencies and flagging these for action
Custom and industry dictionaries are deployed to users" computers. There is a
process for correcting and updating these.
Standard media and content libraries are commonly used; there is centralized
management of core tags and information architecture used for identification,
classification and management.
Tagging and topics allow systems to recommend content to users.
Lists employ dynamic formatting, layouts and views to highlight important insights
and to aid both item level and aggregated use, comprehension and insights.
List items are actively used across the content management environment, acting as
data sources, lookups and choice field content. Changes are managed and
dynamically update other content
Storage
There is a comprehensive storage strategy supported by a well-designed platform

for almost all forms of enterprise content. This encompasses "business-personal",
collaborative, operational and corporate content as well as the continuum from ad
hoc and temporary content to persistent or long-term content. Strong signposting,
guidance, and automation aid staff in how to adhere to the strategy and therefore
put content in the right "place" n the right way. Content management strategies
are well understood and are robust, with staff understanding and compliance
monitored. File Server are employed for very specific purposes and not for general
content use.
Centralized storage areas are carefully structured, providing rapid and clear access
to managed assets, publication and resource areas across the organization;
permissions and security are strongly managed and monitored without limiting
productivity. Folder use is rare and appropriate.
Access permissions are as granular as needed, applying to entire content
repositories and/or to individual items and often extend outside the organization
to accommodate suppliers, partners and clients with the same level of fidelity and
control.
Email storage growth has plateaued.
Impacts
Content is strongly managed across business applications and processes, feels

largely seamless to users and is easy for them to recognize value in and adopt.
Staff focus on task completion, contributing to content management consistently,
recognizing that their contributions benefit other parts of the system.
In many cases, content storage is a function of the type of content and not at the
discretion of staff; "putability" decisions are driven by well-established principles
that staff are fluent at applying.
Productivity is consistently high and metrics are in place to identify and act on
exceptions. Rework and errors are rare.
Staff intuitively use definitive reference content; they know how to validate that
they are using appropriate information and are collectively confident of decisions
based on their sources.
Content driven systems are routinely improved; feedback and monitoring
mechanisms at granular and aggregate level continuously identify areas for
improvement and enable programs of work to maintain productivity as the
business landscape evolves.
Staff and managers are able to focus on their objectives and are rarely interrupted
or frustrated by the quality and accessibility of the content they need or create.

Content Lifecycle Management operates at most levels of the organization, is

optimized, tracked and reviewed for effectiveness and actively drives quality,
productivity and risk reduction – this may be reflected in certifications, standards
and reduced insurance costs. It remains consistent as it spans different types of
content and platform.
Most content is created based on well-defined and managed "content classes or

content types. There is visibility of use of content types across the organization and
an understanding of the content type schema and inheritance.
Linkages between types of content are respected, retaining referential integrity, to

ensure that changes at a granular (item, file or document) level do not cause a
degradation to sets or collections of content.
Content tagging for classification, access, sensitivity, status and retention is widely
automated as are relationships between content.
Retention policies are actively managed and tested. Unmanaged documents are
the exception. Document Retention is applied to almost all content, including
items in lists, emails other non-file types of content.
Policies and technical controls are actively updated in response to changing needs
and regulatory and business landscape.
Default removal policies and notifications drive broad compliance and clutter
avoidance. Removal of content is largely automated.
Metrics describe the entire content position across multiple dimensions including
status, usage, value and more.
Highly efficient, flexible and productive approaches to the entire content lifecycle
are the norm and encompass almost all the organizations actions and interactions.
External organizations are actively assisted in achieving robust levels of maturity.

Email attachments are rare.
Proactive deduplication is in place. Potential duplicates are identified at the point

of content creation.
Role-based access, governance and protection are deeply embedded in processes

and are designed with minimal "friction" for the task or process.
Live, multi-author use of content via links, active discovery and graph-based
personalization is the norm, ensuring content remains live, up to date and relevant.
Identification
Content categorization is largely automated; existing content is analyzed on an

ongoing basis to apply tagging and labelling in order to ensure that new context,
topics, classes and policies are applied dynamically as these emerge in the
business.
Images, other media and related content are automatically suggested for inclusion
based on tags, context and insights from "the graph" of the organization.
"Content classes" are the norm for almost all content. Externally sourced content is
likewise assigned to a class and tagged.
Presentation
Content creation is based on full managed, automated templates, with significant

degrees of automatic content completion, content suggestions, AI assistance or a
"wizard" based creation process.
Emails have dynamic, role, risk and context driven footers.
Fully semantic documents are in widespread use, with quality control and testing.
Poorly structured and presented documents are identified and addressed.
Accessibility is strongly supported, and documents are frequently optimized to
support other automated processes, little human input. Automatic content review
checks for style, consistency, grammar and tone of voice, sentiment and possible
data loss.
Media and other elements are strongly standardized, classified and published.
Images are automatically tagged for accessibility. AI automation may suggest
suitable media for insertion into content.
Video content is automatically tagged, with audio transcripts also being generated
where appropriate.
Best practice, Regionalization, productivity aids including dictionaries, thesauruses,
knowledge-lookups etc. are embedded across the organization. External
organizations are influenced to adopt content management approaches. These are
dynamically adjusted to meet the needs of the member of staff accessing the
content.
Lists can be automatically created from list templates employing standard schema
and deployed on demand. These include consistent dynamic formatting, layouts
and views.
Other applications can update list content dynamically.
Storage
There is a wide reaching, flexible and inclusive strategy for storage of all types of
content which ensures everything is available to staff and partners who need it,
regardless of location, device, region etc. "Putability" is actively guided or fully
automated, based on AI classifiers.
Storage is largely "invisible" to staff. Content is created, stored and accessed
without a need to learn the storage structures.
There are effectively no limits to the volume of storage or type of content that can
be stored and accessed.
Impacts
Content is proactively managed and monitored across all business applications

and processes. The user experience is seamless and feels fluid to staff, with
minimal silos or boundaries to negotiate. Staff focus on task completion, often
without having to actively contribute to content management due to high degrees
of automation and embedding of content management in content processes. Staff
are actively willing to undertake some content management tasks, Pay It Forward is
intuitively accepted.
Content storage predominantly a function of the content type and the process.
Staff rarely concern themselves with where to store anything or how to retrieve it.
Productivity is maintained at a high level through active interventions and a cycle
of continuous improvement based on data driven insights. Statistical methods
monitor for out of bounds errors and exceptions and ensure content errors and
exceptions are systematically eliminated.
Unreliable content and information sources are actively improved or eliminated. AI
monitoring continually assesses content quality and suggests improvements and
interventions.
The organization can respond rapidly to changes, dynamically repurposing
content, amending tagging, labelling etc. to meet new scenarios.
Scenarios
The company needs to manage its staff and process policies in order to remain
complaint and ensure staff only work to the latest version of each.
The sales team need to issue new quotations and access previously issued versions,
similar quotations for other clients and different quotations to the same client. These
need to have consistent layouts and information.
Company vision and values need to be updated and communicated across the
company, with previous versions removed.
Financial and HR documents need to be retained for legal purposes.
Project teams need to be able to access all documents related to a project and
understand their status.
Information Governance need to ensure that all sensitive information is identified and
not shared externally.
Marketing wants to ensure all internal and external documents use the new company
logo, colors and mission statement.
Staff need to know where to store the product specification information, QA reports and
analysis data for a new product. They also need to update the new product pipeline
overview for the sales and marketing teams.
Conclusion
Management of Content remains a challengingly broad and deep competency for
organizations to address. It is vital that the broad concept of content is incorporated
into any content strategies, to ensure that approaches are not limited to just documents.
Equally, many organizations invest in file storage technologies that provide performance
and security, but do not address the regulatory and legal obligations around sensitivity,
compliance and retention/disposal. Equally, the corrosive effects of clutter,
inconsistency, poor presentation and clear identification of content at all levels is
overlooked, with attendant impacts on productivity and risk.
Burgeoning automation and AI make achieving high levels of maturity realistic for most
organizations; however, the fundamentals need to be put in place before these can be
effectively deployed.
Common toolsets
Azure
Azure Information Protection
Data Loss Prevention
Email
File services
Microsoft Lists
Microsoft Purview
Microsoft Syntex
Microsoft Word
OneDrive
OneNote
Power Automate
SharePoint
Stream
Teams
Viva Topics
Resources
There are a variety of helpful documents on lists, libraries, information architecture,
plus related competencies such as search, communication and collaboration on
this site.
The slides we've used in this article are available in the backing repo on Github as
Management of Content - Content Lifecycle
 Tip
recent updates.
Principal authors:
Simon Hudson, MVP

Simon Doy

Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Infrastructure Competency
７ Note

Infrastructure is still infrastructure, despite the evolution of the cloud. The principles
remain, though the roles and accountability for much of the 'physical' interaction has
been handed off to the cloud platform providers. It's important to remember that
infrastructure was always about more than the tin and wires, infrastructure encompasses
disciplines including networking, security, enterprise architecture, planning, and
governance.
Despite claims to the contrary, the Admin or IT Pro job does not go away when an
organization moves to the cloud. There are still administrative decisions to be made and
tasks to be accomplished. How well those are performed will impact how much value an
organization gets out of their cloud platform.
It's equally true that organizations still have their own infrastructure, whether in the form
of hybrid environments, highly diffused remote workers' technology, and the necessary
core infrastructure for connecting to the cloud at all.

The Modern Infrastructure Competency focuses on tasks that are traditionally carried
out by IT Pros or administrators. These are tasks that are normally executed during the
setup and configuration of a tenant, when new functionality is introduced to the
platform, or as part of the process when organization is moving from one level of the
Maturity Model to another. They generally impact all users in the tenant and all like
objects in the tenant.
Desktop devices are not covered by this competency, though it should be remembered
that these interact with infrastructure and have not been handed off to the cloud
provider and need to be managed in order to connect to the organization resources.

Model levels.
Level 100 - Initial

Organizations at this level are usually at the very beginning of their journey into the
cloud. They are likely in the middle of, or have recently, migrated into the cloud. They
may also be a new smaller business starting out as cloud first. They may be a small
business without a dedicated IT staff. Cloud technologies are probably in use since they
are easier to provision than on premises technologies to get to the "good enough to do
the job" state. It is common for a company to get enough cloud functionality put into
place so they can start working on core business and never leave Level 100 and continue
to operate with a minimal IT team or have just functional external IT support.
There may continue to be servers under staff desks, portable hard drives in drawers and
a file server for organizational files.
100 Process
There is often no one responsible for infrastructure management; there may be
external support used on an ad hoc/break fix-basis. Resources are provisioned ad-
hoc, when requested. Staff and leadership are unaware of good practice, the
importance of this and the impact of their current practices.
Process changes that are performed are manual, ad hoc, undocumented and done
'in the moment'. Changes are made in a reactive fashion when something breaks,
or something is needed.
Changes are purely application-feature driven and any infrastructure changes are
driven by 'having' to do something vs. 'needing' to do something.
The organization may be using a single environment for development and
production but are unaware that there is a difference.
There may be some use of resource groups, such as distribution lists and security
groups, however these lack governance, standardization, granularity, and naming
standards.
Object-like sites, mailboxes, and users are created without a formal request
process and with no consideration of how they fit into the wider information
architecture.
User processes are not defined. There are no official onboarding or offboarding
processes. User access to shared resources is assigned ad-hoc without a formal
request and review process.
No company-wide business processes are defined.
No consideration has been given to backup, data recovery, and business
continuity.
Software is largely installed locally and manually, mostly by users.
Directory services are often not used (AD and/or AAD for example), with staff able
to use local or unmanaged identities.
100 Technology
There is no planned network design or management.

Devices are commonly directly connected to computers rather than via a network.
There is no device management.
The organization is unaware of the need to do patch management.
Single production environment, or small set of static test machines, if any.
Different hardware, standards, and software are in use.
There is no disaster recovery plan, so recovery of servers, devices, networks, etc.
are rebuilt manually based on memory and Google searches.
Tools used for admin are based on individual preferences/knowledge, without
standardization of organization fit.
Configurations of sites, applications, etc. created and used with out-of-the-box
functionality or based on individual adjustments or knee-jerk lock down. Templates
are not used, and provisioning processes are not employed.
If virtual machines are used at all, these are ungoverned, with no management of
resources, event logs, standards, etc.
100 Storage
There is no knowledge of storage used across the organization (until they get a
bill). This extends to types and location of storage. Storage frequently includes use
of removable drives, DVDs, personal storage, and isolated PCs.
There is no control, management, or standards of storage devices.
Access control to storage is largely absent; people have access to things they
shouldn't and don't have access to things they should.
No backup for significant proportions of the storage. Backup strategies have not
been developed, implemented, or tested.
No governance is in place for lifecycle management. Objects of all types (files,

platforms, services, users, etc.) that are created will exist until they are manually
deleted by an administrator.
Admin access is provided as needed and generally not revoked after use. There are
many live admin roles. All Administrators are Global Admins.
There is no understanding of identity and role-based access.
Basic security exists but has not been shaped to address the actual business risks.
Firewall rules are not configured beyond defaults.
There is no understanding or monitoring of technical risks and hence no
programmatic management.
RDP/SSH access over the Internet is unmanaged.
Staff devices are able to connect to any networks without policies. Equally, devices
can expose resources to other networks and/or devices.
A single login is used for servers and other resources and shared amongst users
and contractors.
Root account access is available to users.
Platform security functionality is not leveraged. The focus is on providing access,
not securing resources.
Staff with global level access are not assessed, vetted, or broadly trained (though
an effective onboarding process); their contract of employment does not reflect
the significant levels of access they have.
100 Impacts
When operating at Level 100, processes are not defined so there is little consistency for
users. Similar types of data may be stored in different ways throughout the company or
duplicated in several places. It is also difficult to get users and other resources created
as there is no defined process. Users do not make efficient use of their time when using
cloud technologies as they are constantly looking for things and reinventing processes
that others have already done but are not published as standards.
There are also likely security vulnerabilities as authentication and authorization isn't
standardized, and platform security functionality is not likely to be taken advantage of.
Files are routinely duplicated, file storage lacks effective structure, search is ineffective.
Level 200 - Managed

Processes are documented or widely understood to enable (but not enforce) the
preferred ways of doing them. Some processes are repeatable, possibly with consistent
results. Process discipline is unlikely to be rigorous, but where it exists, it may help to
ensure that existing processes are maintained during times of stress.
Repeatable level characteristics include:
200 Process
There is a person or small team of developers responsible for infrastructure

management, possibly with external support. There is an attempt to actively
manage environments. They may have a basic knowledge of DevOps principles
and good practice, though this is weakly implemented. There has been an attempt
to document basic requirements, including basic security principles and operating
constraints. These are not reviewed and updated routinely.
The organization may be using a single environment for development and
production but are attempting to mature the approach; or there may be separate
environments, however these are not always used as intended.
Infrastructure management is intended to be proactive but frequently falls back to
break-fix with limited proactive intervention.
Resources provisioning is nominally defined which includes good practice,
deviations are frequent and in-the-moment changes increasingly erode the
standard build. Staff and leadership continually push infrastructure management
person/team to prioritize expediency and performance over good practice and
stability. These changes are not reliably documented or updated to better practice
subsequently.
Resource groups, such as distribution lists and security groups, are in use and there
is an attempt to maintain these; processes for this are intermittent (typically a
monthly, quarterly or annual clean up) and neither comprehensive nor error free.
Processes for object creation exist, but exceptions to the process frequently arise
and there remains a lack of overarching information architecture.
Onboarding or offboarding processes tend to be manual and are often overlooked
or delayed. Role Based Access is attempted, but not well designed. These can lead
to inappropriate or absent user access to resources.
Backup, data recovery and business continuity are in place, but are not routinely
tested and do not take future needs into account. Applications can be recovered
manually from scheduled backups or redeployed via manual intervention if a
failure happens, in the event of a total loss in a region the application and its
dependent virtual infrastructure can be recovered from backup, backups are tested
occasionally in isolation but falls short of a full business continuity test.
Updates and changes are batched up into monolithic releases applied periodically,
however the impacts of downtime and user productivity are not carefully
considered.
Directory services are in use (Active Directory and/or Azure Active Directory for
example).
There is basic usage of monitoring and alerting, but this is not acted on promptly
or reviewed proactively.
200 Technology
Separate production and test environments exist, manually maintained, manual

releases from dev to test to prod
A basic network design has been established and the devices involved are
understood, though often not remotely managed. There may be use of VPNs
private vNets. Directory services are implemented.
Admin tools are mostly harmonized across the technical team. PowerShell and
other automation are used to a limited extent, with some manual housekeeping
and extensive use of admin portal interfaces employed in parallel. Scripts mostly
are used 'as found' rather than knowledgably crafted for purpose in-house.
There has been some attempt to standardize hardware, often through selection of
preferred suppliers, possibly with support contracts. Most devices are networked
connected, but legacy connections exist, especially directly connected printers etc.
Centralized device management is not comprehensive.
A core set of applications and subscriptions is defined; these are implemented on
new hardware, but older devices are not necessarily updated.
Centralized software distribution and patch management exists for core
applications/systems. As with other infrastructure aspects, some staff bypass this.
The 'standard' installs do not accommodate specific user/role needs, resulting in
dark IT and other workarounds.
Proactive patching is looked at with nervousness in case it introduces instability
that is difficult to troubleshoot and isolate.
There is a basic disaster recovery plan, but this is not well tested or actively
maintained, partly due to the wide variety of hardware and software in use.
200 Storage
There is an intent to store content appropriately on central file stores, whether

local file servers or cloud storage; in practice there is limited compliance with the
plan and little enforcement. Removable storage is actively discouraged.
Attempts are made to manage central storage, including controlling access,
monitoring capacity and encouraging removal of content. This is met with some
resistance by staff and effectiveness is limited.
Backup is in place for managed devices; testing is sporadic however and the
processes for file ad hoc recovery are not clearly defined.

Lifecycle management is understood in principle, but weakly applied and without
automated processing for retention or disposal. Status flags are used, but content
is frequently found past its review, expiry and other control dates. Users do not
actively engage in management of content lifecycles.
Admin access is generally revoked after use, but exceptions frequently occur. There
are attempts to limit live admin roles and apply granular roles where possible.
Identity and role-based access is understood in principle, but real-world
implementation of it continues to be a challenge.
Security is in place but exhibits either or both over-zealous and over-permissive
approaches. This includes remote access, mobile device use and other non-office-
based modern approaches. The business runs at risk, this is not fully appreciated
by leadership.
Understanding, monitoring and management of technical risks is limited.
There are holes in network connection policies, sometimes due to active
workarounds by staff or at the demand of leadership.
Log ins for servers and other resources are not robustly managed.
Platform security functionality is used but is not sophisticated or well understood
in scope or depth. Policies are often inconsistent, conflicting or use the defaults.
Some effort is made to limit and assess staff with global level access; contracts of
employment and general staff policies set out appropriate behaviors.
200 Impacts
When operating at Level 200, processes are beginning to emerge but are likely not
documented or enforced so users may be frustrated with inconsistent experiences.
Data is growing and somewhat organized, but no defined, enforced, or automated

policies means that there is a lot of manual time spent sorting, moving, and deleting
unwanted or unneeded information. Search is beginning to be used more to find things,
and duplication increases as the simple navigation experience used at the 100 level is no
longer sustainable.
Regular processes are beginning to follow a regular routine and many of them are
documented and repeatable. However, they are still specific to the person doing the
task, and communication is not governed or enforced holistically.
Security becomes more of a concern as user adoption grows, custom features and
functionality increases, and citizen development enters the mix. Passwords are stored in
some way and service accounts are beginning to be used for processes that cross
boundaries.
Level 300 - Defined

defined and documented standard processes established, signed off and subject to
some degree of improvement over time. These standard processes are in place. The
processes may not have been systematically or repeatedly used to the extent needed for
their users to become fully competent or for the process to be validated in a range of
situations. This could be considered a developmental stage - with use in a wider range
of conditions and user competence development the process can develop to the next
level of maturity.
300 Process
Most infrastructure requirements, including security, proactive management,

operating constraints, patch management and updates are documented and
implemented using standard tools. Processes ensure these are reviewed and
updated, though not in response to external threats or opportunities. Exceptions
and gaps exist but are mostly of low impact.
Appropriate environments exist for development, testing and production.
Processes for moving between these are often manual, though they are actively
managed. The team responsible are competent and adequately supported,
allowing them to deliver proactive management and create an acceptable level of
trust in the organization's systems.
Processes for the breadth of resource provisioning, resource group availability etc.
are consistent with good practice. Exceptions are limited, new systems are piloted
and ultimately brought into the overarching process management.
Staff and leadership respect the role the infrastructure team play, some have
attended formal training and achieved industry certifications, however sometimes
they expect too much and have limited understanding of the constraints and
technological limits. There is some frustration with how long things take and the
lack of flexibility.
Onboarding or offboarding processes are generally effective, with some scripts,
notifications and trigger points established. Clean-up tends to occur periodically
rather than as a continuous process. Role Based Access is generally effective and
access breaches or complaints are infrequent.
Backup, data recovery and business continuity are in place, tested and are
reviewed annually for changes or investments required. Recovery is at least partly
automated, allowing reasonably rapid response to issue. The strategy extends
beyond recovery into resilience.
Updates and changes are actively managed, with releases able to accommodate
out-of-sequence updates and allow flexibility to accommodate impacts on users
and business operations. The business is advised of this in advance and a
mechanism for feedback is in place.
Directory services are well designed, leveraged and mostly up to date. Advanced
features, including profiles, hierarchies and extended use of business entities etc.
are partly adopted.
Active monitoring and alerting are employed at processes analyze this data and
promptly act on alerts and issues.
300 Technology
The network design is well established and updated in response to changes.

Analysis and monitoring allow targeted upgrades and design improvements to be
acted on, subject to budgets/investment decisions. Most of the network and
associated infrastructure can be remotely managed.
PowerShell and other automation are used extensively, though manual
interventions still occur until scripts etc. can be developed.
Legacy technologies and devices are deprecated or moved to end-of-life in a
managed way.
Centralized software distribution and patch management are effective and offer a
degree of adaptability to business and user needs. Changes are typically batched
into monolithic releases monthly and require manual QA/UAT activity; basic use of
telemetry reduces the risk of the release causing degradation to services etc.
Most hardware, software, tools etc. are standardized and updated as appropriate.
There is a residual tendency to use 'proven' technologies and processes for
adopting newer options are somewhat slow, such that the organization is behind
the curve for some things that might have provided competitive advantage.
Standard configurations and templates are widely used and provide a degree of
variation according to different business needs. They are updated sufficiently often
so that newer capabilities are available to staff.
Staff generally are content to use the standard facilities provided and can request
exceptions in a managed way.
Virtual machines use is well managed, with orchestration and resilience.
300 Storage
Content storage is well understood, with the architecture reflecting performance,
resilience, security, access, and content type needs. Legacy content continues to
cause pain and duplicates, superseded and unnecessary content persisting despite
multiple attempts to address the issue. Access control is similarly in place but not
perfect.
The content strategy responds to current needs and future needs are considered.
This encompasses storage volumes, governance and compliance and other known
considerations.
Content and application data backup is effective in most cases.
Lifecycle management is applied to important content, with some use of retention

and disposal flagging. Notifications may alert staff to content approaching and
past review, expiry, and other control dates. Some staff are responsible for
management of specific content lifecycles.
Admin access is actively managed, granular, and granted following an effective
(but not always timely) process.
Identity and role-based access (RBAC) is applied, but exceptions exist.
Security is generally well understood and applied, though unusual use cases may
not be accommodated effectively or without 'friction'. The business uses tracking
metrics and platform features to assess / benchmark the security profile and work
on improvements. Technical risks are broadly understood and have leadership
oversight. A broad approach to security using embedded tools in applications,
platforms and systems is in place, through the depth of knowledge and ability to
maintain this are often limited.
There are robust processes and contracts in place for staff, contractors, suppliers,
and others that may interact with the organization's infrastructure.
300 Impacts
When operating at Level 300 processes are documented and enforced. Automation,
audit, and testing are a regular part of each process allowing for bandwidth to create
proactive processes and tasks.
Data is more organized by area or application and most likely is being accessed via
some sort of enterprise master data management architecture. Data governance is
beginning to emerge organically and more advanced features such as compliance, DLP,
and eDiscovery are being used to identify and manage data.
Process management is becoming well defined, documented, and enforced. Users know
what to expect and how to interact with each process. Repetitive tasks and ongoing
processes are automated and error handling is part of that process.
Security is a priority and regular testing leads to proactive tasks to ensure that
vulnerabilities are minimal and managed.

The process is actively managed in accordance with agreed processes and has tracked
metrics. Effective achievement of the process objectives can be evidenced (using
metrics) across a range of operational conditions. The suitability of the process in
multiple environments and scenarios has been tested and the process refined and
adapted with corresponding updates to documentation, policy, and training. Process
users have experienced the process in multiple and varied conditions and are able to
demonstrate competence. Adapting to new projects or scenarios can occur without
unexpected, measurable losses of quality. Process Capability is established from this
level.
400 Process
There are formalized lists of requirements, including security requirements,
operating constraints and defined and enforced Service/Operating Level
Agreements (SLA/OLA) and a basic control framework where evidence of meeting
requirements is evidenced manually, via documentation and reviewed and audited
periodically.
There is a formalized and appropriately sized (perhaps medium to large) team of
developers and Site Reliability Engineers (SRE) supporting multiple and diverse
applications following a DevSecOps model overseen by a Chief Technology Officer
(CTO) or Chief Information Officer (CIO) and dedicated representation from an
accountable security function overseen by a Chief Information Security Officer
(CISO).
Developers / SRE submit pull requests for small changes that are batched up to
implement on a daily or weekly basis during an agreed and well communicated
change window after being successfully tested and reviewed.
Infrastructure is managed with the same rigor as application code and managed
through source control and Infrastructure as Code principles with several
exceptions where it is very complex to automate and is quicker to do as a 1-off
manual configuration.
Automated subscription lifecycle (automation) is used as much as possible where
appropriate.
Synthetic user-journeys from quorum nodes outside platform feed into application
telemetry.
Applications are architected in a distributed fashion and use retries and caching
layers to work around transient failures with short or minimal outages or impact to
end-users, this process is tested at least annually via a planned outage.
400 Technology
Consistent deployment is achieved via pipeline tooling.
There is widespread use of scripted configuration checks for common faults and
with scripted remediations (e.g. restart/redeploy VM, container).
Just in Time access for VMs has been implemented and tooling is used to
configure and control VMs.
VMs are treated as ephemeral resources and frequently re-deployed from a
known-good state via Infrastructure as Code rather than upgraded, patched etc.
Auto-remediation of security vulnerabilities is in place.
Ephemeral environments are a core part of the strategy. The organization can
spawn as many environments as required (VM, PaaS or container) based on a
Continuous Deployment pipeline; these have basic automated release tests with
staff doing final QA and UAT activities.
400 Storage
Content storage is fully managed. Legacy content has been largely eliminated and
tools, policies and processes are effective at preventing or remediating duplicate,
superfluous and superseded content. Content labelling, retention and sensitivity
scanning occurs across most content. Access control is effective; updates and
changes, especially related to personnel role changes, are timely.
The content strategy anticipates future needs, analyzing future needs, actively
anticipating governance and compliance obligations and technology capabilities;
horizon scanning, and scenario modelling are used to anticipate possible future
needs and impacts.
Disaster recovery, business continuity and content protection are planned,
implemented, tested, and enhanced as a continuous cycle.
Role Based Access Control is well implemented, with custom roles and sitting
alongside a 'least-privilege' approach using tools such as APIM to automatically
audit and enforce any admin elevations required.
Conditional access is fully adopted. A 'break-glass' access process is in place for
extreme situations, to allow access to senior executives and key staff as a fall back.
A dedicated security team ensures policies and processes are automated and
regularly enforced across the organization. Tools are in place for security
information and event management (SIEM).
Zero-trust architecture exists between elements of applications and internal users
through access control and centralized firewalls.
The Internet perimeter is secured and tightly controlled; it extends to selected 3rd
parties over private interconnects or the Internet.
400 Impacts
Processes are defined, documented, group or role-based, and completely automated.

Manual intervention is only needed for unexpected situations and exception handling.
Regular auditing and testing result in enterprise level initiatives to invest in more
effective strategies.
Data is documented, architected, and managed at the enterprise level. All source data is
governed and backed up automatically on a regular basis. Records management,
sensitivity labels, and data governance are part of an enterprise strategy to ensure the
right information is being managed, disposed of, and archived according to corporate
and regulatory requirements.
Process management is completely automated and is reliable. Users know what to

expect and how to interact with each process. Repetitive tasks and ongoing processes
are automated and error handling is part of that process.
Security is a priority and regular testing leads to proactive tasks to ensure that
vulnerabilities are minimal and managed.

Management of the process includes deliberate and systematic process
improvement/optimization. There is focus is on continually improving process
performance through both incremental and innovative technological
changes/improvements. Management of the processes are concerned with addressing
statistical common causes of process variation and changing the process to improve
process performance, using techniques such as Statistical Process Control (SPC). Level
500 is likely to include automation, reduction in human input and associated variability,
strong governance and compliance interventions as well as optimization for user
interactions and productivity.
500 Process
Dedicated teams proactively prioritize infrastructure project needs in alignment
with business initiatives driven by corporate leadership.
Team members are cross trained, certified, and follow a consistent methodology.
Existing processes and lessons learned are regularly reviewed to create
improvement tasks.
Changes are proactively planned and automated to minimize disruption and avoid
outages.
In addition to defined non-production and production environments, sandboxes
and demo environments are available for additional R&D planning and testing.
Architecture, hardware, and software needs all follow best practice including
defined roles/groups and policy management.
Processes are all well-defined and documented for public reading and review at
any time.
DevOps/SREs submit pull requests frequently through the day to make changes to
components in the environment which are automatically tested and deployed
immediately if they pass.
500 Technology
Hardware/software is inventoried, managed, and all versions are the latest
"accepted" version.
Network design and management is defined, documented, and managed.
VMs are treated as ephemeral resources and frequently re-deployed from a
known-good state via Infrastructure as Code rather than upgraded, patched etc.
Auto-remediation of security vulnerabilities is in place.
Ephemeral environments are a core part of the strategy. The organization can
spawn as many environments as required (VM, PaaS or container) based on a
Continuous Deployment pipeline; these have basic automated release tests with
staff doing final QA and UAT activities.
Applications are architected in a truly decoupled, microservice fashion and make
extensive use of retries and caching layers to work around transient failures
without impacting service.
Changes are small, incremental, and simple to rollback.
500 Storage
Storage is defined and strategic. Processes and policies manage what is stored
where and minimized for maximum ROI.
Storage is treated cross functionally as an enterprise level shared resource.
Storage management effort is minimized and instead data is governed and
managed by SRE and DevOps with an enterprise MDM strategy and available API
libraries.

Formalized list of requirements, including security requirements, operating
constraints and an SLA/OLA expressed as code (Policy as Code) and an advanced
control compliance framework where evidence of meeting requirements is
automatically evidenced by deployment pipelines or programmatic checking and
auditing of configurations. This is reviewed and audited continually via an
automated process with the results published, for example to a compliance
dashboard.
All access is managed via PIM with MFA via peer-approvals for privilege escalation.
Dedicated DevOps/SRE roles supporting multiple, diverse and complex
applications following a global-scale DevSecOps practice overseen by CIO, CTO,
CISO and IT risk management roles; servicing multiple customers (internal or
external).
Infrastructure is viewed exactly the same as application code and managed
through source control and Infrastructure as Code principles exclusively.
Absolutely no manual changes allowed, all driven through infrastructure as code.
Guard-rails block all non-best practice configurations.
End-end deployment from development to production automated, with
prescheduled automated test-cases for everything.
A/B (blue/green) releases for new features.
Automated failover or expansion of service instances between Azure regions to
route around failures, redeploying or scaling-out application instances where
required in regions that see a significant uptick in traffic.
True Zero-trust architecture between elements of applications and internal users
through access control and de-centralized firewalls - identity really is the security
perimeter and possibly spans multiple hyperscale cloud providers over the
Internet.
500 Impacts

Mature processes are part of everyday culture, completely automated, and self-
correcting, if possible. Changes are proactive based on strategic decisions and
innovative so as to create a market differentiator when implemented. Leaders are
trained, certified, and regularly sharing successes with peers and assisting with growth
of best practices within their industry.
Data is seen as a valuable resource and management of it is seen as a strategic

investment. It has a dedicated lifecycle management that is carefully nurtured and cared
for as much by the people who use it as those who are responsible for maintaining it.
Processes are consistently reviewed and improved with qualitative and quantitative
benefits being proudly recognized by leadership. A culture of education, innovation, and
stewardship is observed and shared publicly through articles, white papers, and
presentations.
Security is well documented and understood and risk is easily identified and managed
via well documented and defined controls within each part of the business all rolling up
to the enterprise level.

Identity, Access Protection, and Management
Azure Active Directory
Microsoft Entra Identity Governance
Microsoft Entra Verified ID
Microsoft Entra Workload Identities
Azure Key Vault: Cryptographic Key and Secret Management
Security Information and Event Management (SIEM) & Extended Detection and
Response (XDR)
Microsoft Sentinel: Intelligent Security Analytics
Microsoft Defender for Cloud
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender for Vulnerability Management
Microsoft Defender Threat Intelligence
Cloud Security
Microsoft Defender for Cloud
Microsoft Defender for Cloud Security Posture Management
Microsoft Defender for DevOps
Microsoft Defender External Attack Surface Management
Azure Firewall
Azure Web App Firewall
Azure DDos Protection
GitHub Advanced Security
Endpoint Security
Microsoft 365 Defender for Endpoint
Microsoft 365 Defender for IoT
Microsoft 365 Defender Business
Microsoft 365 Defender for Vulnerability Management
Microsoft Intune: Device Management
Risk Management & Privacy
Microsoft Purview Insider Risk Management
Microsoft Purview Communication Compliance
Microsoft Purview eDiscovery
Microsoft Purview Compliance Manager
Microsoft Purview Audit
Microsoft Priva Risk Management
Microsoft Priva Subject Rights Request
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Azure API Manager: Hybrid, Multi-cloud API Management
Azure Key Vault: Cryptographic Key and Secret Management
Organizational Compliance Enforcement
Azure Policy
RDP/SSH Connectivity for VM to Azure
Azure Bastion
System Monitoring
Azure Monitor: Network, Applications, and Infrastructure Monitoring
Microsoft System Center: Deployment, Configuration Management, and
Monitoring
Intelligent Security Analytics
Azure Sentinel
Cross Platform Task Automation Solution
PowerShell
Resources
Maturity Model for Microsoft 365 - Introduction
Infrastructure and development security best practices
Microsoft Cloud Adoption Framework for Azure
Microsoft cloud security benchmark
Principal authors:
Simon Hudson, MVP
Sharon Weaver
Mark Williams
Maturity Model for Microsoft 365 –
People and Communities Competency
７ Note

The People and Communities competency is focused on ensuring people have the
information they need, can discover valuable conversations, ask questions, knowledge
share, and loop in experts. It also focuses on individual (and team) skills, profiles, and
insights into colleagues to enable effective teamwork and collective activities. It
encompasses communities of interest, organizational culture, and working within
common values.

For organizations to be effective they need to ensure that their staff can work together
effectively both as teams and individual contributors. People need to be able to interact
with each other effectively, understand skillsets, access expertise, and share interests
with the right audiences.
This competency is different from the Communication
competency, as it focuses on the interactions between people who are peers or at
similar level in the organization, but who might not normally work together in the same
department, business unit, or discipline.
Within Microsoft 365, this means multiple
individuals communicating across different channels (or as Microsoft sometimes calls
them “loops”) to target their messaging or requests to the right people, in the right
place, at the right time.
The solution for which channels to use can vary depending on
the size of your organization. For example, a small company of 6 might fulfill their need
for company-wide communication via an org-wide Team while this approach would be
disruptive to productivity in a company of 6,000 people actively using Teams to
collaborate on projects.

Model levels.
Level 100 - Initial

Organizations at level 100 have done little to actively support the concepts around
people and communities, relying on organic and traditional approaches. They may still
have printed phone directories. There are no expectations within the company that
personal profiles are completed or updated. Much of the important interaction between
employees occurs with in-person meetings, chat, or hallways and often with no clear
outcomes.
100 Culture
At this maturity level, many end users don’t know much about their colleagues and
are unclear on how they should engage with them or reach out for help with
projects and activities; this is also reflected in the amount of untargeted
communications.
Team building is based on personal knowledge and has little scope. Many staff feel
left out or under-utilized for their skillsets. Expertise in different locations is rarely
leveraged. Insights and support are often a matter of luck or chance.
There is little reinforcement of organizational culture and vision.
Limited internal communities inhibit supportive colleague relationships beyond
immediate co-workers.
Little has been done to actively support the concepts around people and
communities, relying on organic and traditional approaches.
Email distribution lists are the hub of community activity; the processes to update
information belong to IT, are essentially manual, undocumented, and lack formal
processes to manage their members.
100 Process
There is, at best, basic profile data. This is inconsistent across different systems
(e.g. Active Directory, Human Resources Information Systems, etc.).
Staff profiles, accessible to colleagues, are absent or largely unmaintained; there is
no expectation that profiles are completed and updated. Any that do exist are
likely to be limited to identifying who works in the organization and in which
department (with contact information). Hard copy staff directories may be in use.
Organization charts are created manually, inconsistently published, and frequently
out of date. They may also be shared via email to department members.
Because staff have no access to a reliable directory and may not know the best
communication mechanisms to use, colleagues are often overlooked or
uninformed. Long-term staff are frequently interrupted with requests for their
knowledge, even when others might have been able to assist.
People use “reply all”
despite the impact this has in colleagues’ inboxes. Employees are unable to easily
identify who-does-what in the organization, find subject matter experts, or
understand the reporting structure. Requests for expertise and questions are often
asked via email and then forwarded around the company until the correct subject
matter expert is identified; minimal shared insights are created.
There is no company guidance on where to have different types of conversations,
share interests, or seek advice and engagement from colleagues.
No process exists for discovering whether colleagues have particular skills, areas of
expertise, or common interests and values. Communities of interest are
serendipitous and do not take place digitally. They are effectively invisible to the
organization.
Personal contact, telephone, and email are the primary means of communication.
100 Impacts
There is little company guidance or recommendation on where to have different types

of conversations to be most effective. This leads to most people feeling that, while much
information is coming at them, little is what they need to know or actionable. No
processes or tools exist to discover whether colleagues have specific skills, areas of
expertise, or common interests and values. In project-based environments, it’s difficult
to find out who worked on past projects. Communities of interest are serendipitous and
do not take place digitally. Most conversations use email as the only communication
channel.
Systems may exist to support identifying who works in the organization and in which
department. Distribution lists are used to communicate with groups such as “All
Company” and each department. The processes to update information fall to IT, are
essentially manual and undocumented, and lack formal processes to manage their
members.
Level 200 - Managed
At this level, the focus tends to be on creating communication channels for the inner
loop. This represents groups of people working together on projects - the organizations
usual units of work. Each team may decide how to communicate internally, but there is
no enterprise-level guidance on which solution to use based on the project goal. There
may be pilots for capturing outer loop conversations (corporate communications, CEO
town halls, employee interest groups) in another communication channel.
200 Culture
The focus tends to be on creating communication within known groups of people
working on projects (the inner loop).
Community spaces may be piloted, though these are likely to be somewhat ad hoc
with little management, oversight, or intended purpose.
Use is encouraged in some teams, but not enforced.
200 Process
There are likely to be multiple directories, often managed at the department or

project level. These may be effective and maintained in some instances, but there
is little aggregation, standardization or control. Some of these may draw on
definitive sources, such as Active Directory, but without consistency. Centralized
directories and people cards may be piloted but have not replaced local versions.
Staff profile technology is available, which can capture skills and other information,
not just contact details.
Terminology is not standardized; quality and completion is variable.
It is possible to find people and skills across the organization, but this is neither
efficient nor assured.
Self-service distribution lists (Microsoft 365 Groups) may begin to be leveraged.
Policies and guidance on aspects of People and Communities exist, but this is not
tracked, lacks metrics and is not strongly advocated for within the management
process. Each team may decide how to act on the guidance based on the project
goal and their team preference.
200 Impacts
Staff productivity is reduced due to the time spent trying engage the right people in
activities, source knowledge and expertise. The attempts to provide technology to
support people, groups, and the company culture are compromised by poor data
quality, inconsistent approaches, and a lack of commitment at all levels. Staff and
management are equally frustrated by this but lack outlets for addressing the issue.
Avoidable mistakes are made due to the right people not being engaged.
Project and
other teams are slow to form.
Employees may begin to see the value in separating
communication into different channels where the communities are more focused on
specific tasks and topics. Email communication diminishes as inner loop and outer loop
conversations move to different and more targeted solutions. The way different
communities communicate still varies widely by functional area.
Level 300 - Defined

300 Culture
Commonality across teams starts to drive where communities are created and set
up. Microsoft Teams or Yammer Communities are created based on the type of
work people are doing rather than a one-size-fits-all approach.
Team communication channels are well defined and agreed upon as a standard
business process.
Community spaces connect a targeted set of users. The purpose and etiquette of
community spaces is defined.
300 Process
Processes may not be systemically or repeatedly used to the extent needed for
their users to become fully competent in which community they should share
information forming gaps in adoption and consistency.
People profiles have additional information populated for skills, expertise, and past
projects which can maintained by each individual.
People begin using search to identify subject matter experts in the organization
instead of emailing multiple people across the organization because they can find
better results with people profiles.
Processes exist to create and populate staff profiles in appropriate systems in
response to trigger events (new starter, role change, leaver). Compliance with
maintaining profiles is a matter for line management.
Staff have the ability to update elements of their profile and request updates to
other attributes.
Custom profile fields support subject matter expertise identification and other
attributes important to the organization.
Photos are updated from a central source.
Profile information is sometimes used as a data source and integrated within
systems and processes. It becomes possible to automate organization charts;
attempts are made to resolve the inconsistencies this reveals.
Local directories are in the process of being eliminated.
Staff know how to identify groups, distribution lists and other groupings for
communication and engagement.
300 Impacts
End users begin to see the ROI for completing their profiles as they can more easily
identify who-does-what across the organization. Working teams and employee interest
groups experience an increase in engagement and productivity as they connect in
communication channels specific to their goals. In order to solve problems in daily work,
employees frequently reach across organizational boundaries based on content
ownership, and subject matter expertise they recognize as useful.

400 Culture
A strategic view of all communication channels including email, Yammer
Communities, Teams (backed by Microsoft 365 Groups), distribution lists, and
security groups increases engagement in the respective communities. These
opportunities lead to serendipitous connections between people who might not
have previously collaborated.
Communities flourish under governance.
Communities and their members are easily discoverable through search. End users
begin following the groups and communities which match their interests, even if
not directly aligned with their work.
400 Process
There is an increased focus on self-service for end users to apply solutions and
technologies to their work so they can manage their own membership.
Manually maintained distribution lists are uncommon having been replaced by
dynamic distribution lists and groups, based upon employee characteristics for all
company communication, Microsoft 365 Groups for teamwork conversations, and
Yammer for company-wide and cultural communication.
Profile fields may integrate with Line of Business data.
Dynamic organization charts are available based on up-to-date data about each
employee.
Staff photos are updated across multiple systems and profiles from definitive,
managed source. Photography style is defined.
400 Impacts
Users rely on different communication channels to stay informed for their day-to-day
work as well as for special interest areas that contribute to company culture. They
understand and follow governance best practices to share knowledge in these separate
channels, with a high degree of trust in the platform getting their message to the right
people. Communication in separate communities is fluid and largely frictionless,
allowing easy access to inner loops and outer loops, when useful. Organization charts
are no longer manually created as end users use the dynamic organization chart in
people cards to identify company structure.

500 Culture
People are connected across the organization based on their skills, interests, and
work.
Innovative collaborations arise without formal structures.
Communities and conversations extend to external participants when it makes a
process more effective.
Employees are finding opportunities to innovate within the company spurred by
new connections.
500 Process
End users use people cards to find more than just organization structure and
expand the usage to seeing common documents to spur further collaboration.
Viva Insights / MyAnalytics helps inform end users on how they are spending their
time working with different people and empowering them to keep stronger
connections across the organization.
Users can maintain important profile data that writes back to Active Directory or
Human Resources Information Systems.
500 Impacts
At this level, business leaders and platform administrators implement continuous
improvements based on user activities and feedback. Users are proud of the
communities they have built and can show real ROI for increased engagement over the
way they previously communicated. Senior leadership is actively engaged across the
organization, walking the walk and talking the talk.
Scenarios
An employee interest group is forming and needs a place to share how to get
involved.
An employee needs to share a personnel change with the rest of the organization.
A project team has been setup to investigate a new product and needs a place to
work together, plan, and manage the project.
A new employee reaches out to the organization for help understanding a
technology the company uses.
A manager wants to recognize an employee or team for their hard work.
A marketing person is looking for success stories from the organization.
Cost & Benefit

Anecdotes can be incredibly important for demonstrating the benefit of investments in
expanding your People and Communities competency. It is powerful when a team says
they reached a goal faster or better by centralizing their communication and identifying
subject matter experts early that to be involved. A shift in company culture can be hard
to measure, though capturing the anecdotes for how people feel more involved,
informed, and engaged will demonstrate value. Stories about how an innovation
occurred or an insight was gained can be traced back to specific technology investments
and support.
Some examples of collaboration ROI include:
Reduced time to locate critical company updates

Increased engagement in company initiatives
Reduced time locating subject matter experts to help answer questions or
contribute to projects
Decreased stress as communication channels reflect urgency and topic
Innovation as new connections are made across outer loops
Conclusion
Improving your People and Communities maturity means rethinking your processes and
decentralizing communication from one channel to multiple areas which best support
the topics and tasks at hand. Embracing different levels of persistence and types of
interaction with communication in these channels supports end users’ ability to be more
focused and deeply engaged in conversation, achieving better results. Empowering your
end users to manage their own communities enables IT professionals to focus on a
higher strategic level and reduce friction with end users.
Resources
 Tip
recent updates.

Delve
MyAnalytics
Yammer
Microsoft Teams
SharePoint
Microsoft 365 Groups
Security Groups
Distribution lists
Microsoft Graph
Exchange
Related documents
Join and create a community in Yammer
Manage Dynamic Distribution Groups
Principles of Communication
Principal authors:

Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Elevating People and Communities
７ Note
Introduction
The People and Communities article provides an overview of People and Communities
concepts and then details each of the 5 People and Communities maturity levels from
Initial to Optimizing (100 through to 500). It adopts a broadly technology-agnostic
approach to the business characteristics of People and Communities, plus expected
benefits.
This article aims to specifically explore how organizations at any level could use the
Microsoft 365 suite (and associated technologies) to reach a higher maturity level.
How to move from Initial to Managed (level

100 to 200)
Organizations at level 100 have done little to actively support the concepts around
people and communities, relying on organic and traditional approaches. Much of the
important interaction between employees occurs with in-person meetings, chat, or
hallway encounters and often with no clear outcomes.
There is little company guidance or recommendation on where to have different types

of conversations to be most effective. No processes or tools exist to discover whether
colleagues have specific skills, areas of expertise, or common interests and values. Most
conversations use email as the only communication channel.
To advance to the 200 level, consider the following activities:

Communities (level 100 to 200)
Focus on known working groups, like project teams and departments, to begin
transitioning to Microsoft 365 Groups or Dynamic Distribution Groups (when file
management or additional collaboration outside of email is not needed). These working
groups are considered the "inner loop" which is a known set of people working
together. The members and output are clearly defined simplifying the choice of what-
to-use when.
A project team needs to communicate updates internally and collaborate on files. A

Microsoft 365 Group will provide a shared calendar, email distribution list, SharePoint
Team Site, and the potential to add a Microsoft Team for a robust meeting space with
persistent chat. Project communication should shift to SharePoint news, the associated
Microsoft 365 Group email distribution list, or Teams chats.
A department, depending on the size and company culture, may also benefit from a
Microsoft 365 Group. Large departments where all members are not actively
collaborating may be best served by a Dynamic Distribution Group as communication is
primarily one way and the smaller functions within the department are then
collaborating with Microsoft 365 Groups.
Begin to pilot open community spaces like Yammer or an org-wide Team. The "outer
loop" is focused on sharing information widely across an organization outside the
known working groups. There is not a known set of members as it can be fluid and
communication is often focused on surfacing new ideas, gathering feedback, knowledge
sharing, breaking down silos, and connecting the business with senior leaders. Focus on
moving company-wide communication that seeks to foster two-way communication to
Yammer or an org-wide Team (depending on company culture and size).
People (level 100 to 200)

Reach out to your SharePoint Champions, Microsoft 365 business owners, and internal
customer service functions (think Information Technology, Human Resources, Finance)
to begin completing their profiles in Delve with more detail in addition to any contact
information that may be populated from Active Directory or a synced Human Resource
Information System. Focus on adding project and skills information to support search
becoming a go-to place to identify people across the organization who provide internal
customer service support (like answering benefits questions or providing support with a
specific software), source knowledge and expertise.
How to move from Managed to Defined (level
200 to 300)
At the 200 level, the focus tends to be on creating communication channels for the inner
loop. This represents groups of people working together on projects - the organizations
usual units of work. Each team may decide how to communicate internally, but there is
no enterprise-level guidance on which solution to use based on the project goal. There
may be pilots for capturing outer loop conversations (corporate communications, CEO
town halls, employee interest groups) in another communication channel.

After piloting Microsoft 365 Groups (with associated Yammer community or Microsoft
Team) and Dynamic Distribution Groups, focus on creating guidelines and associated
training for what-to-use-when across the organization. The guidelines should consider
the company culture, company size, persistence of communication, intent of
communication, and audience.
For example:
A running group previously sent emails to the company-wide distribution list

managed by IT whenever they met for their weekly Thursday runs. The running
group is open for anyone in the company to join and is not directly related to
business objectives. This group should now transition to a Yammer community as
they are communicating to an unknown and open audience, their communication
is dynamic with a shorter lifespan, and there is no need to collaborate on files or
other outputs. A company may decide all employee resource groups belong in
Yammer.
A project team previously worked with IT to manage a distribution list for a set of
colleagues responsible for revamping the procurement process. This project team
has a known set of members who need to collaborate on files privately until the
new program is ready to be launched to the organization. This group should now
transition to a Microsoft 365 Group (potentially with a Microsoft Team) as their
audience is limited, their collaboration on documents is critical, and this content
may need additional retention given the impact to the organization's business
processes. After the project is completed, the new business process materials are
moved from this working space to the company intranet (likely a SharePoint
Communication Site) to support the larger audience consuming the new
information.
The most effective guidelines are simple and easy to consume supporting quick decision
making across the organization. They may be in the form of a simple one-page chart:
Audience Persistence Intent of Collaboration Solution

of Communication Needs
Message
All company Static One-way None SharePoint Communication

communication Site
informing the
business
All company Dynamic One-way None or SharePoint News (potentially

communication comments shared via email with a
informing the only Dynamic Distribution Group)
business
All Dynamic Two-way Chat Org-wide Team or Yammer

company, communication
small
All Dynamic Two-way Chat Yammer

company, communication
large
Project Dynamic All members Files, calendar, Microsoft 365 Group

Team collaborating email or chat (potentially with Microsoft
Team)
Department, Dynamic All members Files, calendar, Microsoft 365 Group

small collaborating email or chat (potentially with Microsoft
Team)
Department, Dynamic One-way None or SharePoint News (potentially

large communication comments shared via email with a
informing the only Dynamic Distribution Group)
business

Review the feedback from the pilot group using Delve and create guidelines for
the company on how to complete profiles and use search to locate expertise
across the company. Include specifics in your guidelines on how each field will be
used at your organization.
For example, if employees are completing the "projects" field, does this include
only active projects? What should be included in "skills"? If you are a small start-
up, it may be helpful for employees to identify all their skills even if it is not
relevant to their current position. Your start-up, with no corporate
communications department, may need video editing help and finding an
internal resource is the only option due to a limited project budget. If you are a
large organization, including skills not specific to employees' roles may cause
confusion on who-does-what.
These guidelines should be created in partnership with company leadership to

ensure alignment with company objectives and ensure their support
implementing the new process across all departments. Include any additional
enterprise solutions or business processes for identifying expertise. For example,
if there is an IT ticketing solution in place, include in the guidelines that this
search is not a replacement for submitting tickets for IT support.
Eliminate any alternate solutions previously used to surface expertise. Only

solutions identified as the enterprise solution should include this information.
Reducing shadow copies of data will ensure data is accurate, within any audit
scopes, and reduce confusion for employees transitioning to the new business
process.
Provide company-wide training on using search to identify expertise. If possible,

sharing this update at an all hands or Town Hall meeting will ensure this shift is
viewed as a change in business process across the organization.

(level 300 to 400)
At the 300 level, commonality across teams starts to drive where communities are
created and set up. Microsoft Teams or Yammer Communities are created based on the
type of work people are doing rather than a one-size-fits-all approach. Team
communication channels are well defined and agreed upon as a standard business
process.
People profiles have additional information populated for skills, expertise, and past
projects which can maintained independently. People begin using search to identify
subject matter experts in the organization instead of emailing multiple people across
the organization because they can find better results with people profiles.

The guidance for what-to-use-when was created in partnership with the business and
training was launched to align the business on the new community spaces for
collaboration. The focus can shift to creating opportunities for feedback, iterative
improvements, and strategic planning as the Microsoft 365 platform continues to
evolve.
Meet with your existing champions group or begin to form one in your
organization for each of the community platforms (Teams, Yammer, and
SharePoint). The champions are not necessarily only the top users of these
platforms. Including end users who push your governance boundaries, ask lots of
questions in training, open tickets for common issues, or who are in the project
queue for IT support can all add value to this group by offering diverse
perspectives. When forming the champions group, including a spectrum of
viewpoints, roles, and technical abilities will ensure you do not come to a false
consensus as a group for what works best for the entire organization.
Form a meeting and communication cadence with this group to share Microsoft
announcements, project initiatives, and to serve as an open door for feedback.
Staying closely aligned with the end users actively working in these systems will
ensure you understand how people are working in Microsoft 365 and what they
need to be productive. Your guidance will continue to evolve to meet their needs
and as Microsoft makes shifts in their offerings.
Continue training and showcase the efforts of end users utilizing self-service
opportunities. Share case studies of teams who created their own communities by
following the training and guidance. Include specifics around their starting point,
pain points that drove the change, and improvements while using new solutions to
communicate.
Highlighting the end results will support end users across the organization as they
separately work through change management for each new community they are
building. Sharing these stories also gives end users the opportunity to showcase
their efforts innovating their teams' communications. Elevating these case studies
to company-wide communication perpetuates the message across the
organization that shifting to multiple communication solutions for different types
of communities is an initiative that is critical to the company's success in
collaborating more effectively.

Now that end users have added their skills, expertise, and project data into their profiles,
it is important to focus on keeping this data up-to-date.
Align with the platform stakeholders to set a company-wide expectation on how

frequently end users need to review and update their information. When possible,
automate these reminders or use a third-party solution that can send reminders
based on the last edit date of these fields to ensure you are only requesting
updates from end users who are not compliant.
Review the Microsoft 365 search logs to identify most searched for terms and
abandoned search results. Understanding what people are looking for will help
guide which terms should be used in the profiles.

(level 400 to 500)
Organizations at the 400 level have a strategic view of all communication channels
including email, Yammer Communities, Teams (backed by Microsoft 365 Groups),
distribution lists, and security groups increasing engagement in the respective
communities. There is an increased focus on self-service for end users to apply solutions
and technologies to their work so they can manage their own membership.

Communities have been solidly formed for internal communication so the focus
shifts to including external participants when it makes a process more effective. As
understanding of the different communities and their permission structures have
increased, end users are more comfortable allowing external collaborators into
these spaces instead of maintaining a separate site focused on these interactions
(with many manual processes to support the content moving internally and
externally repeatedly).

End users have become comfortable searching for skills, expertise, and projects in
people profiles so training should be expanded to include guidance on how to use
Delve and MyAnalytics to be more productive.
For example:
When searching for a subject matter expert, explore the Delve profile of your
colleague to see documents you both have access to. This can help you better
understand where they sit in the organization, what they are actively working
on, and areas you might already overlap.
On your own Delve profile, explore the "discover documents from people
around you" section to get a better idea of the initiatives your colleagues are
working on. You will only see documents you have permission to though you
may spot some activities where you should be involved or that impact your
current projects. This is a great way to proactively explore what is happening
around you.
Use the "Favorites" board to create a place for all the helpful documents across
Microsoft 365 that help you work more effectively.
Spend time each week in MyAnalytics to get data-driven insights to help you be
more productive by seeing data on your work, network, and collaboration
habits.
Increasing awareness of your focus can reduce lost time due to distractions.
Being aware of your wellbeing can reduce stress and anxiety as you create
space to disconnect from work.
Keeping an eye on your network can ensure you are spending time with the
colleagues who need your attention the most.
Reviewing your collaboration data supports keeping your meeting time
focused on critical discussions and raises your awareness to which meetings
are unproductive as you are often multi-tasking in them.
Conclusion
Improving your People and Communities maturity means rethinking your processes and
decentralizing communication from one channel to multiple areas which best support
the topics and tasks at hand. Embracing different levels of persistence and types of
interaction with communication in these channels supports end users' ability to be more
focused and deeply engaged in conversation, achieving better results. Empowering your
end users to manage their own communities enables IT professionals to focus on a
higher strategic level and reduce friction with end users.
Resources
 Tip
recent updates.
Related documents
People and Communities Competency- Microsoft 365 Maturity Model
The Evolution of Company-Wide Email Communication to SharePoint News
Principles of Communication
Manage Dynamic Distribution Groups
Welcome to Microsoft Teams
Create and Share News on your SharePoint Sites
What is Yammer?
What is Delve?
MyAnalytics
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Search Competency
７ Note

People search for many reasons. Any effective search strategy and supporting
technology needs to reflect this and include a person-centric and organization-scoped
approach to helping people find the things they need. Great search is about discovery,
not the search experience itself, i.e., search is only as good as its results.
With modern organizations creating huge volumes of content and data every year, a
search experience where users can find what they want, when they want is essential.
A good search experience benefits the organization by reducing time to find knowledge
in the organization. This becomes particularly powerful when users do not need to know
where the content is stored. It helps reduce "re-inventing the wheel" and content
duplication because the originals could not be found.

Search is about enabling people to find the authoritative information within the
organization easily using a set of keywords or search terms, or based in their activities.
The results may come from the Microsoft 365 platform or other systems which have
been connected into the search process.
Model levels.
People search for many reasons:
They know something exists, but don't know where to find it

They know something exists, but don't know how to describe it
Search is the more efficient or rapid means of completing an activity
They need to find if information exists or what information exists
They need to find someone who can offer advice or skills
They want to see what the organization has or knows
The evolution of Search starts from the basic 'index card' concept, which tells you where
to find the document etc. you are looking for, epitomized by the Dewey Decimal system
found in libraries. As technology developed, it become possible to search limited
metadata (filename) in file repositories, then other attributes and eventually search
engines were able to index contents (Semantic analysis), file properties and
metadata/tags across multiple repositories. In parallel, the user experience of the search,
especially for creating the query and presenting results has improved from basic or
cluttered to strongly structured with previews and interaction points, plus post-search
filtering or refinement. In parallel, the technologies have become aware of security and
governance, reporting and feedback, content weighting and relevance (e.g. headings are
more important than text), context, relevancy and 'freshness' (more recent content is
likely to be more useful) and can deal with advanced content management
technologies.
Search provides two 'experiences' within Microsoft 365 – classic and modern - both of
which use the same Search Index.
Classic search, which is configured via the SharePoint Admin Centre and available
through SharePoint Online.
Modern search, which is also known as Microsoft Search.
Microsoft Search has evolved through the improvement of the search indexing and
categorization processes using Microsoft Graph, Artificial Intelligence, and Bing
algorithms to build results which are personalized for each user. This enables more
insightful results based on understanding of the context, where the search is performed
and importance of the content.
Today we are moving into AI driven search which understands the person and provides
very context specific results based on who they are, where they search from. This is
supplemented by AI driven interfaces, including voice and image search. We can expect
to see AI increasingly pervade search experiences combined with greatly enhanced
personalization based on a wide range of context types.
Search relies heavily on several other competencies including Collaboration and

Information Architecture which enables more mature search capabilities within the
organization.
Level 100 - Initial


Out of the box search experience, the quality of results varies wildly with users
often unable to find what they are looking without knowing the terms to search
for.
No formal process to curate search results or analyze search patterns.
End users are often unaware of search and have had no training.
The danger of search finding inappropriate content is not well understood.
Search often does not respect user privileges and access rights.
100 Technology
Search may be restricted to File System search and a few specific applications.
Default out of the box configuration is in place; often with very limited capabilities
(filename, title, date).
No customizations have been made to Microsoft Search.
Search indexes a small volume of organization content.
There is no customized search experience to support specific business
requirements.
No enhancements are made to the search experience to aid the user.
Configuration of authoritative data sources have not been configured to help
relevance ranking.
100 User Experience

The user experience is basic.
User's may not always find content that they want without knowing the right
search terms.
User confusion with the different ways of searching.
Search is scoped to the current application; there is no global search, the search
experience, presentation, and features vary widely according to the current
application. Many systems have no search capability at all.
Users use search as a last resort after asking someone browsing and other forms of
discovery.
Search requires users to know how to ask the right question, possibly with very
specific syntax, query structure and case sensitivity.
Users turn to search by default because the information architecture (navigation,

site topology, taxonomy, etc.) don't assist them to find relevant content.
100 Impact
Users rarely rely on search; accessing known documents in known places (which are
potentially superseded); they rely on browsing rather than search (failing to find the
correct document); asking colleagues (consuming their time and attention) or creating
new versions of content that already exists. Users frequently make copies of documents
so that they 'know' where they are.
Most users turn to external search engines to search for information that probably exists
in the organization.
In many instances Microsoft 365 usage is primarily focused on use of email. This content
is unstructured, has minimal and frequently inaccurate document metadata beyond the
filename and the content. User expectations are of a 'Google' search without context,
scope, or organizational awareness.
At this level, the organization is using the out of box search experience which gives
varied results and often leaves the user with difficulty finding the content that they are
looking for. The search corpus is small with only a fraction of the organization's content
being made searchable.
Users don't really trust search as they are unable to find the content that they are
looking for, they find duplicate or out of date material and are not assured what they
discover is authoritative. Worse, they may find the wrong content and consider it
authoritative.
Some individuals are key knowledge sources, impeding their work and/or becoming
'single points of failure'.
Productivity is compromised; compliance activities are weak; organizational and
colleague knowledge are poorly leveraged and there is a pervasive frustration at the
inability to find things.
Level 200 - Managed

Some search tools respect user access rights, but inconsistencies exist, and
inappropriate content may be surfaced.
Some effort is made to promote or identify current or authoritative versions, but
with limited consistency.
Filenames are used as a substitute for metadata.
There is no overall search governance and strategy plan.
Users are not encouraged to use Search instead of legacy approaches.
No role defined to administer and refine search experience.
200 Technology
There are some search-based point solutions which have enhanced configuration
to improve user experience.
Some custom specific organization search results have been configured.
Microsoft Search may be enabled within Bing for Business, however most users
bypass this and open other search engines.
There are efforts to standardize search interfaces from system to system, however
this tends to be limited to the presentation, not the format of the underlying
business logic.
Re-indexing is automated and typically occurs overnight. As such new content isn't
initially findable.
Different search syntax exists between applications.
200 User Experience
Users have basic awareness of search, do use it for some tasks and in some
systems, but rely on other methods of finding the majority of what they need.
Most users are unaware of advanced search features or even the availability of
search in some applications.
Results layouts are somewhat consistent but lack refinements and high value
content is not promoted to the top of the results. Result layout and features do
vary between applications.
Search tools do find content; however, this can be slow.
Some standardization is attempted for terms, metadata, naming conventions etc.
However, this is not enforced and does not apply to legacy content.
Users frequently cannot find the content they need and fall back to other methods
to confirm that they are using the correct document etc.
Some signposting is in place, i.e. there are visual or text devices to assist the user
to navigate to the correct content or location.
200 Impact
At this level, search usage is not ubiquitously or consistently present throughout the
organization but is more popular as employees see the benefits of being able to find
content. However, the search experience differs depending on where the search takes
place. There may have been the migration of file content from file servers into
SharePoint; it becomes possible to search across all content stored in platforms, such as
Microsoft 365.
There is an increase in usage of search in general, as users find out more about the
benefits of search within the organization. Users begin using search when they don't
know where a specific document or item is, however, differences between search
experiences confuses staff and they avoid using search in systems they are less familiar
with. Colleagues remain a primary source of information or signposting to where to
look. Lack of immediacy in search ensures duplicate creation remains commonplace,
especially across different teams.
Productivity and compliance remain compromised; and frustration at the inability to find
things persists.
Level 300 - Defined


User access rights are consistently applied, and processes exist to manage access.
300 Technology
Commonly searched keywords are configured with tailored results.
An enterprise search exists that is connected to other file repositories and line of
business applications to break down information silos and allow search across the
enterprise. (This could be hybrid, Salesforce etc.). This may not be consistently
available nor address all the needs of users, however.
Search is applied consistently across services.
'Search verticals', which provide scopes focused on specific topics, business
functions, file types and more are available, specific to the business and aim to
improve precision and findability for key business functions.
Search results are customized for key organization assets to improve findability
and discovery of useful assets.
Search is used in business applications to access large volumes of content quickly
and efficiently. This gives users access to information in a way that they have not
had before.
The business is using modern search web parts to enhance the user interface and
search experience.
People are understood as information assets. Skills and expertise are captured and
returned in response to search queries.
300 User Experience

Users are educated on search and how to make best use of it.
Search boxes are presented consistently and provide guidance.
Search results are consistently laid out and provide content summaries and
previews.
300 Impact
Search actively adds value to organizations, releasing staff time, improving compliance,
and creating confidence that correct versions of documents, etc. are in use. Staff can
locate some physical assets, skills.
At this level, Search becomes an asset to the organization. This has been recognized as
an enabler that develops more efficient and effective employees. The capabilities of
search are harnessed to improve the experience of businesses applications.

A role exists in the organization to manage enterprise search, to review keywords,
feedback and search metrics with a view to ensuring effectiveness.
Processes are in place to ensure staff maintain their profiles, including skills and
expertise.
Search is used to identify records and other artifacts that should be tagged.
Centrally managed thesauri and term sets are used across search scopes that
understand synonyms.
Search is be used to assist compliance processes such as subject access request

and, legal eDiscovery.
There are tools and processes to ensure staff maintain their profiles and update
content to improve findability.
400 Technology
Search usage is analyzed and used to improve search results.
Contextual search is embedded in line of business systems.
Most systems and workplace tools provide consistent access to the enterprise
search.
Information is stored in such a way as to enhance findability.
Search extends beyond files and information to locations, physical assets,
relationships and more.
Content discovery emerges as a business tool that exposes content to users who
might not have known about it, by displaying information related to the search
items.
Prospective search is used to display content without the need to enter a search
term, such as commonly viewed news, article documents; context drives the
relevancy of this.
Predictive search begins suggesting matches to search terms as the user enters the
search query.
Advanced queries can be created using a defined query language.
Frequency of content indexing is appropriate to the periodicity ("freshness") of
change of different repositories and business processes.
400 User Experience

Users are skilled at discovery of content, information, and skills across the
organization.
Search results provide previews across most content types; offer interaction (such
as email, save for later), and display useful information dependent on content.
Users can access search from most applications and elements of their digital
workspace, including mobile.
Common queries can be saved by users and notifications relating to new results
are possible.
Recommended content and common bookmarks to standard or 'best bet' results
are proactively published by the organization.
Users are frequently unaware that search is used to retrieve information within
their workspace.
External and public domain content is included in content activities, such as finding
appropriate images.
400 Impact
This level sees Search being managed throughout the organization. Processes are in
place to add new content, search verticals and search result layouts and Microsoft
Search configuration.
Search is a key business information tool that enables most processes. It is widely seen
as the most effective means of discovering, retrieving, and confirming business
information, for identifying skills and expertise across the business and integrating
knowledge from multiple systems. Most staff update profiles and participate in
appropriate tagging
Search results can be relied on; the current versions are reliably returned; inappropriate
or incorrect content is rare.

Search is part of everyday life for an employee at the organization. New innovative ways
of exposing content are investigated. Search metrics are used to analyze user behavior
and understand gaps in the information that is being returned.

The organization seeks to continually enhance all aspects of the search process
and experience; extending scopes, optimizing results and linking related
information based on continual feedback
Advanced analytics are used to understand search usage and this provides further
insights into activities across the company
Search is actively used to identify potential threats to information governance,
security and legal obligations.
Automated tagging and other metadata are in use
Context (staff profiles, locations etc.) is integrated with source processes such as
Joiners-Leavers, in order to maintain high quality of data
500 Technology
The search corpus is broadened with search being available across bespoke and
line of business systems.
The search corpus is used to enhance knowledge management tools such as
Project Cortex.
Opportunities to enhance search are looked for to ensure data is surfaced to
improve productivity based on effective analysis.
Effective search is ubiquitous and uniformly available across desktop, mobile and
other experiences.
External resources are included in the search scope.
Staff profile updates are monitored and automated to ensure accuracy and
completeness.
Search is used to discover and auto-tag content.
Users are highly skilled at finding information using tools and new staff are trained
in the tools for their role.
Automated classifiers are used to add tags to all content types, including image,
audio and video, in order to ensure it is discoverable.
SEO approaches are applied to content.
500 User Experience
Custom Search Results are created to augment key information in the search
results to support improved discovery and findability. These are monitored and a
process exists for updating search scopes, presentation, filters etc. as the business
needs evolve.
Search is ubiquitous; users can access search consistently from all applications and
locations within their digital workspace, including mobile and voice.
Users can proactively provide feedback on search results, to drive improvements.
AI is used to enhance search based on deeper knowledge of the user context and
business activity.
Search experiences are embedded in business processes and in many cases, users
aren't even aware that search is supporting their work.
500 Impact
Search technologies are considered critical business systems, carefully managed with
designed-in resilience. They are a key tool for ensuring compliance; it also unpins staff
and process effectiveness.
Staff are committed to the content processes that maintain search; at the same time
search is highly automated and 'invisible' delivering insights and finding knowledge
without user input. Search itself provides management key insights into the health,
activities, and productivity of the business.
Scenarios
A project manager looking for similar projects to the one that they are just about
to start and then needing to recruit an appropriately skilled team.
A salesperson searches for similar proposals to use when creating a new proposal.
A junior member of staff needing to find the company tax number.
Staff searching for internal and market news relating to an insight or innovation
they are considering. An engineer researching a solution to a manufacturing
failure, who needs to collate procedure, machine manuals, line SPC data and
actions alongside reports of similar events outside the company.
The legal team finds contracts which will expire soon and can work on renewals
where appropriate.
Cost & benefit

The following benefits can be achieved as the Search Competency increases in maturity:
Reduced user frustration when trying to find content they know is available.
Reduced time wastage finding information or the right person (commonly upwards
of 20 minutes per person per day at level 100
Increased innovation.
Increased awareness of useful information and knowledge. Improvement in
employee engagement.
Increased sharing of knowledge and best practice.
Decentralized management of content but with centralized consumption.
A modern Search experience is part of a modern digital workspace which can attract the
right workforce.
Benefits are found in sharing stories, knowledge and understanding but are difficult to
quantify and measure.

Classic vs Modern Microsoft Search
Building Custom Microsoft Search Connectors
Search bookmarks
Creating custom search results pages in SharePoint Online
Conclusion
Organizations that implement a successful Search strategy will see direct impacts to the
bottom line. Employees being able to "discover" information which leads to innovation
within the organization, reduced costs and time efficiencies can have a huge impact on
worker productivity. The cost benefit in users not duplicating work and finding
corporate knowledge are difficult to quantity but exist.
Search enhances the other competencies and is a great way to begin reaping rewards
from the Microsoft 365 platform.
Organizations should capture success stories to provide examples of the benefits to

ensure that this essential service gets the attention and resources that is required for it
to be a successful resource.
Common Microsoft 365 Search technologies

Microsoft Search (using Microsoft Graph)
Office search
Microsoft Search in Bing
SharePoint Modern Search
Modern Search Web Parts
Delve
Search Connectors
Bing
SharePoint Search
Classic/Enterprise Search
SQL Search
Business Data Services (BDS)
Cortana
Power BI Q&A
Managed Metadata/Term Stores
eDiscovery and audit (Compliance Centre)
Resources
 Tip
recent updates.
Principal authors:
Simon Doy
Simon Hudson, MVP

Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

Maturity Model for Microsoft 365 - Staff
& Training Competency
７ Note

Implementing new technology solutions requires enabling the business to use and
support them. Involving end users in development conversations and training them on
usage of the solutions ensures an organizational understanding of why and how these
solutions advance their own needs as well as the needs of the business. Structuring the
system support staff to take a consultative approach with the business through
repeatable business processes enables long-term collaboration to identify and focus on
the most impactful solutions for the business. Creating a steering committee ensures a
high-level strategic approach to developing solutions that can prioritize requests from
across the business to better align with company goals. This steering committee will also
be the primary audience for sharing success stories and knowledge to showcase the
returns on investment.

The Staff and Training competency focuses on who will be sustaining the system and
how they will engage the business and empower the end users to use the solutions. The
organization is focused on developing its people, processes, and therefore its
capabilities by implementing quality practices.
Note: In this article, we refer to IT as the
primarily responsible department for the solutions. In your organization this might be a
different group, so feel free to mentally substitute, as appropriate. Not all Microsoft 365
roll outs are IT-driven.

Model levels.
Level 100 - Initial

Organizations at the 100 level give more precedence to launching the solution than
focusing on why the solution is launched. Typically there is a bottom-line problem to be
solved (e.g. platform migration due to a merger) which takes top priority. User and
training needs have not been defined, evaluated, or documented. This leaves end users
to develop their own methods for working with the new solutions. As a result, they may
miss out on core benefits of the solution. We often refer to this level as the “Wild West
Adoption Model.”
100 User Experience
System is launched without training or guidance.

No information is available on who to reach out to for help or support with the
system.
100 Impacts
Due to a lack of training or assistance, end users begin using the system as they
interpret it should be used. This can create new change management challenges down
the road as the use cases and better practices need to be communicated against new
patterns of behavior. This is often a replication of old business processes in a new
environment (for example, using SharePoint for file storage only).
The solution was launched without consultation with the business for needs or
challenges they are facing so these new solutions are viewed as unnecessary or
redundant to existing applications. It can actually seem as though work gets harder, not
easier.
Short and long-term system support was not considered so no formal business
processes exist to support issues or requests. End users are left to problem solve with
internet searches or by sending emails around the organization seeking assistance.
Level 200 - Managed

At this level, the focus is on improving the break/fix (tier 1) support by documenting
processes and ensuring the support staff has repeatable solutions to common problems
in the organization. There is a business process in place for reaching out to the support
staff to receive help for issues though there is not a consistent resource for strategic
guidance.
As the system is growing in usage, some of the end users who are responsible for their
own content have received one-off training. Training is focused on power users using
the solutions and has not been launched to the entire organization yet. Some level of
departmental or functional expertise begins to develop, and people start to know who
the experts are to turn to.
200 User Experience

Support and build mainly done by individual or small group.
IT Help Desk is available for break/fix support only.
200 Process
Content owners from some functional areas are trained and using the system.
200 Impacts
The wait time for system support may be incredibly long due to limited support staff
and limited knowledge requiring longer periods of time to troubleshoot end user
problems. No support exists for a consultative approach to solve business problems
leaving end users to silo solution, often with competing products from a lack of
knowledge for what exists already at the organization.
Content owners may begin to share the message of positive impacts of the solution
across the organization, raising interest, as they are empowered to work independently
with the solution.
Level 300 - Defined

The organization is actively using the solution(s) with a training plan in place for all new
and existing employees. The training is focused on how to use the system specific to
interacting with the interface and accomplishing basic tasks. This training helps raise the
technical literacy of the organization as users begin consistently using the solution as
intended. The established training also reduces silo solutioning with unsupported
products, or misuse of the solution.
300 User Experience
An IT resource is knowledgeable on the system and available for strategic

guidance.
300 Process
An end-user training plan is in place.
Onboarding and off-boarding is addressed in the training plans.
Training is focused on interaction with specific systems.
Roles and responsibilities for support and training are clearly delineated and
funded.
300 Impacts
New hires use the system properly from the outset because they attend training focused
on how to interact with the new system as it has become commonly used across the
organization.
As comfort with the system increases, end users are interested in increasing their usage
of the system to solve other business problems.
An IT resource is available to have these discussions, though it is not enough staff to

support all needs so only high priority requests are taken into consideration at this time.

The training plan for Microsoft 365 and the related solutions is viewed as a suite of
training courses that better enable learning of the entire system and build off each other
to support the organization’s understanding of the platform capabilities as a whole. The
training is developed and lead by individual business process owners who may sit
outside the IT department. All training is also linked in a central repository, like Learning
Pathways or other Learning Management Systems, supporting a centralized approach to
the training plan and allowing easy access for end users to find all training related to
Microsoft 365.
Now that the IT support staff has expanded, there are opportunities for the business to
receive coaching, guidance, and innovation on their existing business processes in
partnership with the IT department. The IT support staff have begun to proactively share
updates and changes coming in the system to better involve business need in their
strategic decisions. This involvement with the business reflects increased understanding
in the platform and the organizational importance of developing business processes
with the available enterprise solutions.
400 Process
IT has more than one resource knowledgeable on the system.
Requests for new functionality are tracked and prioritized.
Communication strategy in place for sharing system changes and improvements.
Training viewed as a program, not just string of individual system training.
Positive outcomes are collected and measured to share with the organization and
cross-pollination in training.
Usage of the solutions becomes less IT-driven and more business encouraged due
to clear benefit demonstration in ongoing training.
400 Impacts
Once training is viewed as a program, this allows for strategic planning on how to
advance the technical literacy of the organization. The training is no longer focused on
which buttons to click within a system and instead focuses on changes in behavior or
business processes to work more efficiently. For example, a OneNote training would not
focus solely on making sections and pages. The training would include productivity tips
for how to use OneNote to increase efficiency in meeting note taking.
As technical literacy increases, so does the interest from employees outside of IT.
Content Owners are taking active roles working with their teams and the system to
gather feedback, share with IT, and collaborate on solutions. Training attendees who are
not content owners may begin to show a greater interest in the system and seek to be
more involved. There still may be some challenges in leadership supporting time spent
working with the system for non-IT roles.
Now that the entire company is actively using the system for common business
processes, there are regular updates shared with the entire company for changes and
improvements on a regular cadence. There is a process in place to receive feedback
from the organization which influences future enhancements and continuous
improvement. The system support staff has increased enabling the business to shift
support from reactionary to proactive and decreases wait times for help.

Business involvement in the Microsoft 365 platform and solutions has grown well
outside of the IT department. Senior leadership is actively involved in proactively
evaluating platform improvements and provides feedback on the strategic plan ensuring
it aligns with the company priorities. Senior leadership’s involvement and support
cascades down through the organization which formally supports embedding platform
roles and responsibilities into job descriptions of IT, content owners, citizen developers,
and power users. Expanding organizational involvement well past the IT department to
include senior leaders and a SharePoint Community of Practice invites new opportunities
to improve business processes, drive innovation, and seek opportunities where
advancing technology can be a competitive advantage.
The most common support scripts and training content are developed with Chatbot and
AI technology, allowing IT staff to focus on escalations, proactive initiatives, and
reducing the amount of time spent on break/fix. Support ticket analytics are reviewed
on a scheduled cadence to identify and prioritize closure of training gaps, minimizing
employee downtime, and increasing organizational productivity.
500 User Experience

Centers of Excellence or Communities of Practice exist around effective digital
workplace implementations and transformation opportunities.
Empowered user community (self-service governance in place).
500 Process
Dedicated system support includes strategic guidance, business analysis, training

staff, and help desk support from IT. System support also includes members
outside of IT, typically key stakeholders from other departments to inform strategy
and road map.
Training is integrated into the organization’s learning strategy.
500 Impacts
Clear business processes for system requests, feedback, break/fix help, and guidance
build confidence across the organization that this system is useful and will have a long
lifespan in the organization. This increased confidence leads to more transparent
conversations around needs and employees are more willing to invest time to fully
understand the system. Department leads and senior leadership understand the system
is solving large business problems aligned with company goals and are willing to invest
their time discussing the strategic road map.
System changes and improvements are first discussed within Centers of Excellence or
Communities of Practice which comprises of content owners, key stakeholders, and
other system owners. These groups provide feedback on a continual basis and are often
used for pilots before launching new solutions to the entire organization. Having these
communities enables IT to complete better user research, align system changes with
departmental-level goals, and receive more transparent feedback. If the business
explores self-service options, empowering end users to manage their own solutions
(with IT guidance) enables IT professionals to focus on a higher strategic level and
reduces friction with end users.
Training is viewed as an integral part of the learning road map and no longer only run
by members of IT; training isn’t just technical, it’s transformational, often using “what if”
scenarios. Content owners or Center of Excellence members offer training specific to
tasks and business processes, replacing generic system-based training that was
previously offered. Skill advancement is widely recognized and rewarded.
Scenarios
Human Resources content owner shifts recognition process to automated solution
within system after seeing increased engagement with a Communication Site for their
department.
A cross-functional leadership team discusses business process automation for action

item tracking as the organization struggles with bandwidth challenges across
departments.
Training is focused on productivity and capturing institutional knowledge in repeatable

ways to increase transparency across the business.
The IT team measures system capabilities against other enterprise applications to

provide business with clear guidance on what-to-use-when and where the system fits
into the enterprise portfolio.
Cost & Benefit
Socializing the system and its benefits across the organization will take considerable
time focused on education and change management. As the business understands the
value, it will become easier to identify use cases where shifting to the new solution
shortens time to complete a task. After the solution is implemented and staff is trained
on how to use it, the time spend to complete this task can be measured to show ROI for
the process improvements.
Anecdotes are still very valuable as some processes may not be possible to directly
measure or might be new given expanded capabilities. New processes will not have the
same opportunity to measure ROI so anecdotes of added value are critical to showcase
business enablement.
Conclusion
Launching a system without full support or training risks a lost investment in the
technology as employees use the system incorrectly or don’t take advantage of features
that could help them. When planning, ensure there is time and adequate resources to
engage the business early on in discussions around their needs and challenge areas.
Focus your solutions on existing issues.
Providing solutions to existing problems will generate higher interest across the
organization and justification for employees’ time spent learning how to use them.
Having a clear business process for feedback and transparency in the decision-making
process will build trust with the organization, supporting the time and effort they are
spending to understand the new systems. Developing these deep, trusted relationships
with the business changes the focus of the conversations from specific technical
requests to open dialogue around challenges or opportunities for innovation.
Resources
 Tip
recent updates.
Common Microsoft 365 Tool Sets

LinkedIn Learning
Microsoft Learn
Microsoft Learning Pathways
Microsoft Support
Modern Workplace Training
Related documents
The Microsoft 365 Maturity Model – Introduction
Identifying Your Microsoft 365 Champions
Empowering Your Microsoft 365 Champions
Principal author:

Simon Doy
Simon Hudson, MVP
Sadie Van Buren
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:
Elevating Staff and Training
７ Note
The Staff & Training Competency article provides an overview of Staff and Training
concepts and details each of the five Staff and Training maturity levels from Initial to
Optimizing (100 through to 500). It adopts a broadly technology-agnostic approach to
the business characteristics of Staff and Training plus expected benefits.
This article explores how organizations at any level could use the Microsoft 365 suite
(and associated technologies) to reach a higher maturity level.

100 to 200)
Organizations at the 100 level give more precedence to launching the solution than
focusing on why the solution is launched, as the primary focus is a bottom-line problem.
User and training needs are not defined, evaluated, or documented.
Staff (Level 100 to 200)

Work directly with a constituency to automate or support a well-understood
business process, ideally one which is widely used across the organization. By
building “in the open”, you’ll be bringing end users into the process of process
validation and technology development. This can become an important staff
awareness and training initiative.
Identify a business process to support break/fix issues. There should be a
consistent entry point for end users to submit issues with transparency of where it
is in the process to receive help. This business process should be widely socialized
and easily accessible from Microsoft 365, ensuring there is no barrier to issue
reporting. At this stage it is critical to support end user questions as you are
building trust that the new platforms are worth their time and efforts to
understand, especially if they were not involved in the implementation process.
Identify a primary resource to assist in build needs. This contact may be the same
as the break/fix support or an additional resource, depending on company size
and needs. This resource may be internal or external though they need a good
understanding of the company goals, challenges, and culture to align solutions to
the organization’s current needs.
Training (Level 100 to 200)

Socialize available training to the business. At this level, there may not be a
dedicated resource who can support live training so this training may be videos,
training decks, or content produced by Microsoft.

200 to 300)
At the 200 level, the focus is on improving the break/fix (tier 1) support by documenting
processes and ensuring the support staff has repeatable solutions to common problems
in the organization. At this point, there is a business process in place for reaching out to
the support staff to receive help for issues, though there is not a consistent resource for
strategic guidance. Training is focused on power users using the solutions and has not
been launched to the entire organization yet.

Meet with end users and leadership to gain a deep understanding of current
challenges in the organization to determine which tools can best support new
solutions. Focus the training content on the problem you are solving. For example,
a company struggling with transparency and action item tracking from meetings
may benefit from training on using OneNote in SharePoint team sites to track
meeting discussions and a plan in Planner to track deliverables.
Identify a resource (commonly IT) who will support strategic and consultative
guidance for Microsoft 365. Ensure this is part of their roles, responsibilities, and
goals with their manager’s support. Provide training if they need to increase their
understanding of the platform. Ensure this resource is following the Microsoft 365
road map enabling them to provide scalable solutions that will grow with
Microsoft’s direction of the platform.
Senior leadership support is critical at this stage so Microsoft 365 is treated like
other enterprise solution in the organization, as they will be the budgetary decision
makers. Begin meetings with senior leadership to better understand their goals,
drivers, and provide clear ways Microsoft 365 is supporting these initiatives.
Building these relationships now will support senior leadership’s ability to drive
prioritization of projects at the 400 level. Delaying these efforts will make it
incredibly challenging to show the value in their time spent in steering committee
meetings without their foundational understanding of how Microsoft 365 helps the
entire organization reach their goals faster.

Collaborate with the learning and development team, HR, or other department
responsible for onboarding and training to identify crucial role-based technical
skills new employees will need to succeed at the company. Identify the correct
timing when this training can be put into action immediately after to solidify
understanding of the platforms and have training sessions added to their formal
onboarding agenda. Too often incentives lag implementations in large
organizations. Ideally, your incentives change as you roll out new capabilities.

(Level 300 to 400)
At the 300 level, the organization is actively using the solution(s) with a training plan in
place for all new and existing employees. The training is focused on how to use the
system specific to interacting with the interface and accomplishing basic tasks.

If demand requires it, there is more than one resource available to support
Microsoft 365, allowing for more to be built than the high priority requests and
break/fix issues. This can often appear as one role focusing on strategic guidance,
change management in the organization, and alignment with senior leadership;
one role focused on the consultative support to identify needs and build solutions;
internal or external support for break/fix issues.
The Microsoft 365 support team provides visibility into the strategic plan to the
platform and frequently provides updates to the company around new features
and solutions. This communication aids the training programs as smaller features
are promoted without requiring additional time for all staff to attend an updated
training. Sharing the strategic plan with the organization also supports end users
understanding the capabilities coming to help drive their decisions on solutions.
For example, the learning team may not switch to Zoom for meetings due to their
need for breakout rooms as Teams added this feature to their road map.
The Microsoft 365 support team begins to gather feedback and positive outcomes.
These outcomes are then shared with the company to share results from past
projects, build confidence in how the platform helps the organization, and as use
cases to inspire future solutions in departments that may not be utilizing Microsoft
365 to its full potential.
All project requests are tracked and prioritized on an organizational level. This is
likely done in partnership with senior leadership to ensure consistent support
across the organization aligned with company goals. Senior leadership support
echoes the importance of the platform and visibility into project demand prepares
the team for conversations around resources when budget planning.

Business ownership has grown for the content within Microsoft 365 enabling non-
IT content owners and business process owners to begin incorporating Microsoft
365 training into their training programs. Microsoft 365 training is no longer
focused on each solution (like SharePoint, OneNote, or OneDrive) and instead
embedded into typical task-based training programs (like Human Resources
training on benefits offerings including instruction on how to request days off
through the intranet). These trainings are led by the subject matter experts or
business process owners for these areas.
Now that the technical literacy of the organization has increased to understand
what-to-use-when across the Microsoft 365 solutions, training is focused on
highlighting the integration between the solutions and how this can increase
productivity.
For example, Microsoft Teams can change the way teams collaborate by
supporting multiple people working on one document within the Teams desktop
application. Comments can be added to the Word document with @ mentions that
automatically add tasks to the team Planner. What formerly may have been a
Microsoft Teams training specific to functionality within the system is now a
training about working better together, with supporting technology and aligning
with company culture.

(Level 400 to 500)
At the 400 level, the training plan for Microsoft 365 and the related solutions is viewed
as a suite of training courses that better enable learning of the entire system and build
off each other to support the organization’s understanding of the platform capabilities
as a whole. The training is developed and lead by individual business process owners
who may sit outside the IT department.
Now that the IT support staff has expanded, there are opportunities for the business to
receive coaching, guidance, and innovation on their existing business processes in
partnership with the IT department. The IT support staff have begun to proactively share
updates and changes coming in the system to better involve business need in their
strategic decisions.

A dedicated system support has been built including strategic guidance, business
analysis, training staff, and help desk support from IT. This system support also
includes members outside of IT, typically key stakeholders from other departments
to inform strategy and road map. With this robust support in place, it is critical to
keep the focus on advancing solution offerings as new technology is released to
continue driving innovation forwards. The Microsoft 365 support team needs to
implement internal education opportunities for the entire staff to ensure
consistency in support from all levels.

Business process owners and the Microsoft 365 support team lead are included in
strategic meetings for the organization’s Learning and Development strategy as
subject matter experts to help align Microsoft 365 training and capabilities to
company initiatives and goals. Training programs continually evolve to support the
company’s primary focus(es) year after year.
For example, the Learning and Development team may be focused on supporting
the company goal to increase transparency in decision making. The Microsoft 365
support team and business process owners can highlight features such as
SharePoint news, news digests, and even the roll up of decision Lists across
different site collections as opportunities to increase transparency across the
organization.
Training has empowered the user community to a full understanding of what to

use when. Due to the increased technical literacy across the organization and clear
governance, self-service training is actively supported by senior leadership and
managers. Self-service opportunities are a critical talent management work stream,
further developing employees.
The self-service training creates Centers of Excellence or Communities of Practice.

This group of solution owners are consulted in the early stages of new digital
workplace implementations and often participate in early stages of testing. The
Centers of Excellence or Communities of Practice receive strategy and roadmap
updates before the rest of the organization to provide feedback on messages and
identify potential gap areas. This close partnership ensures the Microsoft 365
support team has a deep understanding of the day-to-day needs for different
function areas across the organization and invites deep involvement from across
the organization. This group also acts as champions of the solutions increasing the
effectiveness of change management.
Conclusion
As you navigate how to elevate Staff and Training from current state to desired state
keep in mind your company size, goals, and culture will heavily impact which level best
supports the organization. A smaller company may never reach the 400 level with senior
leadership support as the Microsoft 365 support team has the time to meet with all
functional leads and the authority to drive decision making aligned with company goals
and initiatives. Maturity levels should be elevated as the need dictates.
Maintaining a focus on training, at any level, enables employees to use the systems for
their best use cases and take full advantage of all features. When planning your training,
ensure there is time and adequate resources to engage the business early on in
discussions around their needs and challenge areas. Focus your solutions on existing
issues.
Overall, providing solutions to existing problems will generate higher interest across the
organization and justification for employees’ time spent learning how to use them.
Having a clear business process for feedback and transparency in the decision-making
process will build trust with the organization, supporting the time and effort they are
spending to understand the new systems. Developing these deep, trusted relationships
with the business changes the focus of the conversations from specific technical
requests to open dialogue around challenges or opportunities for innovation.
Resources
 Tip
recent updates.
Related documents
Maturity Model for Microsoft 365 – Introduction
Maturity Model for Microsoft 365 – Staff & Training Competency
part of it.
Core team:

Sharon Weaver
Simon Hudson, MVP
Simon Doy
Emeritus:

What are Maturity Model for Microsoft
365 Practical Scenarios?
７ Note
As the Maturity Model for Microsoft 365 has become more well-known, people have
found uses for it in many different contexts. In this set of articles, we're gathering
examples of the application of the Maturity Model applied to specific content areas or
to solve specific problems.
As with all aspects of the Maturity Model, we'd love to get your examples and feedback,
so if you've found an interesting use and would like to write it up, please do!
Learn how to be a Community Contributor

An Introduction to Microsoft 365 Community Docs

Maturity Model for Microsoft 365 and
Teams Development
７ Note
Working as a developer on Microsoft Teams solutions you might not have heard about
the Microsoft 365 Maturity Model. Yet it is a great resource to get familiar with! The
model is based on the Capability Maturity Model and with some imagination you can
apply the same logic for the building blocks of Microsoft Teams.
Microsoft Teams Development

The Microsoft Teams platform provides different development opportunities:
Tabs: Teams-aware webpages (did anyone say iframes?)

Bots: chatbot that can interact with you through natural language.
Message extensions: interact with your solution when writing a message in
Microsoft Teams
Meeting extensions: apps that are part of the meeting experience
Personal apps: a dedicated tab
Webhooks & Connectors: communication options for external apps
Microsoft Graph: work and interact with the Microsoft Teams data in any other
solution
Adaptive cards: organize information and provide users with interaction options
without leaving their chat experience.
Task modules: Modal pop-up experience in the Microsoft Teams Client
Some of those different scenario’s have a different developer experience and might
require different components in Azure as well. If you are new to Microsoft Teams
Development a great place to start is the getting started overview. If you have been
building Teams solutions you might recognize some of the options. If you are new to
the game be aware that a Teams solution can consists of several different opportunities
and you can combine multiple components into a single solution.
Teams Development sample
Considering a straight forward solution presenting information in Microsoft Teams with
a tab. If you are already using SharePoint you can expose this information with minimal
code. The advantage of this scenario is that you can walk through all App package
components without having to write Microsoft Teams specific code. And there are a few
great SharePoint samples out there so things look good straight away.
You can find a detailed blog with all steps to achieve this by Bob German -Building
Microsoft Teams apps with SharePoint Pages – Part 1, Get Started
Or you can use Power Automate to send messages, including adaptive cards and build
more complex processes. With a flow you can both send these adaptive cards and add
additional business logic. A loved building a Reading Reminders solution and demo
with that approach, combining both adaptive cards to gather user input and Power
Automate to respond. A great way to quiz myself on books I have read and hopefully
still can remember.
Adaptive cards can also be used in Teams itself and send from custom applications. It
does require some additional configuration and some code, but you will have more
control over the experience. I wrote a sample to recognize active team members with
the CLI for Microsoft 365 that you can run anywhere. But you can obviously
implement any other scenario that requires you to notify a user or team.
Using the Maturity Model

But while building all these solutions it got me thinking about the different options.
Each option has its pros and cons and a whole bunch of technical requirements. But
when focussing on those you might lose track of the business side of things. Building
any solution starts with a business case and that is most likely dependant on the
maturity of the organization. So typically when designing any Microsoft 365 solution I
love the Maturity Model for Microsoft 365. They describe in detail how to design tools
for different competencies within your organization. With that in mind it struck me that
one could use a similar approach for designing and building for Microsoft Teams. While
Microsoft Teams is being part of both Collaboration and Communication competencies
the Microsoft Teams solution can be a bit of a weird duck. However conceptually
speaking each component you develop requires a certain level of maturity in your
organization. Showing a tab requires less IT experience from a typical end user
compared to a chatbot they can interact with. With that fact we took the idea of
different maturity levels and plotted the capabilities for Teams Development on those
maturity levels.
Now I am the first to admit it is not an exact science: some companies might require you
to shuffle some of the capabilities to another maturity level. Yet it is a great image to
discuss development opportunities in Microsoft Teams. We use it just to start
discussions to make sure what we are building is the correct way. If your users are not
using the Teams chat experience and are spending their day in Outlook it might not be
the best investment to build a solution that leverages a message extension. On the
other hand that same message extension could potentially bring new users to Teams.
Our main goal of discussing these types of topics is to better understand where an
organization lives and how the technical solution fits best.
Principal author: Albert-Jan Schot

Site Builder/Owner: New Site Checklist
７ Note
The purpose of this guide is to help document the initial setup of a site and provide
resources for next steps and ongoing support.
Checklist
[ ] Site build
[ ] Site information
[ ] Site Ownership
[ ] Site permissions
[ ] Site features
[ ] Document libraries
[ ] Lists
[ ] Apps
[ ] Site owner training
[ ] Site user training
[ ] Site support
[ ] Next steps
Site build
Site information
Title:
URL:
Type (Communication/Team):
Group enabled (Yes/No):
Teams enabled (Yes/No):
Description:
Hub site (Yes/No):
Joined to Hub site (Yes/No):
HUB site name:
Site Ownership
Content Owner 1:
Content Owner 2:
Technical Owner:
Site permissions
Role Permission level Users
Owners Full control
Members Edit
Visitors Read
New entry Permission level Users
Custom permission levels
Name Description
New entry Description
Custom Groups
Name Description
Site access request settings

Members allowed to share the site, files and folders (Yes/No):
Members allowed to invite others to site members group (Yes/No):
Allow access requests (Yes/No):
Requests to site owners (Yes/No):
Requests to user (Yes/No):
User E-mail address:
Site features
Name Status (Enabled/Disabled)
New entry Enabled/Disabled
Site closure and deletion settings

Site policy applied (Yes/No):
Site policy name (with description):
Document Libraries
Name Description Retention label Sensitivity label Content Power Automate

applied applied Types used flow used
New Description Retention label Sensitivity label Content type Workflow name
entry name name name trigger
Lists
Name Description Content Types used Power Automate flow used
New entry Description Content type name Workflow name trigger
Apps
Name Description
Site owner training
Custom training resources
Name URL
Name URL
Microsoft training resources
Name URL
SharePoint Online https://support.office.com/article/sharepoint-online-video-training-

video training cb8ef501-84db-4427-ac77-ec2009fb8e23
Name URL
Site user training
Custom training resources
Name URL
Name URL
Microsoft training resources
Name URL
SharePoint Online https://support.office.com/article/sharepoint-online-video-training-

video training cb8ef501-84db-4427-ac77-ec2009fb8e23
Name URL
Site support
Name Description
Next steps
Name Description
Principal author: Norm Young

Versioning in SharePoint
７ Note
Basic Idea
Document collaboration, co-authoring, and List updates with human beings is much
better with Versioning enabled. People make mistakes, and Versioning provides the
safety net.
Emotionally, it reinforces the idea that SharePoint is a good place to store your work
product.
SharePoint Lists items (data) and Library documents (files) have the ability to store, track,
and restore the previous state of the item or document to how it was before a user
changed it.
Versioning creates a historical record of all changes, with the date/time and indication of
the user who made the change, on a per-file/list item basis. The end user can view,
delete, and restore a version if they have the correct permissions in the library or list.
To do this… I need this permission…
View version history Full Control, Contribute, Read
Restore a previous version Full Control, Contribute
Delete a version Full Control, Contribute
Un-publish a version Full Control, Contribute
Recover deleted a deleted version Full control and/or Contribute
Enabling Versioning
In SharePoint Online or On-Premises, versioning is enabled in the List Settings or Library
Settings screens by clicking on the 'Versioning settings' link. An interface is provided to
let you control how many versions you'd like to retain. The user must have the Manage
Lists permission capability to enable versioning.
Disabling Versioning
If you can Enable versioning, you can Disable versioning. Disabling versioning doesn't
delete the old versions. End users receive no notification of this change.
７ Note
A Cautionary Tale: As site owner, if you disable Versioning and don't tell your end
users, they'll notify you. In person.
Note: Since No Versioning is removed from SharePoint Online，it can be enabled or

disabled through PowerShell, SharePoint Designer, or by a developer using CSOM.
Accessing Previous Versions

In SharePoint Online, select the list item or document, and in the Actions menu, select
Version History. You can also see a link to the version history in the details pane.
In SharePoint on-premises (2010, 2013, 2016, 2019) you can view version history by
clicking on the link in the ribbon menu.
In both products, Version History opens in a modal dialog box, with options to View,
Restore, or Delete the entry. If any SharePoint Metadata columns were changed, that
column and its new value will be displayed.
SharePoint Online vs SharePoint On-Premises

Historically, versioning is not enabled by default at the creation of a list or library.
Recently, SharePoint Online has started enabling it by default in libraries when they're
created.
What Online On-Premises
Lists Enabled at creation (and set to 50 versions) Not enabled at creation
Libraries Enabled at creation (and set to 500 versions) Not enabled at creation
７ Note
A Cautionary Tale:
As Site Owner, you're responsible for not exceeding your
allotted space limit. 500 versions of an Excel file won't cause any trouble. A 500-
version library with hundreds of 300MB PDF documents might push the site over
the limit and prevent users from working in the site. Watch your Storage Metrics on
storage libraries.
Major Versus Minor Versions

Libraries can have both Major versions, which are represented with whole numbers
(12.0), and Minor versions, which are represented with decimal numbers (12.3). If your
library is configured to use Check In/Check Out, each change performed by a user with a
checked-out document will create a minor version.
Lists usually only have Major versions.
７ Note
All versions count against your SharePoint storage usage, as do files in the recycle
bins and files preserved due to retention policies. In calculating the SharePoint
storage usage, the full file size of each version counts towards the total usage. For
example, if only metadata changes were made to a 10 MB file with no change to its
file size, the total storage usage will be 10 MB (original version) + 10 MB (updated
version) = 20 MB.
Best Practices and Versioning Trivia

The Version column in SharePoint Views is sometimes not a number column. If you
sort it, version 12 shows up in between version 1 and 2.
It is a best practice to enable Versioning in a list at creation and not set a limit of
major versions. It takes up very little space, and your end users will thank you for it.
In an average SharePoint On-Premises farm, setting document library versions up
to 10 major and 10 minor has, in practice, been enough for any group that can't
define how many versions they need.
A deleted and then restored file/list item maintains its old versions.
In a list with versioning enabled, attachment changes are not versioned.
Limiting the number of versions is generally a good practice. It means you can
conserve space on the server and reduce clutter for users. But, if your organization
is required to save all versions for legal or other reasons, don’t apply any limits.
As best practice PST files should not be uploaded on OneDrive for Business and
SharePoint Online team site document libraries due to the impact on storage. If
PST files are uploaded the service will retain versions for 30 days.
Versioning with autosave and co-authoring

By default, SharePoint saves a version of a document every time a user clicks the "Save"
button. However, if autosave is turned on, SharePoint will automatically save a version of
the document every few minutes.
When co-authoring is enabled in SharePoint, multiple users can work on the same
document simultaneously. Each user's changes are tracked and saved as a new version.
When a user saves changes to a document that is being co-authored, SharePoint will
save a new version of the document that includes all of the changes made by all co-
authors.
It's important to note that co-authoring can have an impact on versioning in SharePoint.
If multiple users are working on the same document at the same time, it can be difficult
to keep track of who made which changes and when. SharePoint does its best to track
changes and create new versions as needed, but it's still important for users to
communicate and coordinate when co-authoring to ensure that changes are properly
tracked and versioned.
Further Reading
Microsoft: Planning Versioning, Content Approval & How does versioning work in a
SharePoint list or library
Blog: SharePoint Maven on Versioning
Blog: ShareGate: SharePoint Version Control to the Rescue
Principal author: Patrick M Doran

Planning Permissions with Group-based
SharePoint Sites... when you're used to
Regular SharePoint Permissions
７ Note
Basic Idea
When you're a Site Owner of a SharePoint Site Collection, you should ask yourself - Is
this SharePoint site collection associated with a modern Office 365 Group?
If it is associated with a Group, the permission model you're used to is going to be

different. You can easily confuse users and expose content in a way they don't want to if
you try and apply and manipulate traditional SharePoint permissions in a Group site.
A Cautionary Tale:
As Site Owner, you may want to discourage other Owners of the
Group Site not to use the traditional Designer/Contributor/Reader SharePoint Levels.
This can lead to a support nightmare.
The Story So Far

As a SharePoint Site Owner, you should already be familiar with these permissions
concepts:
SharePoint Permission Levels

Creating and Editing Levels
Customizing SharePoint Permissions
This has been the model for On-Premises SharePoint Site Collections for some time.
Where things are different with Office 365

Group-generated SharePoint Sites
It's hard not to spawn a SharePoint Site Collection when using the new Modern Office
365 tools like Teams, Planner, and Outlook. Make a new Team, and you get a Site
Collection. Membership, by default, is synced across these tools.
Here's the breakdown
Traditional SharePoint Site Spawned from O365 Shared with Teams, Planner,
Site Group Outlook, etc
Owners Owners No
Members Members Yes
Designers n/a No
Contributors n/a No
Visitors n/a No
Custom level n/a No
It is still possible to create a Modern SharePoint Site that isn't part of a group, and in
that case you get the usual permission levels.
Best Practices
If you're adding users to a traditional SharePoint site, add them using the Gear
Icon and Site Permissions link.
If you're adding users to a Group-spawned SharePoint Site Collection - who need
to participate in Teams, Planner, Outlook - add them with the Members link in the
SharePoint Group Site, or add them in Teams, Planner, or Outlook.
Don't add them in both places.
Remember: In an Office 365 Group, a Member added to the associated Team,
Planner, or Outlook instance is a Member in the SharePoint site. The benefits of
tool integration only works if your access is the same across the suite
A Visitor really isn't a thing with a Group-spawned SharePoint Site - unless you
add them into the SharePoint-generated 'Visitor' group via the Site Permissions
link.
A Member in a Group-spawned Site SharePoint has considerable power. That
mission critical document library with beautifully crafted Views and Workflow?
Someone adding Planner Tasks can easily delete this library.
Terminology
Product names overlap a little, so here are some stories describing common scenarios:
My team needed to collaborate, so I signed into Teams and made a Team. That also
generated a Group SharePoint site, and a Planner Board! When I add a user to the Team,
they have access all over.
I had to add some read-only users to my legacy SharePoint Online Site. I went to Site
Permissions and added them to the existing Azure Active Directory Visitors Group. I didn't
see a link that said 'Members' on the screen.
My boss told me to own our group's Planner board, so my IT department made me an

Owner of this Office 365 Group! I can now add users to a SharePoint Group Site! And
delete Planner Boards.
Further Reading
Groups in Microsoft 365 and Azure, and Which is Right for You
SharePoint Maven on O365 Groups vs SP Site 'Groups'
SharePoint Maven on Connecting a SP Site to an O365 Group
Principal author: Patrick M Doran

Importing data into SharePoint
７ Note
This guide will help users understand the various options available to import files and
data into SharePoint. We cover several different approaches:
Method Type of User
Document Libraries – Drag and drop files and folders End user
Document Libraries – Upload files and folders Power user
Document Libraries – Copy to and Move to Power user
Lists – Export Spreadsheet to SharePoint Power user
Lists – Import Spreadsheet to SharePoint Power user
Document Libraries – SharePoint Migration Tool Power user
Document Libraries – Sync Power user
Document Libraries – Drag and drop files and

folders (User)
SharePoint document libraries support the drag and drop of files and folders from
computer to site. With the target site and document library open:
Select the source files / folders.
Drag to the site and release.

The upload status can be monitored using the “Show progress” button on the
document library menu.
The “Show progress” button will notify you of any errors and when possible
provide an intervention.
Example error image shown below:
Document Libraries – Upload files and folders

(User)
Like the drag and drop of files and folders, SharePoint document libraries also support
the direct uploading files and folders. With the target site and document library open:
Click “Upload” and select “Files” or “Folder”.

The “Files” option does not allow the uploading of folders. Similarly, the “Folder” option
does not allow files.
Select the source files / folders and click “Open”.
Document Libraries – Copy to and Move to
(Power user)
SharePoint document libraries support the copying and moving of files / folders to new
locations. New locations can include a different folder, document library or site,
including OneDrive for Business.
The “Copy to” feature will copy the files / folders to the new location while leaving the
source files / folders unchanged. With the target site and document library open:
Select the source files / folders and click “Copy to”.
Select the target location (i.e. “Your OneDrive”).

Click “Copy here” to complete the file / folder copy.
The “Move to” feature will copy the files / folders to the new location and will move the
source files / folders to the site “Recycle bin”. With the target site and document library
open:
Select the source files / folders and click “Move to”.
Select the target location (i.e. “Planning” document library).

Click the target site (i.e. “Human Resources” site) and then click the target
document library (i.e. “Planning”).
Click “Move here” to complete the file / folder move.

The “Show progress” button can also be used to view the progress of a copy or
upload operation.
Lists – Export Spreadsheet to SharePoint

(Power user)
Microsoft Excel supports the exporting of “Tables” from spreadsheets to new SharePoint
lists. With the source spreadsheet open:
Click “Table Design”.
Click “Export” and select “Export Table to SharePoint List…”.

Enter the target “Address”; provide a list name and click “Next”.
Review the list design and click “Finish”.

Click the URL to view the new SharePoint list. Click “OK” to exit the export wizard.
Example exported list shown below:
Lists – Import Spreadsheet to SharePoint

(Power user)
SharePoint supports the importing of “Tables” from spreadsheets to new SharePoint lists.
From "Site contents":
Click “New” and click "List".
Click “From Excel”; provide a list name; upload a new spreadsheet or select an
existing one and click "Next"
Select the target "Table" from the spreadsheet; set the column types ("Single line
of text", "Multiple lines of text", "Choice", "Title" or "Do not import") and click
"Create"
Example imported list shown below:
Document Libraries – SharePoint Migration

Tool (Power user)
The SharePoint Migration Tool (SPMT) can be used to import files into SharePoint. SPMT
is especially useful when migrating a large volume of documents from a file share.
Detailed information about SPMT can be found on the Download and install the
SharePoint Migration Tool page.
From your SPMT computer:

Open the “SharePoint Migration Tool”.
Click “Start your first migration”.
Click "File Share".
Click “Choose folder”.
Select the source file share and click “OK”.
Click “Choose folder” to select a specific sub-folder or click “Next” to continue.
Enter the destination site URL and document library. Click “Next”.
Name your migration if desired or click “Next” to continue.
Update SPMT settings if required or click “Migrate” to continue. Detailed

information on SPMT settings can be on the SharePoint Migration Tool Settings
page.
Click “Save” to store the migration or click “No thanks” to continue.
The summary screen will provide migration details and reports.
Document Libraries – Sync (Power user)

SharePoint document libraries support the syncing of files between computer and site
using Microsoft OneDrive. The OneDrive sync app is especially useful when migrating a
large volume of documents from computer to SharePoint document library.
Detailed
information about OneDrive can be found on the Sync SharePoint files with the new
OneDrive sync app page.
With the target site and document library open:
Click “Sync”.
Click “Open” to the “Getting ready to sync...” prompt.
Confirm you login account name and click “Sign in”.
Click “Next”.
Click through the “Welcome to OneDrive” screen and then click “Open my
OneDrive folder”.
Using Windows Explorer, open the source documents folder:
Select the source files / folders.
Drag to the destination sync document library and release.

Source folder and target document library will become synchronized.
See the OneDrive sync app in the system tray to view progress and any sync
messages.

SharePoint Naming Guidelines
７ Note
This article describes some useful guidance in naming artifacts such as sites, lists,
columns and content types; this helps to avoid issues later with either technical limits,
adoption and best practice.
The article uses an example: an HR department requiring a SharePoint site with a set of
libraries and metadata; from this, a set of examples uses this scenario.
Basics
Avoid highly generalized words

When naming artifacts, it is most helpful to be descriptive to the content that the
artefact that is referring to on creation - this help users know what the site is for, what
data they are expecting to populate, for example, avoid terms that are too generalized
like "stuff", "other", "information". These words don't mean anything to the user because
it lacks specific meaning and invites users to overuse or place unexpected content into
the artefact.
Use descriptions
For artifacts, there is the option to include a description; this can provide the users with
more information about the location they are storing data and the type of data you
require them to complete.
It might sound obvious, but this not often done, if the type of metadata isn't
immediately apparent what kinds of information that might be stored, then these
provide guidance to aid users to understand what this is for and what you expect them
to complete - if possible provide an example.
Column naming
Creating a column sets the following:
Display name - when you enter a name, this is your input.

Internal name - system reference to the column
Multilingual alternatives for your display names.
Display Names
Display names are the visual name that users see when working with list items or
documents via forms and views. When working with these columns, on top of the basic
recommendations list above, consider the following:
Be clear on what this column represents; you know what you want to capture as
metadata, the user of the item may not.
If you use abbreviations, expand the meaning in the description to ensure the user
understands the data
If the title refers to the data type of the information, ensure the column data type
reflects this, e.g. Number of Widgets, the data type is number not string.
Internal Names
In SharePoint columns, typically have multiple representations of their name, typically
the Display Name and the Internal Name are the most commonly used.
Internal names are set once at the point of creation; you cannot change them later.
Additionally, Internal names encode special characters in your display name including
spaces not in the same way as URLs, they use a combination of underscores and x0
numbers to represent the character, for example:
e.g _x0020_ for " " or _x003a_ for ":"
For example, "HR Department" would encode to "HR_x0020_Department". While this

isn't necessarily essential for the end-user to know, it is essential to bear in mind when
working with CAML or making API calls, as most often these are used to reference fields.
You can easily find out the internal name by editing an existing column and viewing the
last parameter for the URL, e.g. &Field=the_x0020_quick_x0020_brown_x0020_fox...
In classic interfaces, I often create the column without spaces and special characters to
avoid the encoding, then rename to a friendly format. On creating lookup fields, there
are some unavoidable encoding for the colon and spaces between the field
Modern interfaces remove spaces when users with edit permissions add columns to lists
or libraries.
Internal names are limited to a specific length up to 255 Characters in SharePoint

Online.
Multilingual Display Names

Multilingual display names are stored as title resources within the field. Under the hood,
this sets the title resource for the current language in which you created this column,
e.g. Payroll ID.
If you change your language preference by using the user profile service, to specify your
preferred language and then rename the column, this sets this for that language. For
example, in English Payroll ID becomes "ID y gyflogres" in Welsh, or "ID de paie" in
French. Note: Bing Translator for illustration.
List and Library Naming
With naming lists or libraries in the modern interface, be aware of the titles you are
giving the libraries, for example, in the screenshot below, I have created a library called
"Finance, HR, combined strategic team collaboration area", there are a few factors to
consider:
The URL gets encoded to:

"Finance%20HR%20combined%20strategic%20team%20collaboration%20a"
Without the encoding:"/sites/Team/Finance HR combined strategic team
collaboration a/Forms/AllItems.aspx"
There is a maximum length for the URL part of the library to be: 62 characters
*https://test.sharepoint.com/sites/Tean/Finance%20HR%20combined%20strategic%20team%
20collaboration%20a/Forms/AllItems.aspx*
When naming your libraries, points to consider:
Using short names or setting titles with characters and spaces in mind: finance-hr-
combined-strategic-team-collaboration-area
Remove any unnecessary or noise words such as area, team, combined; this keeps
the URL shorter: finance-hr-strategic-collaboration
Once created, you can rename the title to be in the originally descriptive manner
with a clean URL.
URL length is a premium, your tenant organization name, site URL, library URL all
lower the amount of URL space remaining for folders and document titles.
Principal author: Paul Bullock

７ Note
Share what?
Yes... We hear that often. So first, let's have a quick introduction. SharePoint is a
platform. A product. You collaborate and share information across the organization,
quickly and securely. You reduce email traffic, and always have the latest version of a
document or file. You can even have a beautiful Intranet!
There are of course, many features available in SharePoint, and that's probably what
makes it 'complex'. It's a complex product, no denying. But so are many other platforms,
products, software, when we don't spend a minimum amount of time learning them. 😉
In this article, we'll have a look at why having a good understanding of SharePoint is
essential for user adoption as well as for the company, how to get you started, and also
briefly touch on the different roles and responsibilities from a SharePoint perspective.
This article is highly focused on SharePoint Online, but most of it also applies to
SharePoint Server (on-premises version).
More than a storage location

One of the first reasons that springs to mind is that SharePoint is not our good old
network shares. It's also not another cloud storage.
Users might be used to their
OneDrive (consumer), Dropbox, Google Drive, and so on. They know how to upload or
download their files and pictures don't they? So that's already a good start!
But as mentioned above, SharePoint will offer many other features. Amongst them we
have:
Versioning
Custom metadata
Audience targeting
Content types
Labels (security)
Sharing
Workflows
Alerts
........
And we're only scratching the surface!
Integration with other apps

If you're using Microsoft 365, you've surely heard about Microsoft Teams , Power
Apps , Power Automate , etc... Well, they all integrate with SharePoint. So you can
imagine the extent of the possibilities. 🙂
That being said, we also don't want to scare users. The goal is to allow them to work
efficiently, taking into consideration that 'The Cloud' is likely a new way of working for
most of them, with a product that the higher management decided to go for.
Real world scenario

Let's assume for a moment that you're in this situation: Higher management chose
SharePoint Online as the new Document Management System, and migrations will take
place over the next few weeks or months. It's all been decided.
You can't just 'throw
users into the wild' and hope for the best, can you? Well, below is a little visualization of
what could happen...
Microsoft 365 is a subscription-based platform with multiple products depending on

the chosen plan(s). So even if you're not using SharePoint, the price will remain the
same. But if you do the same for other services (i.e.: Microsoft Teams, Power Automate,
OneDrive for Business, etc...), in the long run, it will feel like you're paying a lot of money
for only 'sending emails' while also paying for third-party products.
Identify SharePoint Champions

Some users may have some SharePoint experience already, likely from a previous role.
Identify those users for two main reasons:
They could be Site Owners for their team or department,

They could help with training other users within the organization.
Users and admin roles

When we speak about SharePoint, we can think of three distinct roles: Users, Super
Users, and Administrators.
Of course, they won't have the same responsibilities, or see
the same interfaces, but even an Admin is likely to be a user or Super User within his or
her team, after all!
Note: The role of a SharePoint Service Admin is not in scope of this article
From the most privileged to the least:
1. SharePoint Site Collection Administrator

2. SharePoint Site Owner (also Super User)
3. SharePoint User (Members, Visitors, etc...)
Basic training
Start with basic training per group or per department, a few hours per session. It has to
be a compromise between learning fast enough, and practicing the new ways of working
to complete their daily tasks. Therefore, plan the topics for each training session to be
efficient.
Depending on a user's permissions, the following are considered basic operations within
SharePoint:
Understand Lists and Libraries

Create, upload, download, delete documents
Share documents or a Site (depending on permissions)
Find version history
Understand metadata
Use the information panel
Check-in / Check-out documents (if enabled)
Create views
Restore deleted documents in the user's Recycle Bin
Minimum understanding of how Search works
Introduce OneDrive for Business
Note: Regardless of the sites' architecture, or ways of working specific to the

organization, the above items are really the basics to understand from a SharePoint
perspective.
Advanced training
If your users already know how to perform the items from the basic training section,
then they could potentially act as Site Owners for their team or department's site.
This involves more responsibilities as Site Owners will need to also take care of the
security aspect by managing site permissions, adding and removing users from their site
for example. They may also act as a support contact for other site members.
Advanced training could include the following:
Understand permission inheritance

Manage permissions (Site Owners)
Manage other settings (lists, libraries, site)
Understand the difference between Site columns and List columns
Sync a library locally
Sync OneDrive for Business files locally
Co-authoring
Create flows using Power Automate
Create, edit, and customize Pages (i.e.: webparts)
Create content types
Create approval workflows
Customize Views (i.e.: Group By)
Restore deleted items from the Recycle Bin (second stage)
Enabling or disabling site features (depending on permissions)
Introduce Microsoft 365 Groups (renamed from Office 365 Groups) and other
integrated apps
Those items are a good starting point, but maybe you'll be asked to customize a
SharePoint form using Power Apps ? Who knows! 😉
Is it really worth it?

Microsoft and the Community are making a lot of enhancements for SharePoint to make
things easier and more intuitive for users. But we've seen so many times that training is
very valuable for any type of product. Even a 'simple' product can be challenging for
users if they've never seen it!
Having someone explain 'how' to do things in SharePoint will only put users at ease,
carry on with their daily tasks, and subsequently make the price of the Microsoft 365
subscription worth it.
Related Articles
Related Resources
Microsoft 365 learning pathways
Principal author: Veronique Lengelle, MVP

Building Great Content for Your Intranet
Building a new Intranet from scratch, doing a major uplift introducing a significant
adjustment, or want to fill out one of those awesome look book designs with your own
content - but struggling for ideas and possible sources of content to include? This
article will go through the possible sources of content, content patterns and ideas to get
you started.
Content Sources and Ideas

Quite often, in projects we've been part of, we ask clients to consider news, events,
department pages, and areas of relevance as this aligns to the structure and page
templates proposed in initial design when building a new intranet. You might be asking
yourself, what does this mean, what kinds of content can be considered news or events,
department or special pages? What other content can I include? Where would I look?
News Content
News content provides a focus point for higher frequency content creation and updates
to keep the organization informed and engaged. This location presents a massive
opportunity to keep communication flowing, build community and culture, and keep
people informed about what is happening.
But what kind of information would that possibly be:
Organization Changes and Leadership Messages - Keep everyone up to date with

organization changes, strategies, areas of improvement, or deprecated offerings.
This can be quite broad and content of this type is likely to come from
organization, department, or team leaders.
Positive Wins - Promote positivity from company or people successes, client
success stories (if shared on website, link them internally), contract or new
customer wins. Showcase stories from people working with customers to show the
effect they have on the world.
Welcome New People - Make new people feel welcomed by promoting them in
news articles. This not only makes them feel like they are being introduced but
people are also more aware of that person and their role, providing opportunities
to contact and build relationships.
Quotes or Day in the Life - Show people what it is like to be in the field working
with customers, giving that deeper connection and understanding of their role
with people inside and outside the organization.
Promoting Services - Highlight services or existence of service catalogues to show
people what you offer as an organization. When they engage with customers they
can promote services beyond their own areas.
Event Highlights - Build up excitement for events, conferences, and encourage
groups of people to meet.
Lessons Learned - Not necessarily the most positive subject but if a project didn't
go well, describe what went wrong and how to improve in future projects. You may
have to redact the people and project name to avoid starting a blame game and
impacting their internal reputation.
Internal Events or Schemes - Have internal events, use the news feature as a way
to promote and build that excitement for the event, describe when this is
happening, what to expect, who may be attending e.g. broad groups, even
consider embedding a Yammer web part to stir up cross-team meet-ups and
engagement.
Internal Post-Event Write Ups - Don't let the end of the event be the end, consider
collecting statements from people to help those that didn't attend get a feel what
it was like, the best parts, worst parts (but keep it light), and when the next event is
likely to happen.
External Events Post-Event Write Ups - For those companies actively involved with
running external events, conferences, meet-ups, promotions - let people know
about them, how they can participate in future events, what it was like, who
attends, success stories, quotes from attendees, and photos to form a great
examples of content.
Business Process Changes - Employees are navigating to the intranet to follow
routine business processes. When there are changes to this process, posting the
updates on the intranet will ensure there is one place to look.
There far more examples of types of news content you can promote, once you start
creating news content and publishing it all, keep it flowing, and encourage for people to
suggest articles to help keep it fresh, informative, and exciting.
Events Content
Events can come in many forms, some of the examples include:
Town Halls - Company-wide events that are intended for the whole company to
either attend or participate. List these to promote their time.
Lunch and Learns - Small events designed to knowledge share in either a team or
company side around the lunch period. Bring that social aspect to learning
something together and asking questions.
External Events - List external events the organization is hosting will invite those
internally to contribute or attend in support.
Days That Are In Support of a Cause - Bring specific days of importance in
awareness, promote what the organization is doing to support them, and the
meaning of the event serving as a promotion of the event and bringing awareness
to the organization. E.g. World Soil Day, World Braille Day or National Spaghetti
Day.
Training Days - Days in which you are training people or running learning events.
This gives people the opportunity to subscribe and learn about a technology to
further their skills.
Informal Events - Events that people run that the company promotes e.g.
Christmas party, socials, clubs, conferences where the company is not present but
maybe of interest. Consider giving people some guidelines on what can be
promoted.
People Content
This type of content has a focus on people. There are many types of content that could
be classed as related to people so here are a few examples:
New Starters, Leavers, and Movers - Listing out the changes in the organization to
let people know who they can contact and collaborate with.
Health and Wellbeing - Providing information about the resources and support
that people can receive, organizational initiatives, programs, contact points, and
documentation of the support they can use.
Education, Learning and Growth - Building people by describing the resources
available to them, opportunities to learn, more detail around training services,
events, and ways they can participate with others in community learning.
Community Resources - describe ways to connect with other people, the
communities available, technology to connect others in hybrid working like Teams
and Yammer. Communities can extend externally, connecting with other groups of
like minded people around the world e.g. Patterns and Practices, Partner
Communities, and Champions Networks.
People Stories - Bring those stories of success, challenges overcome, or bring that
human life to your content with people stories. Let people get to know each other,
their story to share with everyone, learn how other people tackle issues, challenges,
and their wins.
Behavior Management - Provide guidance in what is acceptable and professional
behaviors setup those inclusive and cultural expectations. Share how to report
inappropriate behaviors, policies, and support frameworks to allow people to feel
like they have a voice.
Leadership Blog - Give leadership a space to provide their stories, plans, goals for
the organization, get to know those who run the organization, and highlight
company-wide success.
Performance - Describe how the company manages performance, goals, areas that
require improvement, measurements, and reports.
Inclusion and Equality - Area to promote, give guidance, support, and foster a
healthy environment including all staff.
The topic is very broad but look for that content that people value, ask in surveys and
get feedback, to include ideas from around the organization.
Static and Library Content

There are times in which you need to provide people with reference material (content
that remains fairly static and does not change often but is important for people to be
aware of) to know that these resources exist and they are published internally for use.
Examples include:
Policies - These are your corporate policies and outlined processes for core
principles, business operations, and functions e.g. privacy, expenses, holiday, IT,
data handling, social media, client engagement, escalation processes, exception
handling.
Public People Profiles - For those organizations that have people meeting
customers, a summary profile about that person.
Public People Pictures - Images of employees for brochures, literature,
newsletters, articles, highlighting that person.
Brochure and Marketing Content - Content you provide your customers when
people meet them, this would be accessible to all people in your organization to
have access to approved content to share with customers.
Service Descriptions and Offerings - Content related to what you offer as an
organization, to promote your services, easily accessible for employees to share
with customers. In some cases, these are on a website, so the content would best
as links in your intranet to share with employees highlighting that resource.
Technical Manuals or Procedures - Resources related to technical information or
procedural information, standard operating procedures, as an open resource for
employees to utilize and reference. This content may also list out areas of
subscriptions to third-party or external resources that your organization subscribes
to.
Reference Resources - Central library of references and resources that people can
refer to, useful in reducing duplicate costs for similar subscriptions as well as useful
resource of what is available to use.
Landing Pages
Consider the landing pages of your sites (e.g. homepages, section and sub-sections)
that may be represented as home pages in sites. These are your sign-posts for resources
in that topic, area, or department that are most prominent, important for staff to be
aware of. If, for example, you are looking for suggestions for a department, like
Information Technology, here is some content you could write about:
Describe the Department - What does that area of the business do, this is your
front door, what would you say.
Provide Links - The most important resources that people should be aware of, e.g.
FAQs, links to external resources, policies, documents or guidance.
Business Owner or Representative - Talk about how they lead that department, a
quote or a phrase to introduce themselves, and the goals of the department.
Get to Know the Team - Describe who the leaders are in this area, contacts,
engagement points for how to contact people.
Events - Listing out relevant events for the area of the business e.g. Cyber Security
Training, Ask Me Anything events, Genius Bar style drop-in events.
Surface Related Content - Let people know there is new content or pages to
perform specific tasks or functions.
Consider this as your shop window to your team. How can you help your readers?
External Sources
Finally, external sources of information, where this may be a variety of content on the
internet such as:
Professional Bodies - Listing out the organizational relevant content

External News - This may include your website, if you directly publish content.
Internalizing it will promote this to people.
External Websites and References - Listing out those common areas of reference
to external content, consider providing a way for people to search, suggest new
references, remove old ones if links break (although this could be automated).
Partners - Describe the partnerships you have with other organizations, how to
engage with them, what types of services or products can they offer.
Conclusion
These resources are ideas and suggestions to use if you struggle with thinking about
what to write about. They are potential ideas to grow your content and keep it fresh for
staff.
You can help

This article is intended as a guide, however if you have suggestions or content ideas that
you would like to add, consider submitting a pull request to include your insights into
this article.
Resources
Plan your SharePoint communication site

Identifying Your Microsoft 365
Champions
７ Note
Many organizations have a small team supporting all aspects of their environment from
break/fix through development of new solutions. There is not enough time in the day to
add crucial change management tasks to ensure adoption on top of this already heavy
workload, so it is commonly skipped. This risks engagement, adoption, clear insight into
departmental challenges, and maintaining open communication for collaborative
development.
There are hidden champions within your organization to help with these challenges if
you know the right places to look. They are not necessarily the same people as your site
owners though they can be. Here are some places to look for your champions:
In Training Sessions
There is a wide spectrum of technical capabilities in the room to learn the same business
processes and technology though everyone walks out with slightly different knowledge.
Focus on these edge cases of who is in the room as they will help push the boundaries
of your thinking.
The End User Who Finds the Loophole

They have a specific task in mind and can strong arm your environment to do what they
need regardless of parameters put in place. This person is interested and passionate
enough to dig past what you delivered in a training session for Microsoft 365. These end
users want to build in your environment so empowering them, not limiting them, will
help you both come up with the best solutions for the organization.
The End User Who Ask Lots of Question

If your training is not fully sticking with all people in the room this is very valuable
feedback as you aren't just targeting the tech savvy end users in your organization.
When you launch the next solution, everyone in this room will need to understand the
why and the how for it to be successfully adopted. Including these end users who ask
the most questions in the conversation will help identify where your content is unclear.
They are also showing a lot of motivation to understand so support them by inviting
them to be Microsoft 365 champions which provides more opportunities for education
and questions.
In the Ticket Queue

Take a step back from the individual tickets to look at any trending issues. Is one
department heavily using coauthoring and having issues with locked documents? Are
the same people reporting the same issues repeatedly? Is this a bug or user error? One
of the most challenging issues to resolve is a change in behavior. If you are not present
to help redirect those mistakes, it can be challenging to break the habit.
Finding Microsoft 365 champions in these groups can be helpful in identifying the issues
more clearly. Maybe the solution isn't aligned with how they work and needs
refinement. The team might have grown since implementation and there is a gap in
continued training or supporting materials. Having insight within a group will more
quickly bring light to where the gaps are and, as a trusted partner, the conversation and
reporting of issues will flow more easily.
In the Project Queue

Do you have a long project queue due to your small team being overloaded? Who has
been waiting for a long time who has the bandwidth and/or interest to begin self-
service closely partnered with IT? Self-service does not need to be implemented on an
organizational level to be effective. You can start small by working with end users one
on one to discuss their challenges and provide guidance on how to build it. This gives
you the opportunity to spot pain points in self-service and better develop training,
governance, and support before considering launching it to the organization. This also
gives the end user the opportunity to learn new things and add projects they are
passionate about to their resume.
With the Governance Benders

You may have seen this situation before where the company implements a new
guidance that limits a crucial established business process. Maybe your organization has
decided on no external sharing ever from Microsoft 365. The procurement department
works with external vendors for the majority of their day for document collaboration on
contracts, SOWs, etc. Limiting SharePoint external access has dramatically impacted their
productivity. What other options are available to them if you limit external sharing
across the organization?
When an end user is breaking governance, it is because something is not meeting their
day-to-day business needs. Open the conversation to understand why. If you don't, you
are encouraging shadow IT as there is a long list of free options available to meet their
external collaboration needs that is now outside your monitoring. If you do, you are
building trust in the relationship and gaining crucial insight into their needs.
Across Varied Perspectives

Identify Microsoft 365 champions across levels, regions, and functions as well to ensure
an organizationally diverse perspective. What works for human resources in the United
States might be very different for your office in Japan. What works for manufacturing
might not work for legal. What works for the c-suite may not work for individual
contributors. Ensure you are targeting diversity in technical ability, region, function,
level, age, and culture to get the most well-rounded feedback and support from your
Microsoft 365 champions.
In Usage Reports
In the Admin Portal there are Usage Reports for SharePoint, OneDrive, Teams, Skype,
and email activity. The SharePoint usage reports show the files viewed or edited, files
synced, files shared internally or externally, and pages visited for each user. You can
identify different types of end users here using these metrics to pick out your top
content consumers and top document collaborators. These end users will have feedback
on the current environment configurations and likely a wish list of what they hope
Microsoft 365 can do. With how fast Microsoft releases new updates they may not be
aware of some solutions that are available right now! If your top users are heard and
supported, they will have some of the loudest voices on whether Microsoft 365 is
working for your organization.
 Tip
This is commonly where people begin and quickly end their search for Microsoft
365 champions. To get the most valuable feedback you will need to look further
than just your top users. What about users with incredibly low usage in a
department that you know has fully adopted Microsoft 365 as a solution? Finding
out why it is not working for them can be more valuable than hearing the same
positives of why it is working for their team members.

Empowering Your Microsoft 365 Champions
Principal author:Emily Mancini, MVP, UXMC

Empowering Your Microsoft 365
Champions
７ Note
What is so different about a Microsoft 365 champions group from a site owner's group?
It depends on your organization. Some companies may expect their site owners to only
focus on content management to keep the intranet up to date with valuable information
supporting the governance plan. Microsoft 365 champions can also be site owners
though their support of the platform extends past content ownership. Champions are
dedicated to contributing to the roadmap of Office 365 at your organization. They are
interested in providing feedback, testing beta releases for new solutions, and sharing
their knowledge with the company to drive engagement in the platform.
Get feedback on what they need to achieve

While you may be able to spot trends on what the organization needs through company
goals, your ticket queue, and project requests there is a wealth of information your end
users are not telling you. Microsoft 365 is a very expansive suite of solutions that most
people are unaware of. Your end users may not think to ask for help with business
process automation or tracking action items as they view SharePoint as document
collaboration and communication solutions only. SharePoint and the other Microsoft
365 solutions can offer much more.
Host monthly gatherings

A great way to get this dialogue started for what challenges your Microsoft 365
champions are seeing in the organization is to host monthly meetups. These sessions
can be a freeform place to exchange ideas and talk through common challenges.
Have you ever needed to talk through something out loud to identify the best path
forward? Your Microsoft 365 champions may not have colleagues in their department
who are as familiar with the technology. Creating a place to have these discussions will
give you the opportunity to learn more of the "why" for what they are trying to
accomplish and guide them in the right direction. The best solutions come from
collaborative development with the people using them.
Additionally, hosting these meetups will ensure you are part of the conversation which
gives you the opportunity to guide the Microsoft 365 champions within the
organization's roadmap and governance. I am sure your Microsoft 365 champions can
search for some great InfoPath stuff on the internet, but do you really want them
building that? It is much easier to course correct in the initial stages of a solution rather
than discovering it after it has been released to end users.
 Tip
Bonus points for making this event casual and rewarding.

Offer food or drinks and
focus on fostering a community.
Solutioning, change management, and adoption can be really challenging. Give your
Microsoft 365 champions a place to share frustrations so they can receive support and
guidance. You are a team working together regardless of your reporting structure and
departmental business goals. It is a great feeling to be included, supported, and
recognized for your work.
Celebrate your site owners' efforts

Celebrate your Microsoft 365 champions' involvement and initiative to learn the
platform better and build collaboration tools for their teams. Everyone has a long list of
action items, deliverables, and goals for their "day job" already. These end users are
going above and beyond to be more involved. Feature their solution as a case study in a
company newsletter or create custom swag. Providing public recognition will showcase
the efforts of your Microsoft 365 champions and highlight them as a resource in the
company who understands how to effectively implement these solutions for their
departments.
Elevate their voices and involve them in the

community
Some of my favorite presentations involve an IT Professional co-presenting with their
business owner. It puts a focus on how important collaborative development is in
solutioning and implementation. The narrative of the problem statement through
adoption puts Office 365 into context of what can be accomplished with these solutions.
This will help guide other users as well as introduce your Microsoft 365 champions to
the big, beautiful world of the Office 365 community. There are countless blogs, articles,
webinars, and other helpful resources to support them on their journey not to mention
an incredible group of people. Who knows, maybe your Microsoft 365 champion will
make a career change to IT thanks to your support and introductions.
Provide long-term support

Microsoft is continually releasing new features, your governance plan is changing as the
company grows, and you have new initiatives for the intranet on the horizon. Include
your Microsoft 365 champions in quarterly meetings to highlight the changes that are
coming and continue getting their feedback on their experiences. These meetings can
overlap with the support you provide for your site owners, should you choose to treat
these groups as separate initiatives.

Identifying Your Microsoft 365 Champions

File Naming on an Intranet
７ Note
Basic Idea
Over time, you'll want to keep the documents you offer the organization up to date.
One problem you'll run into is SharePoint thinking files with different names are totally
different, when in fact you want them to be considered versions of the same file.
Examples of Bad Filenames

Here's an example of filenames which will cause issues over time:
Since the names contain the revision date, when the next iteration of the file is
uploaded, SharePoint will see it as an entirely new file. This means any connection to the
old file and its history (version history or metadata) is severed.
Better practice
Instead, name your documents based only on what they are. For example, rather than
Change in Terms Procedure Rev 12.15.2021.PDF, just use Change in Terms
Procedure.PDF.
Anyone who finds the document shouldn't have to worry about whether it is current or
not: only the most current version should be available on your Intranet. (There may be
exceptions to this, but it is generally the case.) As a Site Owner, this is one of your
resposibilities: keeping your content current and valid.
Each time you copy in a new version or upload one, it will become a new version of the
same file and get the same metadata. This also guarantees any links to the document
stay valid. You won't need to scour your own pages for links. Maybe someone in a
different department linked to your document, and you don't want that to break.
If revisions matter
If you need to keep older revisions, do that in your Team Site. If the revision date is
important, then it should be a metadata column on the library, not embedded in the
filename.

Information Architecture - Site Topology
７ Note
With the advent of modern pages in SharePoint Online, the classic top-down site
topology, as we know it, has evolved to a flat structure that is designed to adapt to your
changing organizational structure and content.
What we mean by site topology

When we say site topology, we mean how we arrange site collections and sites to create
a SharePoint site structure.
We prefer the term topology over hierarchy or navigation because your hierarchy and
navigation can be significantly different from how you create your site structure.
Classic site topology and challenges

Long before SharePoint Online and modern sites became available, the common
practice was to create a top-down site topology, with a single root and multiple subsites
below it. For most organizations, the top-down structure mimics its organization
structure. The topmost site (or root) represents the organization, with each subsite
representing divisions, departments, projects, etc. Within division or department sites,
organizations often create restricted access team or project subsites.
The classical top-down topology presents many challenges:
Company restructuring: Changes to a company's organizational structure requires

significant changes to the SharePoint site topology, often resulting in broken links,
missing documents, duplicated or orphaned content. In some instances,
organizations may choose to avoid the effort of moving sites, resulting in a
discrepancy between the organization's structure and the SharePoint site structure.
Deleting sites: If a site has one or more subsites below it, SharePoint prevents the
site from being deleted. Before deleting a site, you must move all its subsites to
another location.
Complex permissions: With a top-down site topology, organizations often resort
to using a mix of inherited and broken site permissions to protect information at
each level adequately. The mixed security inheritance can often make it difficult to
determine who has access to which content.
URL Length: As the number of subsite levels increases, the URLs to each subsite's
documents become longer. Longer URLs may cause issues with older desktop
applications and operating systems, often manifesting itself as an error opening or
saving a file.
Difficulty discovering content: SharePoint search allows users to find content
regardless of how many layers deep it resides within a site topology. However,
users who wish to discover content by navigating through a site may find it
challenging to find the content they seek, requiring them to navigate up and down
the site structure.
The need for flat topologies

Office 365 provides users with self-service capabilities; by default, users can create their
own SharePoint site collections, Office 365 Groups, or Microsoft Teams, for example.
Every new SharePoint site collection is created under the flat topology, with new site
collections being placed either https://tenantname.sharepoint.com/sites/sitename or
https://tenantname.sharepoint.com/teams/sitename, depending on the type of site (and
the tenant site creation settings).
Also, when a user creates a new Team in Microsoft Teams, Office 365 creates an
associated SharePoint site collection (also located under
https://tenantname.sharepoint.com/sites/sitename or
https://tenantname.sharepoint.com/teams/sitename); Microsoft Teams uses the
associated SharePoint site collection to store documents and other relevant information.
The same applies to Office 365 Groups from Outlook, Planner, or Yammer.
The flat topology helps support a self-service and cross-product architecture that would
be practically impossible to manage in a top-down topology.
Using a flat topology, site owners can easily manage user permissions for their sites;
because every site is a top-level site collection, there no inherited permissions to
complicate things.
In the event of a company's organizational restructuring, there is no need to move sites

to match the organization structure, because every site is a top-level site collection.
Designing for a flat topology
The key to designing a flat topology is to understand that content in SharePoint can
exist across three different "dimensions":
Physical: Where content is created and stored within a SharePoint topology.

Logical: Where content appears within a topology -- regardless where it physically
resides.
Metadata: Information about sites and content that can be used to identify and
find it, regardless of where it physically resides.
Creating the physical topology

The physical structure is relatively straightforward: each site is physically created as a
separate site collection just below the root of your SharePoint tenant, under
https://tenantname.sharepoint.com/sites/sitename or
https://tenantname.sharepoint.com/teams/sitename, regardless of whether you create a
Team Site or Communication site.
When deciding how many sites you need to create, you should consider the following
criteria:
Authors: Design your physical site topology to cater to people who create and
maintain content. Content should be stored where it is best managed.
Security and Policies: Create a site topology that makes it easy to assign
permissions; avoid creating sites that require a complex security matrix to
determine who has permissions to which content, as it often results in difficulties
maintaining sites. If in doubt, create two sites with different permissions. Also, keep
in mind your organization's governance and compliance policies, such as retention,
external sharing, quotas, and so on.
Lifecycle: Design your physical site topology with your content lifecycle and
workflows in mind.
For example:
Should you create a single site for your Accounting department to store Accounts
Receivable documents, Accounts Payable, and Financial Statements, or should you
separate them into two (or more sites)? It ultimately depends on who should have
permissions to what content.
If you need to create an Annual Report every year, do you create a single site
called Annual Report and change permissions every year, or do you create a new
site every year? It depends on whether the people contributing to the annual
report change every year.
Although your company's organizational structure may help to identify your physical
site topology, do not limit yourself to replicating it.
For example, your Human Resources department may need a team site to store
confidential information about employees, which can be accessed only by HR staff, and
a communication site to store company-wide information about policies and benefits
which is accessible to everyone in the organization.
Creating the logical topology

While the physical topology caters to people who create content, your logical topology
should cater to people who consume content. In other words, your logical topology is
how you present content to your users in a way that makes sense to them, regardless of
your physical topology.
For example, your HR department may have different sites for Benefits, New Hires, and
Recognition and Awards; To make it for your employees to find content, you may wish
to logically group under an HR site. To do so, you could create a communication site
called HR, convert it to a Hub Site, and assign Benefits, New Hires, and Recognition and
Awards to the HR hub site. Although all 4 sites are physically at the same level, they
logically appear to be in a hierarchical structure.
The metadata topology

The best topology you could ever create would be one that is customized to suit the
individual needs of every single person in your organization. While such a topology
would be ideal, it would also be impractical to create and impossible for anyone to
manage.
However, a computer can do precisely that; using machine learning, Office 365 and
SharePoint can observe every user's activities, interests, and usage patterns to determine
which sites to display on a user's SharePoint landing page.
When a user arrives at their SharePoint Home, SharePoint helps users find relevant
content by showing relevant news and recent activities from sites that the user follows.
It also shows sites that the user frequently visits, and makes recommendations based on
the user's past activities and their peers' activities.
While you cannot control this behavior, you should be aware that your site topology can
positively influence SharePoint's ability to deliver the right information to users.
For example, if you created a large, monolithic site that contained all of your company's
content in a single place, SharePoint would be less able to highlight relevant content for
users. The same site would always appear on the SharePoint Home page for every user,
showing too many recent activities to help users make sense of what matters.
On the other hand, if you separate the content into smaller sites based on their purpose,
SharePoint would be able to identify which sites were recently changed and highlight
those changes to the relevant users.
After you consider your physical and logical site topology, take a look at the metadata
topology.
Naming conventions
As you develop your organization's site topology, you may wish to define a site
collection naming convention. A naming convention can help users identify the function
of a site collection, membership, geographic region, or who created the site collection.
As Office 365 allows users to create site collections, either directly in SharePoint, or via
any other group workloads (Outlook, Microsoft Teams, Planner, or Yammer), the only
100% reliable way to enforce a naming convention is by enabling group naming policies.
Since all Office 365 group workloads automatically create SharePoint site collections,
naming policies affect all group workloads -- not just SharePoint.
There are two types of policies
Prefix and/or Suffix: You can define prefixes and/or suffixes to automatically add
either a fixed string (e.g., GRP_) or a user attribute (e.g., [Department]) before or
after the group name. For example, if you define a group naming policy with GRP
[GroupName] [Department], and a user from the IT department wants to create a
group called My Group, the complete group name will be GRP My Group IT.
Custom blocked words: You can define a comma-separated list of words that you
do not wish to allow in the group name. The words are case insensitive, and only
whole word matches apply (i.e., no partial matching).
You can use custom blocked words to "reserve" keywords and prevent multiple users
from creating multiple departmental sites. For example, you could define HR as a
blocked word to prevent users from creating an HR site until you have created the
appropriate topology.
The Office 365 Global Administrator and a few other administrator roles are exempted
from these restrictions. You can potentially apply the policies to prevent users from
creating sites with blocked words without affecting your ability to create the site
topology your organization needs.
To find out more about Group naming policies, and to learn to define them, visit the
Office 365 Groups naming policies documentation.
Principal author: Hugo Bernier

Information Architecture - Managed
Metadata versus Lookup columns
７ Note
Before we jump to the topic at hand, a little recap of the terminology involved:
Metadata: means information about something, in SharePoint usually information

about documents, pages or list items
List column: is a metadata column in a list or library. The column itself can be of
different data types: text, numbers, date & time, people picker, managed
metadata, etc.
Lookup column: This is a column type where the data values come from another
list in the same site (web).
Managed metadata: A globally available metadata service that can be shared by all
site collections in SharePoint Online or SharePoint on premises.
How do Lookup columns work?

A lookup column is a metadata column that gets its data from another list in the same
site. Before you start creating the column it's always a good practice to actually think of
how your column relationships will work. This will depend on your use case(s).
Example: I have a document library where our company stores our vendor agreements
and would like to "tag" each agreement with the vendor name(s). That way it's easier for
us to find specific documents, filter by vendor, etc.
In SharePoint, create a document library called Vendor Agreements

In the same site create a custom list named Vendors
You can extend the list to contain more data, but in this case I will create two extra
date & time columns to see if the vendor is still active or not. You can of course
use column formatting to make it look better.
Navigate back to the Vendor Agreements document library
In the Vendor Agreements library, create a new column and choose lookup for the
data type. Choose the Vendor list and the Title column, and include any extra data
you might need from the vendor list. Note: not all data types are supported.
After the lookup column is added you can use it to tag any document you have in
the library
Pros of Lookup columns
You can create lookup columns as site owner
You can add more fields from the source list as metadata to the destination list
Members can contribute to the source list, without changing the list setup
All updates to the source list will update the destination list
Cons of Lookup columns

Lookup columns can only be created with source lists in the current site
In order to re-use in another site we have to recreate both the source list and the
lookup column
Beware that deleting items from the source list will remove those values from
items in the destination list, unless you remember to use "Enforce relationship
behavior, restrict deleting" when creating the column.
How do Managed Metadata columns work?

Managed Metadata columns depend on the SharePoint Taxonomy service for
syndication. Because it's a globally available feature you need to have delegated
ownership to at least a term set in order to be able to manage it.
In this example I've created a term set called Document status with the terms
Draft, Waiting approval, or Published
I'm adding this term set as a column to the Vendor Agreement library above
I'm using this column to track the approval of the documents we have in the library
Pros of Managed Metadata columns
Managed Metadata is globally available - across all sites in the farm or tenant
Managed Metadata supports language translations
Changes to the term set values will be updated across all sites
Administrators can control who can contribute to each term set
Combined with search, you can create a global search center with refiners across
all sites using the term set
Cons of Managed Metadata columns

Cannot be managed freely by site owners, changes have to be added to a change
policy to avoid failures
Managed metadata is "singular" meaning you cannot connect other metadata to it,
like we can with lookup columns. For example, the Active from Date and Active to
Date in the first example above.
My experience
There is no single way of doing things in SharePoint. It all depends on the use
cases.
I normally use Managed Metadata when dealing with cross site publishing or
global search-related metadata. Because the metadata values are normally
managed by a few people and used widely across all sites in SharePoint, we get
more consistency and converge on a common understanding. This is especially
true when building Document Management solutions or Intranet News publishing.
I use Lookup columns, when I'm building solutions that are locally related to a site,
and the lookup data is from multiple lists already in the site. For example, when
building custom apps with Power Apps and I'm using SharePoint lists as data
sources.

Living Large with Large Lists and Large
Libraries
７ Note
Best practices and strategies for building and operating large SharePoint Lists and
Libraries well above the item limit threshold.
Summary
List or Library above 5000 items is indeed possible with planning and some
filtering/sorting compromises.
If you can make it modern, you should. The modern experience improves over
time; classic does not.
Apply remedies before you hit 5000 items, though in some cases, you can make it
to 20000. Procrastination will hurt you!
Your users don't care about this limitation one bit. Word doesn't limit you to 500
words. Excel doesn't limit you to 50 columns. As site owner, you need to be on top
of this.
If your List or Library is at 3500 items, fair chance it'll hit 5001 when you're on
vacation.
SharePoint Myths
There are couple of myths floating around in the world of SharePoint Lists and Libraries.
One is that you shouldn't treat a List like a database (untrue - it is just fine for a power
user to create a database). The other is that Lists and Libraries with more than 5000
items just won't work. Both of these are false. Here is guidance on how to own and
operate a list or library from 5001 - 30 million items.
A Cautionary Tale:
As site owner, your end-users and power-users will hit this wall
without careful planning and some monitoring. To them, the List/Library will appear
broken and will reflect badly on you and the tool. They'll be given almost no
warning that they're exceeding the threshold.
What is the List View Threshold?
When the number of items or documents is so high that SharePoint displays an error
instead of the content. For many years this was 5000.
Behind the scenes. SharePoint is querying data from a database. It, like all systems, can
do but so much at a time, and the Item Limit Threshold is that limit of items that are
displayed in a given view.
If you've operated sites with SharePoint Lists or Libraries for any amount of time, you or
one of your customers will trigger the Item Limit Threshold in a List or Library. Either
they've published a 300,000 row Excel spreadsheet as a new List, or they decided Friday
afternoon right-before-quitting-time is the perfect time to upload the entire network
drive's contents to a single Library. Views break. Sorting and filtering (especially on-
premises) fall apart. Users report broken sites and missing data.
The Limit is only the View

As a Site Owner, keep in mind that when the threshold is
exceeded, it's a problem with presenting the View and not the List/Library contents.
All the data is still there, it just can't be displayed. Mentally, separate the (Items,
Documents) from the presentation (Views) to help you pick the best solution.
It's easy to check the number of items or documents in a List or Library. Either look in
Site Contents, or look in the List/Library Settings. A blue bar will appear there if the
List/Library is getting close to the limit.
How can I predict which Libraries and Lists will

exceed the threshold?
With experience, you'll be able to smell a List that'll grow to exceed the limit before the
List is even created. This prediction experience comes from knowing your customers and
their business processes. Generally, these are the smells for future threshold-busting
Lists and Libraries:
If the List or Library is considered to be an automation of a manual process, there's

a good chance in time it'll go over the limit. Especially if the process has been in
place for years when you bring it in to SharePoint. Always consider the lifecycle of
the list or library.
If it's a network-drive-to-SharePoint migration scenario, there's a good chance it'll
go over the limit (but folders may make this a non-issue).
If you're in a meeting and the customer says "I have this Access database and..."
If the List is tied to a Flow, Workflow, or Timer Job - any scenario where the list is
not updated by humans.
Monitoring tools
Your workplace may have some sort of fancy third-party
monitoring tools to report on item/document totals. If you're not so lucky, you as a
Site Owner can set weekly Email Alert Notifications on the List/Library to keep an
eye on things. It's not true reporting, but you'll be able to see trends in Lists.
Differences in the threshold between Modern

versus Classic Lists/Libraries
They are different. Let's compare:
Platform Threshold Can I change Automatic Modern Threshold-free

threshold? Indexing Experience Hours
Online 5000 No Yes Default No
On Prem 5000 Yes* Yes Available Available**

SE
On Prem 5000 Yes* Yes Available Available**

2019
On Prem 5000 Yes* Yes No Available**

2016
On Prem 5000 Yes* No No No

2013
* Someone with Central Admin access is needed to change this. And when you ask them
to, you'll be given reasons why it's a bad idea. That's their role - keep the databases
performing well and sites up and running. The smart play is to ask them to increase the
limit for a very short amount time so you can fix your List/Library, and then return to the
default threshold limit. Lists and Libraries can also have the limit disabled via PowerShell
by setting the EnableThrottling property to false. See the example below.
** Your admins can schedule a time when the threshold is lifted on a schedule- generally
after hours. Doing this during business hours will frustrate your users by created a mixed
experience.
PowerShell
$web = Get-SPWeb https://sharepoint.contoso.com/sites/team
$list = $web.Lists["Example List"] #or library display name
$list.EnableThrottling = $false
$list.Update()
The most fundamental difference is that Modern will, over time, get new feature
improvements to improve the experience of over-threshold Lists/Libraries. Classic will
stay the same.
Should I build this probably-large List/Library

into multiple Lists/Libraries?
You can, and that's an option to consider, especially if you can work in Content Types
and Site Columns for data consistency.
Lookup Columns and Calculated Columns

If your List or Library has Calculated
columns (which can't be indexed) or Lookup Columns, you may want to consider the
multiple List/Library route. A List will struggle to reference a data in a Lookup
column when the number of rows is over the threshold.
If it's a Document Library, consider using the SharePoint Content Organizer to route
your documents (based on a condition) to different libraries with the same metadata.
But is that what your customers want from a user experience perspective? Does it feel
similar to having to update multiple spreadsheets? What if they want to do reporting on
this data, and they have to deal with multiple Lists? This scenario shouldn't be your first
choice if you can avoid it.
Can Search Help me?

Depending on your scenario, absolutely. Search doesn't care about the List View Item
Threshold. If you're building a large Library or List and don't need custom views or
complex filtering/sorting - Search can be used to give your users access to the
items/documents they need.
Search-Only Example:
The article author currently manages a folderless SharePoint
Library with 450,000 PDF files in it. Those files are uploaded to the library through an
external process. Each file has a meaningful file name, and the customer uses Search
to find just the document they need instantly. They'll never sort or filter the library,
or edit the documents, so this scenario works just fine. No columns are indexed.
Can Grouped-By Filtered Views help me here?
This one gets complex real fast - especially with views for Document Libraries with
folders. Read Joanne Klein's excellent deep-dive into this for more information.
All my internet research keeps pointing to

Indexed Columns - what's that all about?
Indexing columns - before the threshold limit is broken - is the most effective way to
mitigate View threshold pain. In an ideal situation, where the user knows the List or
Library will be large, you'd index any and all columns you can.
A View that's over the threshold will generally only display if it's filtered by an indexed
column first in the view, and that filter returns no more than 5000 unique values.
This is done by going to the List or Library settings, choosing the Indexed Columns link,
and indexing the columns one by one. You can add up to 20 indexes to a list or library.
Choose wisely - what columns would you or your users want to base a view on?
Automatic Indexing:
SharePoint lists/libraries in SharePoint Online now have the
capability to index columns automatically. But like all automated processes, it may
not index the right column for your users, and will not automatically create indexes
for lists/libraries with more than 20,000 items. Don't count on this to save you. Plan
ahead.
It's important to take this action early - SharePoint on-premises (2013) won't let you
create an Index past 5000 items. It is uncertain if there is a hard limit in SharePoint
Online, but once you cross those lines, it is difficult to correct. You have to delete lists
items to get back down below the limit, and then index the columns.
For the best user experience you should be proactively ensuring the appropriate
columns for your lists/libraries are indexed, based on the columns used most frequently
in views and/or filtered by your users. You can add indexes on up to 20 columns on a list
or library.
Column types that can be Indexed

Single line of text
Choice (single value)
Number
Currency
Date and Time
Yes/No
Lookup (Lookup)
Person or Group (single value) (Lookup)
Managed Metadata (Lookup)
Column types that cannot be Indexed

Multiple lines of text
Choice (multi-valued)
Calculated
Hyperlink or Picture
Custom Columns
Person or Group (multi-valued) (Lookup)
External data
But why are we indexing columns?

We index columns because those indexed columns can then be used to define Views
that do work in Lists/Libraries above the threshold.
In fact, if the columns displayed in your List/Library View are all indexed columns, the
View will function almost like a regular list/library view.
Indexed columns pair well with a Filtered View

Your default view in this large List or Library should ideally be composed of only Indexed
columns. If not, it should be filtered first by an Indexed column.
Pro Indexing Tip

If you can, always index by Title, Modified, Created, Modified By,
and Created By columns. You can piece together a viable view with this, and so can
your users.
Example Scenario 1: Indexing for a Simple list

Sorted by Created, Descending. Batches of 100.
Column Type Indexed In Default View
Title Single Line Yes Yes

Column Type Indexed In Default View
Favorite Sport Choice (single) Yes Yes
Likes Cats Yes/No Yes Yes
Biography Multiline No, can't No
Created Date Yes Yes
Created By Person Yes Yes
In this scenario, we've created a SharePoint List or Library that will work right to 30
million items. Default view is bullet-proof in Classic or Modern.
Your users can create Personal Views that show just their Created By
entries.
Business analysts can create reports based on Likes Cats
preference.
The Biography column - best case - isn't displayed in any views. Only
viewed/edited when the user interacts with the item.
It may be worth also indexing Modified here for Power Automate Flow users
running the trigger for when SharePoint Items are Created or Modified.
Example 2: Indexing Scenario for a Large Library

Sorted by Created, Descending. Batches of 100.
This library has 25,000 documents in it.
Each day a folder is created and seven regional sales reports are added to it. The
business has solemnly-sworn to follow this model.
Column Type Index it?
Title Single Line Yes
Name File Name No
Sales Region Choice (single) Yes
Likes Dogs Yes/No Yes
Created Date Yes
Created By Person Yes
The model will work great for years. Each folder acts as sort of a reset on the Item Limit
Threshold for the default view. New folderless flat-Views can easily be created using the
columns you've indexed.
Folders, Document Sets
Remember, folders count as items when calculating the
threshold.
Further Reading
Microsoft: Adding an index to a SharePoint column
Microsoft: Manage large lists and libraries in SharePoint
Blog: SharePoint Online List View Threshold
Blog: Deleting a Very Large SharePoint List
Blog: Predictive Indexing Comes to SharePoint

Creating Useful Views for Lists &
Libraries
７ Note
All Items
As a SharePoint Site Owner, you benefit directly by having users who find the product
useful with a good user experience. Some things you have control over - navigation
structure, page structure, content types, and List/Library Views. If you totally ignore what
you have influence over, your users might perceive SharePoint as something IT imposed
on us. If you lend a hand as Site Owner, you can change that perception. You can be the
one who makes Lists/Libraries a joy to work in, a useful thing to work in.
７ Note
Microsoft Lists is available both in SharePoint and on its own as the Lists app.
You should lend a hand to your users by making List/Library default Views meaningful
and useful from the start. Users can make their own Views, of course, but by showing
them what a good View is like, you can empower them to work efficiently.
７ Note
This article is left-to-right language focused - and should not be considered best
practice for right-to-left languages (like Arabic or Hebrew).
Get involved and improve this open source article

Multilingual SharePoint guidance from Microsoft
SharePoint Online Communication Sites and Pages
How to make a great default View

Set your users up for success when you help them create a List or Library: create an
excellent default View. This is as much a UX (User eXperience) thought-process as it is a
technical one. Your goal should always be to display only the necessary columns for a
user in the default View. Here are the high-level steps to think about:
1. Have a firm understanding of what a SharePoint View can do

2. Think about how your users might work in the List/Library
3. Think about the quantity of items/documents in play
4. Think about the devices or platforms being used
5. Understand and apply proven UX principals for laying out things on a screen.
6. Make that default View!
Understanding List/Library View capability

As a site owner, get yourself up to speed on SharePoint List/Library View features and
capabilities . You should know how to show/hide columns, change the sort order,
make multiple views, and how to add column choices to the Modern UI filters pane.
SharePoint Designer Views:

If someone told you to make a View in SharePoint
Designer, years ago, this was a viable tool for customizing views, but SharePoint
Designer is deprecated and will be unsupported in a few years. Do not use it.
You should also learn concepts like item/document View metadata filtering and
grouping content.
Overview of View creation

List Column and Site column usage
How will your users use this View?

Ask this question: how will users use this View? Is it a document collaboration space? Is
it a mini database filled with approval requests? Is it a data source for another
application through SharePoint's REST services? Will no humans use ever use the
List/Library, but must be supported and maintained? Is it the document repository of
record, with lots of reading but few updates?
By taking a beat and thinking about the tasks your users will perform, you'll get a head
start on making a useful View.
How many items are in this List/Library?

It can be tough to know the answer to this up front, but once you've been a Site Owner
for a few years, you'll get a feel for it. This question lends itself to thinking about
performance, pagination in Classic (i.e., 1-30 of 3000 items), folders in Libraries,
Grouping content in a View, and data-driven views.
Check the guide to handling Views where there is a lot of content: Living Large with
Large Lists and Large Libraries
Where are you users accessing this View?

As Site Owners or developers, we frequently have the privilege of modern equipment,
fast connections, and wide-screen monitors. Ask yourself - will your users be accessing
this View in mobile device with a small screen? In a low-bandwidth or disconnected
area? On an underpowered netbook that's a decade old?
Ask the question, then shrink your monitor down, and put your browser's Developer
tools into 3G mode, or mobile simulator mode (Edge, Chrome, Firefox all do this) to
simulate the experience. Speed of the user interface is a critical component of good UX,
and something you can control in a View with careful planning.
Apply proven User Experience principals to

page layouts
Of which there are many, and it's better to think of this as a spectrum rather than a strict
technical guideline. For instance: simple is good, but too simple reduces functionality
and comprehension. Only displaying the Title column is simple, but not showing the
Modified date column might deny your user enough context to act.
Think about:
Effective Visual Hierarchy - A View is mostly rows and columns, so hierarchy might
not be the first thing that comes to mind. But it's there - left-to-right reading,
column order (more important columns on the left) and relationship to the filters
pane.
Read more about hierarchy: Visual hierarchy in ux design
Use of color - With Column Formatting and View Formatting there are real
opportunities to apply a plethora of color, icon, and font treatments to your
default View. Use sparingly to deliver the most impact. If every column and row is
colored in, the user can feel overwhelmed instead of informed.
Coloring in rows of data delivers the most impact when its tied to a business goal and
provides actionable information to your List/Library user.
Read more about this:
Column formatting
View formatting
The F-shaped pattern is another classic User Experience principal that directly
applies to List/Library Views. The most important, most actionable columns in your
default View should be on the left and sorted by what-needs-attention towards the
top. If you imagine a large letter F superimposed on the page, this will help you
visualize it. User Experience Researchers have used eye tracking to record this
phenomenon. Users are reading left-to-right and scanning quickly to find the
information they need. Does your View support this?
Read more: F-shaped pattern for reading content
Here's how this eye-tracking might apply to a View. This graphic simulates the output of
eye-tracking heatmap results. Red areas are scanned more thoroughly by your user than
green.
Modern List/Library Views: The Filters Pane

The Filters Pane - available in any modern View - is the underrated biggest improvement
to List/Library Views in SharePoint's user interface history. By adding context-aware
refiners to the View, you're empowering your users to filter down rows quickly without
needing to display ten extra columns in the view.
As the Site Owner, you're doing your users a service by pinning choice and date columns
to the Filters Pane, and maybe those columns from the default View. You'll need to
instruct your users about the pane's existence, but if they've ever used SharePoint
Search refiners or any shopping website before, they'll totally get it.
General and usually-correct default View

strategies
Sometimes little-to-no UX research will be done, and sometimes you won't know how or
where your List/Library will be used. These tips will help you establish a good default
View that applies in most cases:
Title column on the left side of the view (same with Name, if it's a Library). Maybe
the most left you can, but not in the middle or the right. Give users a target to click
on where they're looking.
In a browser, zero percent of users want to scroll horizontally even though it's
super easy to three-finger horizontal swipe on your brand-new state-of-the-art
developer-grade laptop trackpad. Use the Filters Pane instead. Or create a
secondary View that shows more columns.
In a Modern View, Item Count (Pagination) is often ignored in favor of infinite

scrolling. This comes at performance tradeoff at your user's expense. Additional
rows are loaded and rendered dynamically as the user scrolls. Displaying fewer
columns in your View can increase perceived scrolling speed. Smooth scrolling is
what your users want in a View. Let the filters pane work for you.
Sort Modified date descending and display the Modified date column. This
provides the context of freshness for a given List/Library's View. In many cases, the
user's needs to act on the most recent item in the list, like approving a travel
expense or reviewing a document update.
Default view probably doesn't need a Group-By because it makes sorting/filtering

weird. Easy for the user to lose context to where they are in the View, especially in
Modern. Advise against Folders and Group-By together in nearly all cases.
Display 1 or 2 extra metadata columns for the default View but more than that
may be a higher cognitive load than what your users can handle. And more
columns could lead to horizontal scrolling.
You almost never need a Multiline column in a default View as it breaks up the
flow of rows in your list by adding different heights of text. This can slow down
your user's reading/scanning of content in the View.
Maybe, consider setting the List/Library to Classic if performance is an issue with

your user's machines or connection. Classic won't work forever, but it still works
now. In Classic, the View is rendered server side and takes the load off the browser
having to do the heavy lifting. Modern List/Library Views do all the lifting in the
browser now. If your machine isn't great, you're waiting instead of working in
Modern. Know your customer's gear.
Principal author:
Patrick M. Doran
How Do Site Columns Become Managed
Properties - Thus Available for Search
７ Note
Before we jump to the topic at hand, a little recap of the terminology involved:
Metadata: means information about something, in SharePoint usually information

about documents, pages or list items
Site Column: is a metadata column that has been created for a whole site
collection, thus available to be used by any list/library in that site.
Crawled Property: A crawled property is content and metadata that is extracted
from an item, such as a document or a URL, during a crawl.
Managed Property: Is a list of useful content and metadata included in the search
index, we normally map useful crawled properties to managed properties to make
search more easy.
For more details about the SharePoint search schema visit Microsoft official
documentation to learn more.
Also head over here to read more about PnP Modern Search Solution , I will be using
this to show a quick usage of Site Columns in Search.
How to create a site column
Where
A Site Column can be created generally in two places:
1. In the Content Type Hub - Using the Content Type Hub will make the column
available to all sites in your SharePoint tenant.
2. In the Site Collection (or modern site - which is a Site Collection) where you will be
using the column
７ Note
This article doesn't discuss in detail the Information Architecture decisions about
when and where to create Site Columns.
Using What
There are a lot of tools you can use to create a Site Column
1. Manually clicking in the SharePoint page, this is what we'll be using in this article
2. Using PnP PowerShell
3. Using Site Scripts & Site Designs
4. Using code
How
In SharePoint, navigate to your Site Settings and choose Site Columns. The Site Columns
page will contain all the metadata columns currently available in your site, except for
hidden system columns.
Choose Create
A Site Column can be created for many different information types, including: Single line
of text, Number, Date and Time, etc. In fact, all the same column types you might add
directly to a list or library are available to you.
When you are done with the settings for you new Site Column, scroll down to the
bottom of the page and choose OK. The new Site Column will be created and listed in
the Site Columns page in the Group you have chosen.
 Tip
By putting your custom Site Columns into a group (or groups) preceded by "_" or
".", you'll see your own Site Columns at the top of the listing page.
Where to use Site Columns
Site Columns, are normally used in Document Libraries or lists.
Locate your list or library and navigate to List settings or Library settings.
In the column section, choose to add a column from an existing Site Column.
The Site Column is now ready to be used in the library, and you can now add values to
the column in the list or library.
Next, you need to wait for SharePoint Online to do its magic. This magic takes the form
of the search crawler indexing the column and its values. This generally takes only a few
minutes in SharePoint Online, though it can take longer.
） Important
Site Columns will become Crawled Properties automatically if:
You have created content using the Site Column. Just defining the Site
Column is not sufficient; there must be content to crawl.
If the site is a Communication Site, the Site Columns should then become
Crawled Properties.
If you are creating Site Columns in a modern Team Site (which has an
associated Microsoft 365 Group), you must be a Site Collection Administrator
explicitly for the crawled and managed properties to appear in the schema
admin UX. The properties do exist and work for search, but makes it hard to
do custom mapping. This means adding yourself as an individual to the Site
Collection Administrators. It is not sufficient to be an Owner of the Team Site
(and thus of the underlying Microsoft 365 Group).
In the meantime you can navigate to your tenant's Search Administration page:
SharePoint Admin Center / More features / Search / Manage search schema
(https://[TenantName]-
admin.sharepoint.com/_layouts/15/searchadmin/TA_SearchAdministration.aspx) page to
review the current settings. You will need the SharePoint Administrator role to be able
to access this page.
Navigate to Crawled properties and search for your custom column, if the search crawl
has done it's job, you should see your site column as a crawled property.
７ Note
Crawled Property names don't match the Site Column names exactly. Often, the
Crawled Property will look like ows_[SiteColumnInternalName] , for example,
ows_MyCustomColumnForSearch . Different column types will have different naming.
Searching for a significant fragment of the Site Column's name should help you
find it, such as "MyCustom" or "ForSearch" for the column above.
You may then find one or more crawled properties:
ows_MyCustomColumnForSearch - This is the one we will generally use to map to our
managed property for search.

ows_q_Text_MyCustomColumnForSearch - This is automatically created by search and
shouldn't be used.
In SharePoint Online, we're not allowed to create new Managed Properties in the search
schema that are "Refinable" or "Sortable". Microsoft has created a number of Managed
Properties that we can use in order to extend the search experience. These properties
take the form:
"Refinable" + type of column + number -> RefinableString00 or RefinableDate03
In the managed properties page, search for "refinablestring" or "refinabledate". For

example, use "refinabledate" if your Site Column is a Date and Time type column.
Pick a RefinableString Managed Property which is available, meaning not already
mapped to other Crawled Properties, for example "RefinableString01". These Managed
Properties have been pre-defined with everything turned on: Query, Refine, etc.
Scroll down to the bottom of the page, and map the Crawled Property to the Managed
Property. You may also want to add an Alias to help you identify things in the Managed
Property listing. For example: MyCustomColumnForSearchRefinable. These aliases
don't show up in many places, but they can help you stay organized. Click OK.
After this you will need to wait for the search index to be refreshed with the new
Managed Property. Search crawls in Microsoft 365 are frequent, and this usually takes
less than one hour, often only a few minutes.
To make sure that the index maps your Site Column and its content in the next search
crawl, you can navigate back to your site, and in Site Settings, choose "Search and
offline availability".
Click Reindex site then OK, then wait… [Insert patience here]
When the index has been updated you will be able to search for content that has your
Site Column metadata as shown below.
To extend the search experience you can use the PnP Modern Search Web Parts.
solution to build custom search page(s) with its powerful Web Parts:
Search Box Web Part

Search Vertical Web Part
Search Refiner Web Part
Search Results Web Part
You can also embed a SharePoint search page in Teams as a personal app by following
this guide
Conclusion
This article has only scratched the surface of what is possible with Microsoft 365 Search.
By creating Managed Properties specific to your content and processes, you'll be laying
down an important foundation for more sophisticated search-driven solutions.

Document Sets for Fast Legacy Process
Automation
７ Note
Before you run, you should walk
Overview [tl;dr]
Users use documents. Now, and forever.
If there's one document, there are probably related documents.
Users are too busy to apply your beautiful metadata scheme manually.
Users benefit from good metadata and organization.
Users blame you, the site owner, when they can't find a document.
SharePoint Libraries have had an amazing tool to help your users classify, organize,
and find documents - this whole time - called Document Sets.
You may be a site owner in a document-centric organization (Gov, Finance, Education).

Your leadership craves the benefits of modernization, automation and process
improvement. While the Microsoft 365 and SharePoint Online platform provide a wide
array of solutions, a good first step low-overhead no-code option you should consider is
the SharePoint Document Sets. The Document Set has been a part of SharePoint for
years, both on premise (2007-2019) and Online.
The Document Set offers these great benefits:
All the familiarity of putting related documents into a folder, while maintaining
valuable SharePoint metadata capability
For the non-technical user, it reduces the cognitive load of assigning complex
metadata to documents
For the power user, it allows for assigning complex metadata to documents,
creating metadata driven views, and executing workflows on a bunch of files at
once.
Build a bridge:
You, the site owner, live your life in views, Flows, metadata, lookup
columns, and are always learning for new automation features. Your coworkers may
not be. They may be working in legacy back office processing functions, handing
paper or PDF documents. The Document Set is the bridge for them – it shows them
the possibilities and capabilities of SharePoint without a huge learning curve.
Example Document Set Use Case

The Contoso Insurance Agency has a legacy process where, for each new claim that's
filed, several documents must be created, updated, and managed for auditing proposes.
Contoso Insurance employees are new to process automation and have only recently
began storing Word, PDF, and Excel documents in a SharePoint Library.
Multiple naming schemes have been tried but keeping the required 5-10 per-claim
documents together has been a challenge. Their SharePoint Library now has 10,000
documents. Metadata columns were added, but staff grumbled at having to pick the
same fields over and over for each document.
SharePoint Search is powerful but doesn't necessarily show related documents together
the way your users want.
To turn this around, the Site Owner performed some old-fashioned process analysis of
the work, identified a few helpful metadata columns (Date of Claim and High Risk
Customer) and began the process of upgrading their library to support SharePoint
Document Sets.
What Document Sets Are Not

Document Sets are not folders (though they inherit from the Folder Content Type). They
have icons that look like folders. They sure smell like folders – a container that holds files
– but Document Sets are significantly more powerful.
Don't Folder where you Set

You can have folders outside or inside a Document Set
– but it is not a great user experience and can negate the clarity that Document Sets
bring to a library. Best practice is to avoid mixing folders and Document Sets.
What Document Sets Are

Document Sets are a Content Type, and you should read What Is a Content Type? to
understand Content Types if you don't already. Content Types have metadata,
inheritance, and can be set to show up in the [+New] menus within SharePoint and
Teams tabs.
What's fundamentally different about the Document Set Content Type is that you can
put another file inside the Document Set. The user experience is very similar to a folder
(but it is certainly not a folder). Your user can easily make a new Document Set and drag
and drop documents into it. They'll get it on the first try, just like they with folders.
The key advantage over a standard folder is inherited metadata. When you create a new
Document Set, you add metadata to the Set that is automatically passed down to the
documents within. And you can control which metadata is at the Set level, and what's
shared with the individual document. This is the magic – it's free metadata, and free
document organization. No code, light configuration.
The more you know

Read Microsoft's Introductory Document Set documentation
Additional Benefits
With a Document Set enabled SharePoint library, it is still at the end of the day a
SharePoint Library. Without any code, you still have Email notifications, Microsoft Power
Automate Flow, custom Views, drag-n-drop files, web parts, sharing links, Content
Types, bulk download, bulk property edits, filtering, versioning, and more.
You sacrifice nothing by enabling Document Sets and gain the advantage of a library
with users who can find their stuff and get, maybe, a little more excited about the
Microsoft 365 / SharePoint tool that IT has cast upon them.
How to enable Document Sets

In your library settings, under advanced settings allow custom Content Types and then
add the Document Set Content Type. It'll then show up on the [+New] menu in that
library.
Do Document Sets work in SharePoint Online?

They are great in SharePoint Online, with one caveat. Document Sets in SharePoint
Online will occasionally drop into a Classic look and feel before returning to Modern.
This occurs when you create a new Set. Everything else follows the new Modern UI
standard. In this author's daily observed use, your users won't flinch at this.
Can I use Document Sets in Teams?
Yes, with a similar caveat. Document Sets are available in the [+New] menu in the Files
tab of your Team. Working with the individual files within the Document Set works well
in Teams. As of this article creation date (November 2020), creation of a new Document
Set from Teams sends the user to their web browser and keeps them there.
Teams Tip
It may be better to use the Website tab in Teams for Document Set use.
That will keep the work contained in a single Teams tab.
Use case example: Configuration of a

Document Set enabled Library
In the use case above, this was how Contoso Insurance set up their Document Set
solution. No code was written, everything was configured by the site owner:
1. A new SharePoint Library called "Claims Auditing" created.
2. Major Versioning enabled. Minor versioning disabled. Check In/Out disabled. New
Folders disabled.
3. Library configured to support Content Types in Library Settings, under Advanced

Settings
4. In the site collection Site Settings, the Document Set feature was enabled.
5. The Document Set Content Type was added to the new Claims Auditing library,
under Library Settings
So far so good. At this point, we've got a SharePoint Library with Document
Sets, but we don't have the real value of it yet. Keep reading:
6. Add two new columns to the library, Date of Claim (a date column) and High-Risk
Customer (a Y/N choice column). Set the Date of Claim column to default to
today's date, and High-Risk Customer to default to No.
At this stage, these 2 new columns are available in both the Document Set and
the documents uploaded in the Sets.
7. Add another column called Assigned Reviewer (person column) to the library.
8. In the Library Settings, under Content Type, choose 'Document Set', and then
Document Set Settings. From here, under Shared Columns, check Date of Claim and
High-Risk Customer. But not Assigned Reviewer.
If you've followed these steps, you now have a document library where a user can create
a new Document Set for each claim. The Date of Claim value is pre-populated with
today's date and High-Risk Customer is defaulted to No. Every document that is
dragged-and-dropped into this Set will inherit those values! And, if you change the
value in the Document Set, the documents in it will automatically update with those new
values!
Since each document (within the Document Set) has a different person reviewing it,
each document can have its own Assigned Reviewer associated with it – because we
didn't make it a Shared in the Document Set settings.
Epilogue
End users of the library rejoice – they're given a library that appears organized by folders
(but of course, it's not a folder) and they can sort/filter by Date of Claim and High-Risk
Customer at the Set level. They can create Views based on a date range or status. The
default view went from 8000 individual documents to a thousand Document Sets.
Site Owners were took the silent satisfaction of watching the library thrive over the
years, with users rising to become power users.
Document Sets enable easy out-of-the-box file organization and automatic classification
using the tool you already own. SharePoint Document Sets are magic. 🗂
Further Reading
Microsoft: Intro to Document Sets
Microsoft: Create and Manage Document Sets
Blog: SharePoint Maven: Document sets – the hidden gem of SharePoint
Blog: Marc Anderson: A love for SharePoint Document Sets
Blog: Ben Prins Power Automate Flow and Document Sets
Microsoft PnP: Adding a Document Set with PnP

Taking Advantage of the Content Type
Inheritance Model in SharePoint
７ Note
Taking advantage of the Content Type hierarchy is an important part of a powerful

information architecture, regardless whether you're working with documents, list items,
pages, etc.
Let's use this example to illustrate the points:
SharePoint gives us the _Document Content Type "out of the box". Every Document
Library you create in SharePoint (assuming you don't use some fancy template) has the
Document Content Type enabled for it. So many people just start dumping their files
into the Documents (aka Shared Documents) library with every file becoming a
Document and then wonder why no magic is happening.
In the example above, we have two interstitial Content Types. (Interstitial - or

interstices - means spaces between things.) We can create these interstitial Content
Types, but never enable them in a Document Library; they generally only exist to create
a strong content hierarchy.
Org Base Document - When you start setting up the information architecture in a
tenant, it makes sense to create a Content Type like this, usually putting the name
of the organization in place of "Org". You may never touch this Content Type again
after you create it, but it really comes in handy when someone says something like,
"let's add X to ALL our custom Content Types".
Contract - This is also a Content Type which we may not ever enable in a
Document Library, but it allows us to search for Content Types which inherit from
it.
Most of the time, you'll want to create Org Base Document and Contract at the tenant
level (in the Content Type Hub, via the Content Type Gallery in the SharePoint Admin
Center). We use that enterprise level capability for Content Types which may be used in
one or more sites. It gives us a central place to manage our information architecture -
where it makes sense to do so. Since we're going to inherit from Org Base Document
for all the custom Document-derived Content Types, we create it at the tenant level.
When we set up a custom Content Type and inherit from an existing Content Type,
there's a brilliant logic under the covers. The out of the box Document Content Type at
the tenant level has its ContentTypeId=0x0101 . 0x0101 represents a Document in every
tenant. (See: Base Content Type Hierarchy for the full list of base Content Types in
SharePoint.)
When we create the Org Base Document Content Type in the Content Type Gallery, it
gets a ContentTypeId which starts with 0x0101 and then has a unique GUID-like part.
Here is an example full hierarchy tree for the Content Types with their ContentTypeIds in
a tenant. (Your actual ContentTypeIds will vary.)
Content Type Inherits from ContentTypeId
Item [System] 0x01
Document Item 0x0101
Org Base Document Document 0x0101002FBDBE6A1A315F438E41F10681463A61
Contract Org Base Document 0x0101002FBDBE6A1A315F438E41F10681463A6101
Employment Contract Contract 0x0101002FBDBE6A1A315F438E41F10681463A610101
Real Estate Contract Contract 0x0101002FBDBE6A1A315F438E41F10681463A610102
As you can see, the inheritance model makes a lot of sense. Each inheritance appends
something unique to the ContentTypeId . Once we've enabled the appropriate Content
Types in Document Libraries (in this case), we can take advantage of the hierarchy using
queries like:
Intent Query
Intent Query
Show me all my custom ContentTypeId:0x0101002FBDBE6A1A315F438E41F10681463A61*

Content Type -based
documents
Show me all the Contracts ContentTypeId:0x0101002FBDBE6A1A315F438E41F10681463A6101*
Show me all the Employment ContentTypeId:0x0101002FBDBE6A1A315F438E41F10681463A610101*

Contracts
Show me all the Contracts is the really powerful query here. By requesting all content
with a ContentTypeId which starts with the Contract Content Type's ContentTypeId
(That's what the asterisk does for us.), it doesn't matter if we create a new Content Type
inheriting from Contract. The query will automagically continue to do what we want
because the next Content Type inheriting from Contract will have a ContentTypeId of
0x0101002FBDBE6A1A315F438E41F10681463A610103 . In other words, the
ContentTypeId:0x0101002FBDBE6A1A315F438E41F10681463A6101* query will just pick that

new content up for us without any adjustment.
Pair this good information architecture with the PnP Modern Search Web Parts, and
you can build search-driven experiences which are highly specific, easily maintained, and
extremely reliable. This is NOT "just Google". It's you building solutions to match the
user stories and content needs in YOUR organization. If you extrapolate from these
examples, you probably can imagine some potential hierarchies in your information
architecture which may help you create more powerful solutions for your end users.

List and Library Formatting
７ Note
Gone are the days when SharePoint Lists and Libraries made for a dull and boring
experience.
Today, we not only can choose from improved pre-configured formatting but also the
recently released Board View, we can also tweak these existing layouts or go even
further and apply custom formatting.
Historically there have been some formatting functionality that was released first to Lists
before it was available in Libraries; but today, both share similar formatting support. One
notable exception is the new Board View, which is only available in Lists.
Another note for those wondering about how Microsoft Lists may fit into this
conversation: as far as this conversation is concerned, it is not important whether your
list is stored in SharePoint or whether it exists as a stand-alone resource - they both
utilize the same underlying framework.
To introduce the concept of formatting, it is useful to begin first by defining the core
concepts of Document Libraries and Lists. We will then discuss some of the reasons you
may want to consider formatting. Finally, we'll review the high-level areas that support
formatting today - Column Formatting, View Formatting, and Form Formatting.
Why Format a List or Library?

Formatting isn't just about style, though that certainly has its own merits! User
experience research in web design has repeatedly shown that we should employ
techniques to make information more easily scannable.
Carefully applying style can also help apply a visual hierarchy to our information,
drawing our user's attention to the most important information and de-prioritizing any
supporting information.
Other advantages of formatting include creating layouts that better suit the type of
information being presented. For instance, imagine laying out Images, Tasks, and
Documents in a single rigid fashion. Clearly there are ways to display Images (such as a
Tile or Gallery layout) that could be tailored differently than Tasks (such as a Kanban
layout).
By leveling up the formatting of our list and libraries we also incentivize new users with
a more modern and appealing user experience, and thereby simplify our change
management and adoption efforts.
Types of Formatting
There are a few different areas where we could apply custom formatting, and it is useful
to split these out and understand how each has a role to play. In some cases, you may
want to consider getting started in only one area before exploring remaining options
that introduce more complexity or have a broader impact.
Column Formatting
Columns represent the 'Fields' in our Lists and Libraries - the vertical segments of
information. A good equivalent concept is Column Headers in an Excel Spreadsheet, in
which each Column contains a different type of information. One column may contain a
list of Products, while another may contain the Prices for each product.
With Column Formatting, Lists and Libraries now have certain pre-configured
'suggested' formats that appear by default, depending on the type of column selected.
For instance, when creating a choice column, we now get defaulted to a simple color-
coded 'Choice Pills' format:
When column formatting is applied across several columns, it can transform the entire
visual experience and make a list feel more modern and dynamic. There are
opportunities to make information more meaningful across different types of columns,
such as showing a User with both their Profile Photo and their Name, a Due Date that is
formatted when it is overdue, and numerical columns that are transformed into image-
based indicators. When combined, these effects make the list content more scannable
and easier for users to consume. Compare the two versions below:
While this blog will not attempt to cover all the possible ways to format a column,
another very useful example of column formatting is to embed actions in line with the
list content itself. This can be tremendously useful for triggering things like Power
Automate Workflows as the user experience to do this can otherwise be harder to
locate. For instance, in the example below, we've created a Workflow that allows the
Project Manager to elect to Promote an Active Risk into an Active Issue, by moving the
content from one list to another and vice versa.
In another example, we've used formatting to allow metadata modification directly in

line with the content itself. This saves users a step of moving into Quick Edit or opening
the properties panel to modify the metadata. This is especially valuable in Lists or
Libraries where certain values are frequently updated. In our Policy Library below, we
have a Last Published Date that we want to update frequently and by using formatting
the contributors can simply click a button to update the date.
If you're looking for inspiration, a great place to look and even copy and paste code
from community examples is the PnP Column Samples in GitHub as well as the other
resources below.
Column Formatting - Suggestions
A good place to dabble in formatting is at the column level, as it is a localized

change to a single column and can easily be reverted.
Apply formatting but try to use consistent patterns for similar columns. Human
brains rely on spatial memory to reduce cognitive burden and complete tasks
more efficiently. For users to be able to develop spatial memory, they require
stable UIs where things don't move around (much).
Consider using Workflow Launch buttons to make it more obvious how to trigger
automation.
Use bars, charts, or iconography to simplify the consumption of numerical fields.
Column Formatting - Useful Resources
Microsoft: Use column formatting to customize SharePoint

PnP: List Formatting Getting Started
Github: List Column Formatting Samples / List Column Formatting Samples by
Column Type
The Chris Kent : Master Formatting Wizard
SharePoint Theme Generator : Generate a custom theme for SharePoint based on
your primary color
UI Fabric Icons : Icons you can use in your formatting
SharePoint Online CSS Classes : Reference for all the SharePoint CSS classes that
you may wish to use in your JSON
HTML to JSON Formatter
View Formatting
While the ability to create custom Views within our Lists and Libraries is far from new,
there are some interesting new options available for SharePoint content management.
In contrast to Column Formatting where your styling will apply to a single column or
field, View Formatting applies the stylistic change to the entire List or Library. When
creating a New View from a List, you get several pre-built options to get you started.
Libraries offer the same initial options, apart from the Board View, which you'll only find
on Lists.
The Card Designer available when using the pre-set Gallery view can be very useful as it
gives you an intuitive configuration experience to select what you want to show on your
cards. If you've ever wanted to display your documents or list items as cards, now you
can with no code!
In another example, the View below can be achieved simply by tweaking the
configuration to make a Library of Images much more interesting and informative.
As mentioned earlier, Microsoft has recently released a new Board view for Lists, which
gives us a Kanban-like layout for organizing our list items, and even facilitates moving
them between columns by dragging and dropping.
Much like Column Formatting, these formats can also be tweaked to your own needs,
and there are quite a few use cases to consider, from accordions used to expand and
collapse a list of FAQs, to tile-based buttons with iconography, to Gantt charts, to
complex hover effects displaying additional metadata, and even timeline-based views.
There's even a quite amazing sample by João Ferreira that closely replicates the user
experience of To Do in a SharePoint List.
Another interesting scenario is to have the formatting utilize conditional logic to only
show information based on values in other columns, or based on the current user
viewing the information. Using this technique, we can easily create a personalized
experience for end users.
Many teams find the 'Grouping' functionality useful in Views, which introduces the
ability to expand and collapse groups of information and avoids the use of Folders.
Formatting can be applied to adjust the look and feel of the groupings, adding colors,
iconography, and even removing the annoyingly repetitive column name label at the
beginning of every grouping!
A more recent addition is the ability to use View Formatting to configure the List or
Library Action Bar. This can be used to hide or show certain actions, move their order,
change their text, tooltip, or associated icon, and define in what part of the bar the
actions appear. One useful way to use this new function is to make it even simpler for
users to create certain document type, and removing additional actions that are not
frequently used.
Critically, this function does not yet seem to allow for adding buttons to create Content
Types.
View Formatting - Suggestions
A good place to experiment with View formatting is with the new Card Designer.
Consider creating views that are personalized using conditional logic.
As before, experiment with different ways to visualize your information that makes
it easier to consume for end users but try to use consistent patterns for similar lists
and libraries.
Use Command Bar formatting with caution as inconsistent action bars throughout
several lists and libraries will cause confusion for end users.
iew Formatting - Useful Resources

Microsoft: Use view formatting to customize SharePoint
Microsoft: Group Formatting
Microsoft: Command Bar Formatting
PnP: List Formatting Getting Started
Github: List View Formatting Samples
Form Formatting
The SharePoint New and Edit Form has been around from the early days of SharePoint
and provides a form-based experience to populate new Items and edit properties for
existing Items. While Grid View (previously Quick Edit and many years ago known as
'DataSheet View') provides a powerful means to edit your Document or List Item
properties, the SharePoint Edit Form remains the primary and traditional means by
which to view and edit metadata.
When un-customized, the form will display all the existing List or Library metadata. One
of the simplest things to do is to hide or show a subset of columns. This ability is not
new but useful to reduce the amount of 'noise' displayed to end users if not all fields
require attention. To do this in the modern experience, open the Form panel, and click
the 'modify' drop-down, followed by Edit Columns. From here, toggle the visibility of
fields to on or off. Note: If Content Types are in play, the display can be modified within
the Content Type configuration. In the example below, we've chosen to hide the Project
Manager Notes field from all users, as well as a Promote to Issue field which is used to
launch an attached workflow from the List View.
One interesting new option is the ability to apply conditional logic to determine whether
fields are displayed. This opens possibilities beyond a global on or off, but only shows
the field in certain situations, such as if the current user needs to see that field, or
whether it should only be shown dependent on values in other fields. In the example
below, we can now display the Project Manager Notes field, but only to the Project
Manager. We can also only show a Mitigation Plan field if the Impact or Probability
levels are three or greater.
Once the unquestioned territory of PowerApps alone, we can now perform some
configuration to modify the appearance of the form as well, including applying styling
to the form Header, Footer, and Body. This gives us the ability to apply a more
interesting Header to all items in the List or Library, as well as a potentially more tailored
footer. In the body, we can also group related metadata into 'sections', which can add
an enormous amount of context to the editing experience.
Form Formatting - Suggestions

A good place to experiment with Form formatting is to consider fields that need
not be displayed in the form in all scenarios and apply conditional logic to
determine whether they are visible.
Similarly, if you have cases where you are capturing a significant amount of
metadata, consider putting the metadata into sections to streamline the
population process for content authors.
Form Formatting - Useful Resources

Microsoft: Show or hide columns in a form
Microsoft: Configure the list form

７ Note
Communication Professionals will sometimes refer to the 7 Principles of Communication;

sadly, these are not standardised (so probably level 200!), but
there are some common
themes which were used to inform the Communication Competency within the
Microsoft 365 Maturity Model. If you are not a Communications professional you may
find this interpretation of the principles helpful as part of a communications strategy,
maturity assessment or technology selection.
Seven Principles
Effective
Every communication should have a clear purpose and should achieve that purpose to
be effective. This includes what is said, how it is delivered, when it is sent/published and
why people should take notice. You need to communicate your message in the fewest
possible words, have the consistency of tone, voice, and content so that you can save
time. Short, punchy statements are often more effective than rambling prose. Diagrams
and images provide impact and clarity. Visual design should provide a good UX, support
the message and the brand and make it easy for people to engage and pick out the
important elements. Each message must have a logical conclusion and a call to action.
The need for active communication, where important or urgent notifications are
emphasized above general messaging 'noise' and so direct their attention, should be
considered alongside passive 'Publish and Track' or 'For Interest' ('Publish and Forget')
approaches. Active communications should be carefully managed to prevent overuse or
abuse.
Comprehensive
People shouldn’t be left wondering if there is more to come. The information

communicated should be adequate and complete. Where possible, it should fully
address the purpose and provide enough that the recipients can take the required
action without delay, confusion or a reduction in productivity or motivation. Where
communication cannot be completed in a single message etc. then it should clearly
indicate that there is more to follow, with requisite when and how. Links to supporting
material are recommended
Clarity
The purpose of messages should be clear; worded in such a way that the receiver
understands the same thing which the sender wants to convey. Communications
shouldn’t leave your team confused. Be clear of the format you want to say it in. Be clear
about your goal or purpose. It is also essential that the receiver is conversant with the
language, inherent assumptions, and the mechanics of communication. Typically,
sentences should be short, in the active voice and key elements stated it in separate
bullet points.
Attention and Style

In good communication, the receiver’s attention is drawn to the message. People are
different in behaviour, attention, emotions etc. so they may respond differently to the
message. This may require constructing different message formats for different roles
and grades. Senior staff should be seen to be acting in accordance with the messages,
using the messaging tools and supporting the messaging processes. Formal
communication is generally used for transmitting messages and other information;
however, sometimes informal communication may prove more effective. Informal
communication can be helpful for assessing the reaction of employees towards various
policies. Both types should embrace the organization’s ethos; commonly this is positive,
honest, respectful, open and polite.
Coherency
Communication often takes place across multiple tools/formats and over a period of
time. It’s important that communication remains logical, well-planned, and self-
reinforcing across these. There should be a good connection with the main topic and,
often linked to company values, principles, and mission. Equally, communication should
be consistent with the policies, plans, programs and objectives of the organization and
not in conflict with them.
Timeliness and Urgency

Communication should be done at proper time and with the appropriate level of impact
and urgency, to ensure that messages can be understood and acted upon to achieve
their objective. It should be possible to differentiate Urgent and Import information and
understand the time scale for any actions. There should be confidence that
communication reaches their audience when intended.
Importance of Feedback
Feedback is very important to confirm that communication has been effective and to
resolve questions, allow challenge, clarify actions etc. Sometimes there is a compliance
requirement or monitoring function that needs to be addressed via feedback or a ‘read
receipt’.
Steps to establish a Communications approach

When planning an active Communications strategy which aims to raise the maturity
of
this competency, completion of an audit to establish where the organisation
currently is
could be helpful. Subjects to consider are:
Existing reputation analysis [internally and externally]

Audience analysis and segmentation. This is especially important in large
organisations with different divisions as not all messages will be relevant to
everyone
‘Competitor’ analysis from a performance perspective
‘Competitor’ analysis in terms of media perception and reputation i.e. do they
receive positive, neutral or negative media coverage on average, is their news
covered or ignored?
Consumption. How do the people you’re trying to reach consume news? Consider
the device they use and the format.
A next step would be obtaining Board-level approved objectives from organisational

and communications perspectives, clearly outlining what they (the
board) are trying to
achieve.
This would look at identifying each audience group within their organisation and
assigning comms accordingly.
Before delivering corporate communications, regardless of the technology and process,

organisations need to spend time planning, covering:
Branding. Is it clear and easily recognisable among staff, patients, media,

stakeholders etc. and chime with the overall strategy? Are all
graphics, images,
videos etc on-brand and have a clearly identifiable style that belongs to the
organisation? A brand guardian is needed to ensure the
correct use of logos,
fonts, typefaces and colours for all scenarios [print, online, email signatures,
brochures, letterheads, social media channels,
signage, leaflets etc.]
Key message development. What does the organisation stand for and how can
these key points be included across different comms formats?
Inclusion. All marcomms divisions to be represented and involved in the process
Process. A clear approval process established that is shared throughout the
organisation to ensure better control of messaging, timing, branding,
avoids
conflict and is joined up
Spokespeople. Allocating spokespeople by topic so they become specialists and
more trusted
Plan. A clear delivery plan is needed that integrates different services and
platforms e.g. intranet, website content, direct content, newsletters,
email, apps,
etc
Metrics. Clear measurement and evaluation metrics agreed at the outset
Timing & Timeliness. Timetable and how frequent comms are. For example,
weekly comms that are short and easily digested are better than long,
monthly
comms that can suffer from tl;dr syndrome. Timing is crucial. For example, most
people are spent come a Friday afternoon after a busy week and
large numbers
take Friday off to enjoy long weekends
Effectiveness. Consideration needs to be given to engaging as opposed to
transmitting in large organisations. A two-way flow of communication that is
managed and acted upon has numerous advantages
It is likely that external comms needs to be built into the strategy alongside and closely
tied to internal comms, to ensure the interaction with ‘customers’ and stakeholders is
equally robust.
References and Sources

7 Principles of Communication –
Explained!
The Seven C’s Of Effective
Communication
Duncan Thorne, Thorne PR Ltd
Principal author: Simon Hudson, MVP

Introduction - The Principles of Search
７ Note
Great search should be at the heart of all corporate information systems and digital
workspaces. The reason is simple, in this information age we all need far more
information than any individual can hope to know about. While the human mind is a
marvelous thing, it has its limitations and our memory capacity isn't so much limited as
adapted for certain types of knowledge retention.; Meanwhile our organizations,
industry, and society as a whole are creating new information at a rate far faster that it is
possible to absorb. Not only can we not know and recall everything that is important to
us, but we often don't know what we we don't know.
The paradox is that personal and organizational productivity is reliant on rapid access to
current, authoritative information we need in order to make decisions or work through
processes. We know we need it but we don't necessarily know what it is, where it is or
even if it exists. Good search fills in this deficiency by providing discovery tools for users;
great search does it by removing the burden on users to know how to search or where
to search. As others have observed,
"Great search should work like magic"
Search relies heavily on several other competencies including cCollaboration and

mManagement of cContent; without these being well managed search cannot be highly
effective; mature search capabilities within the organization are built on a foundation of
mature business processes.
Why search
People search for many reasons:
Find answers: they need to answer a question they have.

Locate things: they know something exists, but don't know where it is. Sometimes
they need to find out if information exists or what information exists; or even that
something doesn't exist.
Clarify things: they know something exists, but don't know how to adequately
describe it.
Find expertise: they need to find someone who can offer advice or skills or can do
something for them.
Simplify things: sometimes its quicker to use search to filter large amounts of 'stuff'
than to browse. Sometimes pre-defined filters don't provide the options or
nuances needed.
Accelerate activities: search is frequently a more efficient of rapid means of
completing a task or process.
Search strategies
There are a wide variety of search strategies and technologies and these are evolving all
the time in response to increasing diversity and volume of content in order to manage
the complexity that come with these. Some strategies become ineffective or
disadvantageous as complexity grows. There is a constant 'arms race' between content
creation and search technology.
The human-machine interface also evolves in response to the changing nature of

business and content.
History of Search
Search, as a concept, has been around for as long as people have been storing
knowledge in the form of written words. The Pinakes may well have been the 1st
library index, based on the contents of the library of Alexandria around 300 BCE. With
around half a million papyrus scrolls stored in the library, the great repository of
knowledge already far exceeded ability of even a team of librarians to know the content.
Today, even the smallest organizations have vast quantities of internal information,
supplemented by externally accessible knowledge. Since the dawn of the computing age
around 80 years ago, machines have assisted us with finding the information we need.
With the advent of digitization, digital search has become the only realistic way of
accessing the internal and external information at our disposal, and has become a
critical capability since the turn of the Millennium. Web search started in the early 90s,
arguably culminating with the release of Google. Enterprise search actually precedes
this; Microsoft became active around 2001, adding search capabilities to Microsoft
Office SharePoint Server, which it later spun out as the stand alone Search Server in
2008. This marked the start of Microsoft's vision for search, to break down information
silos and provide a single point to search for all content across the enterprise. Even their
first engine was able to search through multiple content sources including SharePoint,
Exchange, Lotus Notes and File servers.
As SharePoint gained popularity so did the amount of content stored in the system. As
the amount of content grew, a more sophisticated search engine was needed. In 2008,
Microsoft acquired FAST, a true enterprise search product When they integrated the
technology into SharePoint 2013, organizations were provided with powerful enterprise
search, able to scale to large volumes of information. Further development of search
integrated it into Windows desktop, many desktop and server applications and
ultimately into online services, including The Bing web search engine and the search
capabilities embedded across the Microsoft Graph.
You can keep up to date with Microsoft search here:

https://resources.techcommunity.microsoft.com/microsoft-search/
Principles of Search
In our thinking about the maturity model for Microsoft 365 we identified common
themes, which we have worked into guiding principles for making search magical.
Making search magical involves adhering to all these principles.
Ubiquitous
Great search should be available everywhere. People should be able to elect to search in
any and every application they use, on every device, regardless of their location and
circumstances. They shouldn't have to go to a different place or application to conduct
the search they need. Search should generally occur invisibly, wherever people are doing
their day to day tasks.
Search should be omnipresent.
Comprehensive
Great search should have access to everything. Whatever people need to complete their
task, continue their line of thinking or make a decision should be at their fingertips
regardless of where the information is stored, what application is used to create that
information and regardless of who owns or manages that information, with governance
caveats. The search experience should enable searching across all content in the
enterprise regardless of the system that it resides in. This allows the silos of information
found in different systems to be broken down. Users can find what they want without
having to know which system to search.
Search should be all-** embracing.**
Findability
Great search should not actually be about search at all; It should be about delivering
findability. People are deeply uninterested in the search process; they just want to find
the information they need.
Search should deliver the results.
Appropriate
Great search should understand what people mean. As far as possible, search should
infer what it is that people need when they start searching (or even before). To achieve
this requires an understanding of several things: the user's explicit query and also the
implied query derived from the user context. This can include many things such as their
location, their role, the current activities, time of day and many other profile elements.
Search should offer understanding, not just indexing. By doing this, the information
returned can be personalised and relevant.
Furthermore, the way the information is presented should also be personalised and
prioritised to the person's needs. The results of search should be consumable by the
searcher, readily understood, and presented in a way they can quickly scan, interpret
and move ahead with. Regardless of what the user is searching on, relevant results
should be returned.
Equally, great search should be current. For any given piece of information, search
should have an understanding of how likely the information is to have changed, its
periodicity or aging rate, and index that source of information at an appropriate
frequency so that people are confident at what they are offered is up to date. As content
changes it is important that returned results that are fresh and include the latest
changes. Search needs to awareness of the searcher, the information and its sources.
Search needs to understand.
Governed
Great search should be directed and supervised. There should be a strategy to ensure
that it has direction that will support the organisation. The needs of the organisation
and of the users should be considered and balanced. Processes should ensure that
content, indexing, scopes and reach are maintained. Content duplication should be
identified and minimised. Management of Content should occur to remove clutter,
update tagging and labelling, confirm security and access. Search usage should be
monitored as content and business needs change, updating keywords, search terms,
taxonomies, synonyms, recommended results and more. Usage patterns should be
reviewed and insights from this applied.
Changes to search experiences, result weightings and scopes should be carefully

considered and delivered through an appropriate review process, in a timely fashion.
Metrics should be in place and acted on for all search principles.
Search should be assured.
Refinable
Great search should offer precision. Scopes should limit results to the most likely based
on context, but provide a way to improve precision within the search activity, expanding
or constraining the search to provide the sought after domain of results. Filters, refiners,
results priority and suggested improvements, related searches, signposting and
recommendations should guide the user to find what they seek, but allow the user to
apply their insight and judgement to this.
Search should be guidable.
Actionable
Great search should lead to success. There should be mechanisms to turn search results
into completed tasks with minimal user intervention. Actions, such as copying links to
content, sharing findings, previewing and interacting with content, updating tags or
metadata and initiating or completing business processes should be supported directly
from the search experience. Often this will occur in the context of a specific application
or business process, though generalised search results should offer commonly needed
actions. The transition between the search experience and concluding the task that
triggered the search should be seamless to the user.
Search should be productive.
Fast
Great search should be immediate. There should not be an unnecessary delay in
providing results, to ensure that the searcher is quickly able to complete their activity
without interruption, distraction or losing the thread of what they were doing. To
achieve this, results should be presented within a couple of seconds, or even before the
full question has been posed.
Search should happen at the speed of thought.
Consistent
Great search should be reliable and familiar. Modes of interaction should be uniform in
operation and expected output, given the context of the search experience. They should
repeatably serve up the expected outputs as well as any refinements, recommendations
and actions.
Search must maintain trust and confidence in what it delivers and how it delivers it.
Obvious or invisible
Great search should be helpful. Staff should not have to learn complex search options,
or spend time carefully considering the most effective search terms and options. In fact,
search should be easier than the alternatives, which might include browsing, guessing,
asking someone or using a web search engine. Everyone should be able to use search
and it shouldn't be a training problem. Search results should be no more complex than
necessary, easy to assimilate, free of irrelevant or useless information and functionality.
Search must focus on those things that helps users find or do what's needed.
Great search shouldn't feel like search at all; great User Experience (UX) often occurs
when there is no User Interface (UI); it is so natural and embedded in the process that it
isn't something users do, it just happens.
Search should be effortless
Characteristics of magical search

All systems and tools provide a search option, or have it embedded in the
workflow.
Searching is across all content in the enterprise regardless of the system that it
resides in. Silos occur due to planned control, not technical limitations.
Search isn't limited to files; 'things', skills, people, places, and more are included.
Users can find what they want without having to know which system to search.
Search is scoped for the most likely need in the current context but allow a shift to
different or edge case queries.
The process of search is similar in all systems, with familiar options, UI elements
and outputs.
Presentation of results and 'findings' are appropriate to the content discovered,
include previews, formatting, actions and more based on the context.
Users can review and refine results to find the result they need. Document content
is viewable within the search results page; People can refine the findings to
improve precision and confirm they have the right result.
Indexing frequency is matched to content fluidity; as content changes results are
up-to-date and include the latest changes.
Content and search findings are actively managed, reviewed, designed, optimised.
Security and governance are deeply embedded; search reduces rather than
exposes information governance risks and data loss.
Searching feels immediate; users maintain their engagement during a search
activity.
Extraneous information is minimised, clutter is avoided cognitive load for users is
minimised.
Related content is exposed.
Principal authors:
Simon Hudson, MVP

Simon Doy
The Evolution of Company-wide Email
Communication to SharePoint News
７ Note
Since the advent of email, the most common way most organizations have shared news
and updates to the entire organization at once has been through emails to a org-wide
distribution list. As Microsoft 365 continues to expand capabilities and offers us multiple
communication channels to use, it may be time to shift your communication strategy to
leverage alternate solutions like SharePoint news to increase employee engagement.
Challenges of Communication via Email Only

Why is email so commonly the only communication channel people trust at an
organization? It might be as simple as "everyone is using it". Unfortunately, that does
not necessarily mean it is the best option to support your message and drive the action
or engagement you are seeking from the recipients.
Email is not a great platform for collaboration as group conversations can quickly
grow out of hand with superfluous messages of acknowledgment clogging your
inbox from essential messages.
Key messages might get lost in disjointed threads.
Email notifications destroy our focus as they continually interrupt active work.
Email is only as secure as the users sending it and critical messages can be
forwarded outside the company.
There is decreased engagement in an email from leadership. It feels like one-way
communication, as we actively avoid the dreaded "reply all" which would spam our
colleagues' inboxes.
New hires miss any communication sent out before their start date.
It is incredibly challenging to find previous communication and sort in a logical
order.
You cannot fix errors, missed attachments, or add any additional value to an email
after it is sent… unless you send another.
SharePoint News to Enrich Your
Communication
SharePoint news, available in SharePoint Online and SharePoint Server 2019, enables
you to communicate company updates, announcements, personnel news, and more in
rich layouts with graphics, links, and embedded content. The canvas allows for much
richer communication than what you get out of the box with an email in Outlook. The
ability to embed content directly into the news post reduces any friction for your
audience to consume the content, removing the need for them to explore additional
links and attachments. News allows for comments on the bottom of the page
empowering colleagues to interact more without spamming the entire company with
their replies. Even better, since SharePoint news is essentially a SharePoint page with
some added capabilities, you can make corrections or add additional information as you
begin to receive feedback on your communication. After creating the news post, you
may also email the page itself to a company distribution list to deliver the same
messaging into inboxes with the added benefit of the news being stored ad easily
searchable on the intranet.
SharePoint News for More Persistent Company

Updates
In addition to all the value adds for improving the content of your communications,
SharePoint news appears across the Microsoft 365 ecosystem ensuring it is front and
center as employees navigate SharePoint and Teams to get their work done. News (that
you have permission to access) is shown on the SharePoint start page, SharePoint
mobile app, Microsoft Teams (once you add the connector) and can be added to team
sites, communication sites, and hub sites with the news web part. This news web part
can be configured to surface only that site's news, a filtered view of a site's news, or
include news from other sites including a rollup of all sites part of a hub.
You can enable audience targeting on the news web part to target your messages to the
right people. Everyone in a global company may not need to hear about a benefits
update in Mexico, so you can target that news to just the employees in that country.
Expanding the places your communication appears while better targeting it to the right
audiences will naturally drive higher engagement as you lower the signal to noise ratio
for your employees.
News is a page in the Site Pages library of a SharePoint site so new employees will no
longer be limited in accessing company updates (sent only as email) based off their
account creation date. Once a new employee receives permission to view a SharePoint
site, they will have the ability to read all previous news. This enables new employees to
get a deeper understanding of what has been happening across the company before
their start date, speeding up the onboarding process.
Since news is a page within a library, this means it also falls within the Microsoft 365
search scope. Employees will have one place to search to find all current and historical
company content.
SharePoint News to Empower Communication

Across the Organization
In the modern SharePoint world, your site architecture is flat with different site
collections spanning the organization. Each department is managing their own sites and
responsible for keeping content up to date. This access also enables site owners and
members to take ownership of communicating updates and news to the company by
creating news posts on their sites. The intranet homepage can have a web part showing
all news from all sites increasing the visibility of these important departmental updates
and removing Corporate Communications or IT as the roadblock to post on the
homepage. Site owners benefit from the decentralized content ownership with
immediate access to share updates and employees benefit from this centralization of
updates by having one trusted place to check on the intranet homepage - just like they
had when it was an email in the beloved inbox.
In organizations where news is heavily vetted before sharing across the company, you
may want to create communication guidelines and style guides to ensure the messaging
is consistent across departments. It is a shift for the teams managing news to coach-
and-enable instead of gather-and-curate.
Organizational News
While the expanded access for site owners to share their news is exciting, for some
organizations it is still important to delineate what your organization considers the
"official" or "authoritative" news. A site specified as organizational news will have a
signifier in the site title - it appears in a highlighted box - helping these news posts to
visually stand out as different.
SharePoint News Digest to Replace Newsletters
Microsoft 365 improvements continually offer us the opportunity to see how we are
doing business today and evaluate if that is still the best method. The traditional
emailed newsletter requires a lot of administrative work from one person or a small
team to gather updates, centralize, format, and share. These updates are becoming stale
every minute it takes to follow this process and it requires a lot of manual work. Shifting
to empowering your site owners to share news from their sites as the updates occur will
provide information to your organization at the speed we are now used to receiving it in
the outside world - near instantly.
As your organization shifts to sharing news as it happens, you may want to help the
organization spot the top stories from the past week, month, etc. Once there are four or
more stories in a news web part, you can send a news digest. A news digest is a
selection of specific news stories, which can be across site collections, that you may
order and add a personal message to. This news digest can be sent via email to a
distribution list, Microsoft 365 Group or multiple people. The news digest also creates a
SharePoint page which gives you a lasting artifact of that moment in time "edition."
Your newsletter process now supports sharing news as it happens and following up with
the most important updates via email to ensure key messages were not missed.
Delivering this news digest to email inboxes also captures some your colleagues who
may be transitioning to this new process for sharing company updates.
SharePoint News Will Shift Your
Communication for the Better
Embracing the capabilities in SharePoint news instead of traditional emails to share
company updates will enrich your news posts, drive more engagement with the updates,
allow for better targeting of your messaging across the company, and empower more
people in your organization to share their updates. It will inherently shift the way many
companies are communicating with the benefit of greater productivity.
Resources
Create and share your news on SharePoint sites
Create an organization news site

How to Share Org-Wide Communication
in Microsoft 365
７ Note
Org-wide communication supports employees’ understanding of the organization,

sharing timely updates, creating the company culture, driving employee engagement,
sending crisis communications, and creating opportunities for discussion, innovation,
and feedback. Relying on one communication channel - typically email - to get all these
different messages across risks losing your audience to the deluge of emails in their
inbox and reduced employee engagement. Within Microsoft 365, organizations have
many communications channels to choose from (email, Teams, Yammer, SharePoint),
and the best solution in each case will ultimately depend on:
Company culture
Company size
Audience
Persistence of the message
Intent of communication
Integration across Microsoft 365
The goal is to share the right information to the right people at the right time.
Company Culture
The information a company chooses to circulate, and the way this information is shared
greatly impacts the company culture. The core values and mission of your company
should be taken into consideration as you determine the best solution for sharing
different types of information.
Open Communication
In a company that values transparency, updates come from multiple levels of the
organization, and the focus is on enabling employees to share information
independently.
SharePoint News
Sharing company updates through SharePoint news offers the ability to have many
different contributors (based on Site Owner and Member permissions) across the
organization. Since SharePoint news is a SharePoint page under the covers, you get all
the benefits of a rich layout, ability to embed content from other Microsoft 365 apps,
and discoverability within Microsoft Search.
Each department can share updates through SharePoint news on their own site. The
intranet homepage can have a web part showing all news rolled up from all sites,
increasing the visibility of these essential departmental updates and removing
Corporate Communications or IT as the roadblock to post on the intranet homepage.
Site owners benefit from decentralized content ownership with immediate access to
share updates, and employees benefit from this centralization of updates by having one
trusted place to check on the intranet homepage - just like they had when it was an
email in their inbox. The news can also appear on each site’s homepage providing
different ways to consume the content.
By default, comments are turned on for SharePoint news posts, inviting all employees to
engage with the information which has been shared. Comments are connected to the
page itself, eliminating the challenges with reply-all threads and aligning all responses in
one location - much more straightforward than navigating multiple emails.
Yammer
Yammer excels at supporting serendipitous connections across your organization and

creating communities for knowledge sharing, special interest groups, or communities of
practice in an informal setting. Yammer communities are self-service and most
successful when run independently by interested parties. In an organization with open
communication, Yammer is an excellent place to socialize, crowd source ideas and
solutions, informally share updates, increase communication between executives and
employees, and break down silos initiating cross-department collaboration.
Restricted Communication
In a company with formalized and restricted internal communications (often in heavily
regulated industries where certain open communications introduce risk), the solutions
for org-wide updates need much greater control over who can contribute.
SharePoint News: Organization News

SharePoint news can support situations where authors must be restricted. The news web
part allows the selection of one site, multiple sites, or all sites associated with a hub, so
you may choose only the sites where there is governance over the communications.
Additionally, you may designate a site as organization news. The organization news site
will have a signifier in the site title - it appears in a highlighted box - helping these news
posts to stand out as different visually.
Dynamic Distribution Groups

Dynamic distribution groups are mail-enabled Active Directory groups where the
membership list is calculated each time a message is sent. These groups can replace
your current company-wide email distribution list (which is typically manually
maintained as employees join or leave the company). The dynamic distribution group
can be created with a set of rules to control membership, and, most importantly,
moderators may be added to control who can send messages to this list. Dynamic
distribution groups support top-down communication and remove the ability for
employees to reply-all and clog inboxes. Using a dynamic distribution group to email
org-wide communications is the traditional method for sharing updates (with the added
benefit of a dynamically updated distribution list), which may work best with
organizations that have not launched an intranet.
Company Size
What works for sharing information at a company of 6 may not be scalable for a
company of 30,000.
Small to Mid-Sized Companies

At a smaller company, you likely know every person that works there, and you
understand their role in the organization. With fewer people, there is typically a lower
volume of communication to keep up with. Your organization may not need a list of
different communication channels to ensure the information is received, and employees
feel comfortable sharing their feedback. Company updates via email can be sustainable
at this size. Building better practices to centralize information in your intranet and
sharing updates through SharePoint news can pay off greatly for an organization
expecting growth.
Org-Wide Team
Within Microsoft Teams you can make an org-wide team that supports up to 10,000
members. The org-wide team members will be automatically added and removed as
individuals join or leave the company, like the dynamic distribution groups. While Teams
are meant for collaboration, smaller organizations may find it useful to collaborate and
communicate in the same place. Company updates may be shared in the associated
SharePoint site and added as a tab to the org-wide Team or added as a connector, so
the news posts appear in channels, notifying Teams members.
The persistent chat in channels supports threads allowing employees to dive deeper into
conversations around the company updates in one place. It is possible to link to these
threads, share a thread in Outlook, and save a thread for later (which you can access in
your Delve profile ). One of these company updates may prompt an action item. An
employee can quickly grab the link to the thread, navigate to a different team, and post
in that channel about the next steps. For companies small enough to sustain
communication and collaboration on work in one place, using an org-wide Team can
reduce the friction between receiving company updates to acting on them.
Notification settings in Teams are available for the app, but not each Team. Be aware
that these notifications are most useful when signifying to an employee there are action
items to be completed in another Team related to getting work done. An overload of
notifications in Teams will recreate the signal to noise ratio problem in email where
there is no differentiation of something to be consumed versus something to be done.
Large Company
At a larger company, you likely know your team and a small subset of the rest of the
organization. New names are appearing in emails and your intranet daily without the
context of who-does-what. Having all communications across the company in one
channel (email) is incredibly overwhelming and could consume hours. There is a great
benefit for larger organizations to divide their company updates between the intranet
(and potentially also sent via email), collaboration to Teams, and social to Yammer to
allow employees to focus on the tasks at hand. A typical morning may start with an
employee navigating to the intranet to see the company news, then shifting to email
and Teams to see action items to complete (which often appear within To Do or
Planner ). As timely work is completed, an employee may then navigate to Yammer to
engage socially with colleagues, share knowledge, or engage in a special interest group.
Audience
One of the most significant benefits of multiple communication channels is the ability to
have a variety of audiences. Sending an email to the entire global company about
region-specific Human Resources information adds noise to inboxes for employees
outside that region and wastes employees’ time as they try to determine how this
message applies to them. In the worst-case scenarios, the noise can become so loud
employees stop trying to stay up to date on information and assume the critical
messages will escalate enough to reach them.
Yammer, email, Teams, and SharePoint news (with audience targeting ) all support the
ability to create different sets of people to target your communications better. Yammer,
as an enterprise social network, is a natural place to connect with people outside your
day-to-day teammates. Email can be targeted to one person or a variety of email
distribution lists. Teams supports collaboration on work, which is a known set of
individuals. SharePoint news audiences can range from a smaller group when connected
to a team site or the whole company when connected to a communication site.
Managing Audience
Once you identify who your message needs to reach, it is essential also to consider who
can control the membership to this audience. Employees have access to create
communities within Yammer. Many organizations allow self-service creation of Teams or
SharePoint sites. Email distribution lists require IT (or other internal) support. If your
audience is informal or dynamic and driven by employees, the self-service options will
provide your communicators with the quickest path to sharing the right information to
the right group. If the audience is company-wide or more formal, having IT (or other
internal support) manage the membership puts controls in place and can help you
formalize the process of adding or removing members. Consider the urgency in adding
or removing members and what delays this may cause. For org-wide communication,
dynamic distribution groups strike a balance between IT control and immediate updates
as the organization’s members change over time.
Persistence of Message
Each communication channel has a different lifespan for messages. Yammer threads last
relatively long while Teams chat is meant for quick conversations to keep collaboration
moving forward. Emails are only accessible to current employees, while SharePoint news
supports new employees accessing previous updates. Companies may have limited
retention policies deleting emails after a specific amount of time has passed. SharePoint
news’ connection to the intranet gives it the longest lifespan of all the communication
channels, as it is centered where employees frequently search for information and
content to support their day-to-day work. SharePoint news also provides access for
future employees to see historical company updates, speeding up their onboarding as
they better understand the organization.
Intent of Communication
Org-wide communication can have a variety of intents from an update on the business
to a call-to-action for involvement in a project or a fun social engagement between
colleagues. Each communication channel supports a different context of working, which
should be used to support your message.
The ability for all employees to informally post makes Yammer an excellent place to
source knowledge, share ideas, and engage with leadership. Employees can participate
in these threads creating strong two-way communication. Most Yammer communities
are open to the whole organization improving the discoverability of content.
Your colleagues are actively working and solving problems within Teams. Sharing project
updates, action items, or discussing deliverables makes sense in this context of getting
work done. Employees can engage in threads to clarify, discuss further, and come to
decisions for the next steps.
SharePoint news supports more formal updates from a small number of authors to a
broader audience, which is typically informative with no action items. The level of
engagement is lower as people share reactions to the news shared in the comments and
are not expanding the conversation.
Org-wide emails for a company update support urgent and timely messaging as most
employees are in their inboxes all day. Emails are a good way to share one-way
information where reactions, comments, or further discussion does not need to be
captured. Email can also be a second way to share a SharePoint news post. This allows
for rapid content updates and amendments within the news post as you receive
feedback or additional questions.
Integration Across Microsoft 365

Sharing org-wide information in one place might not be enough to support your
message and amplify the visibility. The current adoption of the communication channel
and company goals may influence how many places your message needs to appear for
the correct level of engagement.
Yammer has a SharePoint web part and can be added as a tab in Teams. Embedding
Yammer on your intranet homepage prioritizes social connection and removes friction
for employees navigating to another app. Similarly, adding Yammer to Teams supports
moving social conversations outside of channels meant for collaboration while keeping
it easy to engage in another communication channel. Yammer notification settings can
be customized to send employees emails for messages they missed.
Teams does not have a SharePoint web part, and channel conversations do not appear
anywhere else in SharePoint. If a small to mid-sized organization chooses to use an org-
wide Team to replace Yammer for social interaction, there is no out of the box way to
embed this in your intranet. This risks decreased engagement as employees adjust to
sharing in a new platform. SharePoint Team Sites add a helpful link in the left navigation
to Teams when a Team is first connected, which can help employees understand the
connection with the SharePoint site. The files tab you see in Teams is the SharePoint
document library, and there is a link here as well to navigate to the SharePoint site.
Teams notification settings can also be customized to send employees emails for
messages they missed.
Email appears in Outlook and the Outlook web application only. Individual emails can be
sent to the Microsoft 365 Group that is connected to a Team. There are also email
addresses for each channel within a Team. Individual emails may also be sent to Yammer
communities, which also have a Microsoft 365 Group email address. Emails can be saved
as a PDF to be added to SharePoint pages, or the content can be copied and pasted,
though it is most effective to start org-wide communication as a SharePoint news post
first and then email the news post to appropriate parts of the company.
Conclusion
To make your org-wide communications more effective, engaging, and actionable,
consider the best Microsoft 365 communication channel to support your needs.
Evaluating the impacts of your company culture, size, and audience, the persistence of
the message, the intent of the communication, and necessary integration across
Microsoft 365 will help you navigate what to use when. What works for a small,
transparent company will not work for a large, regulated global company. The variety of
options ensures you will find a communication channel within Microsoft 365 that is a
close fit for your needs.
Resources
The Evolution of Company-wide Email Communication to SharePoint News
Which is better for collaboration – Yammer or Microsoft Teams?

Team Site vs. Communication Site:
Which one should I choose?
７ Note
Choosing between a team site and a communication site should start with your
intent and desired business outcomes. Though there are nuances to explore, at the most
basic, think about these two use cases:
Connect, Collaborate, Create: When you want to create a place where the
members of a work group or project team can collaborate on project deliverables,
plan an event, track status, or exchange ideas, you want a Team Site. In a Team
Site, all members are content authors where we jointly create and edit content.
Think of team sites as a place where work gets done. My project team needs a
place to collaboratively work on deliverables. Even though we have individual
assignments, we are collectively collaborating to create one or more assets. Our
project team needs a Team Site.
Showcase, Share, Story: When you want to "broadcast" a message, tell a story,
share content for viewing (but not editing) to a large audience or the entire
organization, or showcase services or people, you want a Communication Site. In a
Communication Site, there will most often be a small number of content authors
and a much larger number of content readers or consumers. Think about your
corporate intranet. Even if you have collaborative parts of the intranet, the primary
purpose of your intranet is to communicate a story such as corporate news or
showcase services and information such as your benefits and policies. Your intranet
sites are examples of Communication Sites.
When should I create a team site?

Create a team site for each discrete group of people or unit of work.
If you are a long-time user of SharePoint, you might be thinking that "team site equals
sub-site." Resist the temptation to create team sites as sub-sites! Many governance
decisions (for example, the ability to share content outside the organization and who
has permission to invite new members to the team) are scoped to the site collection.
For the most flexibility both today and in the future, each team should get their own site
collection – which is exactly what happens when you create an Microsoft 365 Group
or a team site from the SharePoint start page, assuming that your organization has
enabled "self-service" site creation. When you provision a new Microsoft Teams or
team site in Microsoft 365, you will get a new site collection in your tenant.
If you are doing this right, you will have a lot of team sites. Why? Because you have a lot
of projects and work teams – and each one of your projects or work teams will likely
have different access and information management requirements. Even if the same work
team works on lots of projects, you should still provision a unique team site for each
unique project.
Collaborating with people outside the organization? Create a team site for each
customer or partner.
Keeping in mind that many governance and security boundaries are scoped to the site
collection, create a new team site for each of your different customers or partners if
you have an extranet environment. This will ensure that Customer or Partner A doesn't
accidentally "see" any content or information from Customer or Partner B. By default,
team sites are enabled with external sharing turned on. This can be changed by the
SharePoint administrator in the Admin Center.
Each member has the same permissions.
While your team site will have one or more Owners, typically every Member of the team
has the same privileges in the site.
The SharePoint start page brings your team sites together
Don't panic about how your users will possibly keep track of all of these team sites –
because the SharePoint start page has got your back!
The SharePoint start page in Microsoft 365 brings together, for each individual
person, news from all of the team sites in which they are a member (and sites they are
following), sites they visit frequently, and other news suggested by the Microsoft Graph.
It also shows the most recent activity in the sites each person visits frequently.
Examples of team site scenarios.
Project team working together to complete deliverables and manage tasks.

Holiday party planning committee planning the annual get-together. If you have
work locations in multiple geographies, you may have many holiday party
committees and each party committee team site might be in a different language.
Human Resources team members – everyone who works in HR.
Executive Committee – different leadership groups within the organization.
Extranet site to work with Partner A.
A different extranet site to work with Partner B.
When should I create a communication site?

Create a communication site to showcase, share, or tell a story.
Here's a way to think about the difference between a team site and a communication
site. A team site is where the sausage is made – it's behind the counter and typically
private. A communication site is where the sausage is sold – where it's visible to all our
"customers" and where they come to buy our sausage. Typically, our customers don't
want to know how we make the sausage (or how many times we had to edit that
document to get it "ready to share"). They just want to get the finished product.
Communication sites have two distinct user personas.
Most often, a communication site has a small number of people with permission to
author content and many people who only have permission to read content. Team sites
use Microsoft 365 Groups for permissions. Communication sites use SharePoint groups.
Think about your team sites as where you collaborate and your communication sites as
where you communicate**.**
As an example, consider your Human Resources (HR) department. Typically, HR will have
at least one team site where the members of the HR team can work on defining a new
benefits program or crafting the announcement about an organizational restructuring.
During the process of creation, the HR team works privately on a team site open just to
the members of HR (or individual "friends of HR" who contribute to one or more specific
documents). Once all the back and forth about the message or document or program is
complete, the HR team is ready to share the information with the rest of the company.
When they are ready to share, the HR team moves the document to or writes the story
in a communication site that is open to the entire organization. They use a
communication site to share "team to organization" or "organization to employees"
information. While in some cases they may solicit feedback on the information shared in
their communication site (for example, with comments on the page), the content itself is
typically editable only by a small number of authorized users.
Examples of communication site scenarios.
"Official" corporate news.

HR team communicating benefits and compensation information.
Travel team publishing guidelines about corporate travel.
Policies and procedures.
Feature Comparison
Feature Team Site Communication Site
Who Site Owner (or Admins) Site Owner (or Admins)

creates the
site?
Who All members are content authors who jointly create and Small number of
creates edit content. content authors and a
content? much larger number of
content readers or
consumers.
Security Microsoft 365 Groups SharePoint Groups
Default External Sharing Enabled (but can be disabled by the External Sharing
Setting for SharePoint Admin) Disabled (but can be
External enabled by the
Sharing SharePoint Admin)
Navigation Left Top
Multilingual Yes Yes

features?
When you Planner board, OneNote notebook, Email address for NOTHING but a
create, you the group, Shared Calendar, shared mailbox, SharePoint
ALSO get … opportunity to connect with a Microsoft Team (if the site communication site!
wasn't created as part of provisioning a Microsoft
Teams)
Principal author: Susan Hanley, MVP

List columns or Site columns: Which one
to choose?
７ Note
We have two (2) types of columns in SharePoint:
List columns
Site columns
One is created at the list/library level (list columns), and the other one at the site level
(site columns).
From a functionality perspective, they do the exact same thing. From a reusability
perspective, not so much.
List columns
If we take the example of SharePoint Online, we can now create a column in a list or
document library very easily. Hover between 2 columns, click on the "+" sign, and
create your column.
But by doing that, the column will only be created at the list/library level, and therefore,
be of type List column.
What does list column mean?

It means that your column will only be available to that particular list/library, and not
outside that boundary. If you wish to use that column outside of that list/library, you will
have to recreate it at the new location.
Which brings us to Site columns!
Site columns
As we've seen above, list columns are easy to create, but live in a "container" which is
the list/library you create(d) it within.
Site columns on the other hand, are created at the site level, and available to reuse from
the site they're created in (as the starting point).
What does site column mean?

Well, this means that if you create a site column at the root of your site collection, the
column will be available throughout the entire site collection.
If you create a site column at the subsite level, this column will only be available for the
subsite itself, and every other subsite(s) underneath. But not above.
Site columns are "shared" between sites, but only hierarchically.
So which one should you choose?

If you're sure that the column will only need to be used/created in a particular list or
library, then a list column is easy and quick.
If you're looking for reusability across list/library boundaries, then create a site column.
To be Search aware, another aspect to consider in your decision is, whether you are
going to use Search to find existing content in the created column or, additionally, use
the column in Search queries to find content.
Creating a site column will create a Search managed property (MP) automatically which
you can use to Search for content. While with a list column it won't create a MP, but you
will still be able to Search for column contents.
Say that site column is MySiteColumn of type single line of text. After you add content
to it, a new MP will be created with name MySiteColumnOWSTEXT (How site columns
become managed properties) which you can use to retrieve content in a Search query,
like for example:
MySiteColumnOWSTEXT:contoso
This would return only items which column MySiteColumn contains "contoso".
However, if you opt to create a list column you can accomplish the same later. The only
difference is that with site column it will be done automatically whereas with list column
you will have to go through extra steps which involves among others, creating a new
custom MP.
Changing Microsoft Teams from Private
to Public, what to expect in SharePoint?
７ Note
Privacy settings
As you may already know, when creating a Microsoft Teams , you can choose the
privacy settings to be:
Private
Public
Org-wide
Private means only the members added will be able to join the Teams, while Public
means that anyone with the link to the Teams can join the fun.
Org-wide is pretty self
explanatory :simple_smile:
Relationship with SharePoint Online

Creating a Microsoft Teams will automatically provision/create a SharePoint site. And the
privacy settings you've chosen (above) should be respected.
This means that if you've chosen your Team to be Private, added a few members, then
the SharePoint site will only allow access to those members.
If you navigate to the site, click on the "number" of members on the top right corner of
the page, you should see the Group membership, which is whoever you've added when
creating the Team.
And Site Permissions should look like this:
Change privacy from Private to Public

Let's change the privacy settings to Public (Your Team -> ellipses -> Edit Team), and go
back to SharePoint. Can you spot what changed?
At the first glance, not much to be honest 😐
The Group membership is still the same, BUT if you have a look at the Site permissions,
there's something new!
The "Everyone except external users" group just got added automatically.
What does this mean?

This means that if a user (with the correct licences) knows the site URL, she/he can access
the content, and will have Edit permissions.
If the user clicks on the "Conversations" tab in SharePoint, she/he is also part of the
Office 365 group fun.
As for Teams, when the user opens the desktop app or browser version, clicks on Join or
create a Team on the bottom left corner, the public team is showing up, and the user
can join.
Changing the privacy settings should be thoughtfully decided, because Public means
Public!
Note: Joining a public Team doesn't require any approval. Therefore, the user(s) will
automatically become Members in Teams and in SharePoint.

A Guided Tour Designed to Help You
Select an Effective Navigation Strategy
７ Note
Modern navigation in SharePoint Online can be tricky. There are many different native
options provided by Microsoft. Let's take a look at what's available and discuss some
more robust alternatives.
Site Type
A modern site is either a team site or a communication site. Each has its own options for
navigation. If you're not sure what type of site to create, check out Teams Site vs.
Communication Site: Which one should I choose? for guidance.
Team Site Navigation Notes

Top link bar customizable via ~siteUrl/_layouts/15/topnav.aspx
Hidden from the UI team site connected to an Office 365 Group
Left navigation supports up to 2 levels
Header can be standard or compact
Communication Site Navigation Notes

Page at ~sitecollection/_layouts/15/topnav.aspx has no effect
Top navigation supports up to 3 levels
Top navigation can be configured as cascading drop-downs or as a mega menu
No left navigation
Header can be standard or compact
Site Header
The header is one of the places where you'll see your navigation elements, so let's
briefly take a look at the options available to configure the header.
The modern header has two states: standard (default) and compact. The difference
between the two is minimal, but sometimes a little bit of space can have a significant
impact.
Header Options
Team Site with a Standard Header

Team Site with a Compact Header
Communication Site with a Standard Header
Communication Site with a Compact Header

Top Link Bar (applies only to Team sites)
Top Link Bar Application Page

Navigate to the Top Link Bar page (/_layouts/15/topnav.aspx) in your Team Site's
settings. You can add a single level of links that will appear above the site logo in the
header area.
Note - In a team site connected to an Office 365 group you will not see the "Top link
bar" option in the "Look and Feel" section of the Site Settings page. However, you can
still get to it using the URL above and it will still work.
Team Site with a Standard Header and the Top Link Bar
Team Site with a Compact Header and the Top Link Bar
Site Navigation (applies only to

Communication sites)
Communication sites offer the following options for navigation:
Cascading
Mega Menu
Communication Site with a Standard Header and
Cascading Navigation
Communication Site with a Standard Header and Mega

Menu Navigation
Communication Site with a Compact Header and
Cascading Navigation
Communication Site with a Compact Header and Mega

Menu Navigation
Principal author: Eric Skaggs
Auto Apply Retention Labels in Office
365 Using Content Types and Metadata
７ Note
I think we all agree automating as much retention as possible is a good thing. The less
we have to rely on information workers to manually apply a retention label, the better.
The information architecture you've diligently defined in your tenant can now be
leveraged using auto-apply conditions to automatically set a Purview retention label.
Microsoft continues to publish new machine learning trainable classifiers to help

with the growing amount of corporate "dark data" (not within a well-defined
information architecture). This will apply out-of-the-box and custom classifiers to
intelligently apply retention across your tenant by classifying content based on
meaning and context. These will not be covered in this post.
Licensing... the capability to auto-apply labels described in this post requires a license
for each user who has permissions to edit content that's been automatically labeled in a
site. Users who simply have read-only access do not require a license:
Microsoft 365 E5/A5/G5

Microsoft 365 E5/A5/G5/F5 Compliance and F5 Security & Compliance
Microsoft 365 E5/A5/F5/G5 Information Protection and Governance
Office 365 E5/A5/G5
Retention labels can currently be auto-applied based on 4 conditions:
apply label to content containing a sensitive information type (both out-of-the-box

and custom)
apply label to content containing keywords, phrases, or properties (i.e., content
types and metadata)
apply label to content matching a trainable classifier
apply label to cloud attachments shared in Exchange and Teams (new)
This post describes the second option above to demonstrate the auto-apply behavior
across several column data types and content types in SharePoint. Due to the fact that
the retention label isn't applied immediately (controlled by a back-end process that may
take up to 7 days to apply the label), this is not a quick test to do. I've spent the time
testing this, so I'm sharing the results and learning with you! Please refer to the
'Important things to know' section at the end of this post for some key takeaways on
this functionality. I will update the takeaways as I learn more.
Apply a Retention Label based on a Content Type

Content type called Contract document has been added to a document library. Retention
label called Contract has been created and auto-applied based on the Keyword Query
Language (KQL) condition below:
ContentType:'Contract document'
The result? Within a week, the Contract retention label was applied to all documents
with the content type of Contract document on all SharePoint sites the retention label
was published to.
Apply a Retention Label based on a Choice Metadata column

A choice metadata column, ContractType, has been added to a library. I want to use one
of the choice values to set a retention label. The auto-generated managed property
from the search schema cannot be used in the auto-apply condition. You must manually
map the crawled property to a RefinableString property between 00 and 99 (this
Refinable property is pre-built by Microsoft and has all of the correct settings to use it as
a condition in an auto-apply policy). For this example, I've mapped the crawled property
generated for metadata column, ContractType, to RefinableString00. Retention label
called Hardware has been created and auto-applied based on the condition below:
RefinableString00:Hardware
The result? Within a week, the Hardware retention label applied to all documents with a
choice value of 'Hardware' on the ContractType metadata column on all SharePoint sites
the retention label was published to.
Apply a Retention Label on a compound condition
What about combining conditions? You can do this too! This test combined a content
type name of Contract document with a choice value of Software. A retention label called
Software has been created and auto-applied based on the condition below:
ContentType:'Contract document' AND RefinableString00:Software

The result? Within a week, the Software retention label applied to all documents with a
content type of Contract document and a choice value of 'Software' on the ContractType
metadata column on all SharePoint sites the retention label was published to.
Apply a Retention Label on a Date column <= Today

Can you include date logic in the condition? Yes. I have added an optional date column,
DateExpired, to a library and want to apply the retention label once a date has been
entered and is today or in the past. To filter on a date column, you must map it's crawled
property to a RefinableDate column (it's queryable), so in this case I mapped it to
RefinableDate01. A retention label called Expired Contract has been created and auto-
applied based on the condition below:
RefinableDate01<=TODAY
The result? Within a week, the Expired Contract retention label applied to all documents
when a date either equal to today or in the past has been entered into the DateExpired
metadata column on all SharePoint sites the retention label was published to. Note: if a
date isn't entered in the column OR a future date is entered in the column, a retention
label is not applied.
Important things to know

Here are some important things to understand:
1. The back-end process to apply the retention label can currently take up to 7 days.
If it is your expectation that the label will be updated soon after the metadata or
content type is updated, this is incorrect.
2. If a retention label is already applied on a document, the auto-apply process will
NEVER override/replace the label even if an auto-apply condition is met. Example:
if you set the column Contract Type to Software and this auto-applied a label called
'Software', and then you subsequently change the Contract Type to Hardware, the
label will not change to 'Hardware' if you had an auto-apply condition set to that
condition. The original label, Software, would remain.
3. The columns filled in when the label is auto-applied are: Retention label, Retention
label applied, and Label setting. The Label applied by is filled in with System
Account.
4. You can manually remove an automatically-applied retention label by editing the
properties (except if the label is a record label, then only a site collection admin
can remove it. If the label is a regulatory record label, it cannot be removed). If you
remove the retention label, the next time the back-end process runs, it will re-
assess the document based on the auto-apply conditions and, if met, re-apply the
correct label.
5. A simple way to test your conditions before creating your label policies is to enter
the query directly into the Microsoft Search box thru the SharePoint UI. It will return
the same results.
6. Although I've seen other posts where an auto-apply condition was based on a
managed metadata term value, my testing only shows success when the managed
metadata term set is from the tenant-level term store defined in the SharePoint
Admin Center.
Principal author: Joanne Klein, MVP

Can Machine Learning be used to assign
managed metadata attributes for items?
７ Note
Metadata adoption is tough. With the introduction of Machine Learning into the
SharePoint ecosystem, Administrators and System Architects are asking if it can be
leveraged to reduce our dependency on Users to assign metadata. This article shares
the results of an exploration into the technical capabilities of Machine Learning as it
relates to SharePoint Managed Metadata.
Basic Idea
Managed metadata is used to apply structure to unstructured data. It adds information
about the properties of items and their relationships to each other and to the business.
This information is usually not immediately available or easy to parse from the ‘human’
version of the item. Managed metadata must be accurate and trustworthy, as it drives
find-ability, workflow, data governance and lifecycle activities.
Machine learning uses algorithms to build a mathematical model based on sample data,
known as "training data”. It uses that model to make predictions or decisions without
being explicitly programmed to perform the task.
In machine learning systems, metadata is often used as criteria in the algorithms.

Machine learning, therefore, uses a foundation of managed metadata to work.
Unsupervised Learning techniques and Active Learning algorithms (outlined in the detail
section of this article) may be applicable to informal folksonomy tagging. However, due
to the need for accurate selections, It is not a solution for assigning the more formal and
authoritative managed metadata.
Machine learning is an emerging service where much advancement and evolution are
expected over the next few years.
The Details
Metadata Schema
Your Schema is your metadata organization model, it is the language of your business. It
is the lists and terms needed, what you’ll call them, their hierarchy and what the options
are. The Schema allows you to identify relationships between an item and the
organization.
Our Managed Metadata Schema allows us to describe how these entities are connected,
and to define their properties. It is a map of the business that gets applied to
information, so people know the context of what they’re looking at.
Machine Learning / AI
A metadata schema is a foundation for Machine Learning/AI. Without a schema there is
no authoritative structure to your business. Without a schema, machine learning and
other emerging and future systems, processes and software don’t understand the
relationships of things or how they relate to the business.
The Purpose of Metadata

With Managed Metadata, you can “talk to the search engine and to your Users. You can
tell them a lot about what the piece of content/item/file/data is about. This provides
important context that relates the information to the business. People and search
engines grasp it instantly.
Context examples include:
How does this piece of information pertain to my business structure, which

divisions or business units is it relevant to.
What department, titles or people does it relate to.
Which of my products or customers is it relevant to.
Where in our workflow and processes does this piece of information have
meaning.
And within each of these criteria’s lifecycles; where is the item today.
Extra Detail
Machine Learning (as it relates to managed metadata)

Machine learning algorithms build a mathematical model based on sample data, known
as "training data", in order to make predictions or decisions without being explicitly
programmed to perform the task.
A few machine learning approaches that relate to Metadata:
Supervised learning maps an input to an output based on example input-output

pairs.
The algorithm builds a mathematical model from a set of data that contains
both the inputs and the desired outputs.
Example:
Task to determine whether an image contained a certain object
Training data would include images with and without that object (the input)
Each training image would have a label (the output) designating whether it
contained the object.
Classification algorithms identify which set of categories a new item belongs. They
are used when the outputs are restricted to a limited set of values.
Examples:
Task that filters emails
Input would be an incoming email
Output would be the name of the folder in which to file the email.
Task that identifies spam emails
Output would be the prediction of either "spam" or "not spam"
Unsupervised learning is also known as self-organization, or spontaneous order.

Is a process where some form of overall order arises from mathematical cluster
analysis.
Its primary use is in data analysis
The algorithm builds a mathematical model from a set of data which contains
only inputs and no desired output labels.
Finds structure in the data, like grouping or clustering of data points.
Discovers patterns in the data, and can group the inputs into categories.
Active learning algorithms are a special interactive case of machine learning where
possible results are presented to a human user for selection.
Its most common uses:
Predict choice selections from long lists and present a narrowed-down list to
the user.
Unlabeled data is abundant but manual labeling is expensive—such as
during technical migrations.
May be a useful way to narrow-down long managed metadata selection lists.
Specialized algorithms are mostly experimental today and have not found
standard interpretation.
One such algorithm is Meta learning, where the main goal is to use metadata to
improve the performance of existing algorithms or to invent the learning
algorithm itself.
Summary
People need managed metadata to find, work with, synthesize and make decisions
about or with an item. Systems need it too, as does workflow. This information must be
accurate and is critical to, among other things, effectively manage and administer data.
For example, you have to understand what the item is in order to decide if it should be
retired/archived.
Your Schema is your metadata organization model, it is the language of your business.
The Schema allows you to identify relationships between an item and the organization.
A metadata schema is a foundation for Machine Learning/AI. Without a schema there is
no authoritative structure to your business data.
Businesses should focus on developing a schema that is complete and accurately

represents all aspects of the business. Applying that schema to items with managed
metadata selections is a human-based activity. It may be possible for advanced
techniques in machine learning to reduce the choices of longer selection lists, however
human action is required.
While this article has focused on technical capabilities, the information outlined does
align with statements Microsoft has published about their strategic position for AI. The
following is from their AI product page. (emphasis is mine)
"We believe that, when
designed with people at the center, AI can extend your capabilities, free you up for more
creative and strategic endeavors, and help you or your organization achieve more."
Principal author: Beth Hall

Designing your solution for scale
７ Note
Introduction
This article refers to design considerations of scaling your solutions, for example, in this
scenario - you have built your solution and tested on a site or library, you have demoed
to your boss, they are very happy and then he goes "Hey now, great solution, can you
get this out to 1,000 sites please?"
The requirement has changed - to note, it is best to ask this question early. So you can
plan for this and determine what kinds of points do you think about, when building your
solution on this scale.
To note, SharePoint Online supports 2,000,000 site collections (Nov 19) to give you
context to how large implementations can in theory support.
You now have your solution, so lets go through the kind of aspects of the solution you
should consider, to see if you need to make amendments, or think about its design.
Centralised, Decentralisation or Both

First question to ask yourself, do you need to deploy this solution 1,000 times or can
you place a navigation link on 1000 sites referring to a single location? The decision on
your approach can be determined by the following points:
Initial deployment, where do my assets live? How many times do I need to repeat
the steps for deployment? The approach depends variances for each department
or instance for example, can you get away with a settings file instead?
Maintainability, as changes occur, you may need to repeat deployment?
Security, is there a solid reason to keep the solution separate?
Technical limits of the product, will SharePoint allow you to centralise?
Centralisation
Centralisation refers to a single point in which assets and solution is referred to.
For example, if you have a JavaScript based solution, consider locating the files into one
place, not near the instance but somewhere within you farm or tenant that is readable
to all. Changes to the central point reflect on all areas of usage.
A scenario where this may apply e.g. if you have 1 Intranet each with 1000+ pages
within. You deploy once rather than all 1000 times.
Partial Centralisation
Partial centralisation is an option too, not all solutions can be centralised so look at the
components of your design and see what can be centralised.
A scenario where this may apply e.g. if you have 10 departments each with 100 sites
within. You deploy 10 times rather than all 1000. Ideally, getting this number down will
make your life easier - the less "copies" of your solution the better.
Decentralisation
Decentralised solutions can only be deployed one to one with their instance. In this
scenario, you deploy 1000 times.
The goals change to reduce the implementation steps and how can I make this easier to
deploy. Should I consider a scripted deployment?when considering you approach, is the
effort of learning how to script deployment vs the actual deployment time.
When designing for scale you will need to consider how this affects information
architecture approach.
With large scale deployments, there are several factors to consider:
Naming convention
Clear naming of SharePoint artefacts provide context to the user that is visiting the site,
library and metadata they are expected to complete.
There is a separate article coming soon for naming conventions.
Columns and Content Types

What level do you define columns and content types e.g. list, web, site, enterprise. The
goal should be to keep things simple and use inheritance where possible. Although,
modern SharePoint makes it very easy to break from this model.
There is a great article about the types of column: List column or Site Column - Which
one to choose
Sites
How you structure your sites, does your solution require lots of subsites? Typically,
Microsoft is driving a flat architectural model and you should consider using multiple
site collections grouped locally by hub sites.
There is more detail on site typology in this article: Information architecture - site
topology
Security
Security should always be an important consideration in any solution, no matter how
complex or how quick solutions is built.
Understand who can access your data - ask yourself does this data contain any personal
information? Is the data business critical or sensitive?
In SharePoint, there are three main models of security, one for users, SharePoint security
groups and active directory groups.
This will go into more detail in a later article.
Multiple Environments
Multiple environments such as separate site collection, web application (on-premises) or
tenant add a layer of protection for solution builders to ensure their solution works as
expected. The number of environments is up to you, consider these factors in
determining if A, you need a separate environment or B, if you do - how many.
Does your solution need to involve training users? Ideally having a separate
environment to contain the "test" data that will be introduced during these. Filling
up production with test data, may reduce search effectiveness if the test content
contains enough keywords in be prominent in the results.
Development isolation from live data. In development, certain aspects maybe
required elevated permissions to setup or create the solution. You may outsource
the development to a 3rd party in which you want to limit the access to the data in
the tenant. I always recommend a developer tenant where possible, they can be
obtained easily from Microsoft 365 Developer Program if a developer inadvertently
causes problems in the tenant, it is contained away from production.
Do you need a UAT or test environment? Allowing the business owners or

stakeholders to review the work and play with it. This ideally should be a almost
realistic version of production with similar configuration, this will allow you to
assess solution impact, test any downtime and your deployment strategies.
The number of environments is up to you, there are additional overheads with having
multiple tenants but if you weigh up the cost for your organisation against an incident
on production it will be worth the effort.
Maintainability
Maintainability refers to the ease of making changes to your app, updates or cleanup
aspects of your solution - how easy this is to achieve.
Consider your solution - you have deployed to 1000 sites and you boss goes, "Great
app, but can you add a column to each list, I really need this." You now need to figure
out updates to each of the 1000 sites.
Manual vs Deployment
Deployment strategy is worth planning ahead of rollout of your new features, there are
a number of factors to consider, in larger scale implementations:
Are you going to click 1000 times with a 10 step process or weigh up the effort to
learn PowerShell script to automate this. Personally, I consider the PowerShell route
if a process goes beyond a few steps or if I get a sense the deployment will be
repeated multiple times.
Not all requirements are correctly articulated by the business or interpreted by the
implementer which introduces change to the scope or what features are deployed,
especially after the first deployment.
Introduce test environments and UAT to validate the requirements have been met.
Measure the time it takes to deploy your solution in a single location, then
estimate the total time for the number of times you would repeat the same steps.
Outage, will the solution be disruptive to staff or users, is out of hours deployment
required?
Manual
If you prefer manual, there are some ways to reduce time to manually deploy your
solution. Such as:
Choose the centralisation approach, as mentioned above, is there a way to setup

your solution to be deployed from one location.
Know your URLs, such as _layout/15/XX links to settings, site contents, for manual
deployments aim to jump directly to the page where the setting occurs, avoid
navigating through SharePoint, extra clicks will slow you down.
Keep a log of your progress, so for very large implementations, you can pause and
come back, refer to a list of how much of the deployment you have done - this can
also serve as your checklist if you have a multi-step deployment.
Script
For scripting, I highly recommend looking into PnP PowerShell library, there a lot of
cmdlets design to work online and on-premises, there is plenty of blogs, examples or
community members that can help you to get you started.
Please refer to this article for more detail Benefits of using PowerShell with SharePoint
Site Designs
Now there is Site Designs feature in SharePoint Online, which opens up a new way to
deploy features. These can create libraries, set permissions, branding and headings in
Modern interfaces and call Flows containing more advanced scenarios.
Further Reading
Many related articles are in the works to go into each section in more detail. Watch here
for updates.

Should I store my files in Microsoft
Teams or in SharePoint? An
understanding of behind the scenes
７ Note
To use a product efficiently, it's important to understand a minimum about it. What it
does, what can you do with it, what are the limitations, etc.
Microsoft Teams is the hub for teamwork. It allows for collaboration, chat, calls,
meetings, and so much more!
SharePoint Online is primarily a document
management and intranet platform where you store, collaborate, and share information
seamlessly across the organization, and is also part of Microsoft 365.
Note the key word here being collaboration. So it's no surprise that they would interact
with each other in some way.
What's the relationship between the two?

Every time you create a new Team, the following are also created in the background:
Microsoft 365 Group (ex Office 365 Group)

SharePoint Online site
Exchange Online shared mailbox & calendar
OneNote notebook
Other services like Power BI, Planner.
As you can see above, a site is created to store your documents. Meaning that each time
you share files in a Team, they are stored in the associated site in SharePoint! Not in
Microsoft Teams.
Note: Files shared in private chats will be stored in the sender's OneDrive for Business.
But where are my files exactly?

The exact location depends on which Team channel you share(d) them in. By default,
there's a General channel (which can't be deleted), and the files shared in this channel
will be stored in the SharePoint site, in the Documents library, within the General folder.
If you create a Team channel called "Project A", files shared in this channel will be stored
in SharePoint under the folder called "Project A", and so on...
This applies to 'Standard' channels. Private channels have a different architecture which
consists in having a separate site with different permissions from the Team. More
information is available on the official Microsoft documentation: Private Channels in
Microsoft Teams.
Terminology is also important. A channel name in Microsoft Teams will have the same
folder name in the associated SharePoint site under the 'Documents' library.
How do I access my files?

There are different ways to access your files. Within Microsoft Teams, or via SharePoint
Online. All depends on which interface you feel the most comfortable with. Of course, if
you need to do more with your files (i.e.: advanced settings) then you'll need to go into
SharePoint.
Accessing via Microsoft Teams

You can access your files by navigating into the channel,
on the tab at the top called Files. Here, will be listed all the files, folders, and other
documents.
The interface is "almost" similar to SharePoint. At the top, you can create
new files, upload files, download files, etc.
Another way from Microsoft Teams would be to open the associated site directly.
If you
are in the Posts tab of a channel, click on the ellipses (...) on the top right corner under
your profile picture, and select Open in SharePoint. You'll then be redirected to the
folder containing your files/documents.
In case you only want to open a specific file, this is also possible.
This time, navigate to
the Files tab of the channel, click on the ellipses (...) next to the file itself, and select
Open in SharePoint. Although you'd think it would filter the view for only that
document, but unfortunately it doesn't.
Accessing via SharePoint Online

If you feel comfortable in using the SharePoint Online
interface, feel free to go directly to the site. The common URL is structured like this:
https://<tenant-name>.sharepoint.com/sites/<Team-name>/Shared%20Documents/<channel-
name>
The site should also appear in your SharePoint home page, along with all the other sites
you have access to.
Who can access or see my files?

As with all content in Microsoft 365, security trimming applies to these files. Users can
view and search only content they have access to, which is totally respected between
Microsoft Teams and SharePoint Online. Therefore, when you add or remove users from
a Team, their access is also added or removed from the SharePoint site.
Are my changes reflected?

Yes. Wherever you are making changes to files and documents, they are saved. And you
always have the latest version of the document, whether you are in Microsoft Teams or
in SharePoint Online.

Defining a Power Platform Environment
Strategy
What is a Power Platform environment?
７ Note
The Power Platform is Microsoft’s answer to the growing need in business for a way to
build and customize professional-grade business solutions quickly, with the ability to
connect to over 200 data sources including, SharePoint Online, Azure SQL, Twitter and
more.
What type of environments are there?

Environments are containers that administrators can use to manage apps, automation,
connections, and other assets; along with permissions to allow organization users to use
the resources.
There are multiple types of environments. The type indicates the purpose of the
environment and determines its characteristics.
Why is the Default Environment special?

A single default environment is automatically created by Power Apps for each tenant
and shared by all users in that tenant. Whenever a new user signs up for Power Apps,
they're automatically added to the Maker role of the default environment.
The default environment is created in the region closest to the default region of the
Azure AD tenant.
There is specific guidance for the Default environment to call out
because of its unique nature:
It’s automatically created with the first user in the region closest to the Azure AD
tenant
New users that sign up for Power Apps are automatically added to the Maker role
Users are not automatically added to the Environment Admin role
The default environment can’t be deleted, but you can rename it – e.g., Personal
Productivity (do it now, if you haven't!)
Why do I need to define a strategy?

Developing an environment strategy means configuring environments and other layers
of data security (DLP) in a way that supports the productive development in an
organization, while securing and organizing resources.
If you want to follow application lifecycle management (ALM) principles, you'll need
separate environments for app development and production. Although you can perform
basic ALM with only separate development and production environments, it's
recommended that you also maintain at least one test environment that's separate from
your development and production environments.
Environment scenarios
Scenario 1 - The ‘Out of the Box’, default environment.
Scenario 2 - Scenario 1 + Dedicated departmental environments
Scenario 3 - Scenario 2 + Dedicated application environments
Scenario 4 - Multi-Tenant ALM environment separation.
Scenario 1 – Personal Productivity (default environment)
Uses include: Personal Productivity Apps and Flows, Custom SharePoint Lists and Library
forms.
Scenario 2 – Departmental
Uses include: Personal Productivity Apps and Flows, Custom SharePoint Lists and Library
forms and dedicated department environments.
Scenario 3 – Departmental and Application
Uses include: Default environment, dedicated department environments and a

dedicated environment(s) for a single application.
Scenario 4 – Multi-Tenant ALM Approach

Uses include: Separating Power Platform environments across physical tenants. Could be
used to separate Production, Staging and Development environments, or could be used
for geo-location reasons.
Recommendations / Best Practices

Based on successful experience with other customer engagements, below is a list of
additional recommendations that can help make managing environments easier.
Assign your admins the Power Platform service admin or Dynamics 365 service
admin role.
Restrict the creation of net-new trial and production environments to admins
Rename the default environment to ‘Personal Productivity’
Provision a new Production environment for non-personal apps/flows
Define and implement your DLP policies for your environments
When establishing a DLP strategy, you may need multiple environments for the
same department
When establishing your Power Platform environment strategy, based upon your
licensing, you may find that you need to provision environments without a
Dataverse (previously called Common Data Service) database and also use DLP
policies to restrict the user of premium connectors.
Establish a process for requesting access or creation of environments
Dev/Test/Production environments for specific business groups or application
Individual-use environments for Proof of Concepts and training workshops
Use a service account to deploy production solutions
Reduce the number of shared development environments
Share resources with Azure AD Security Groups.
Further Reading
Microsoft documentation
Principal author: Aaron Rendell

Power Automate vs Logic Apps
７ Note
What are these services

Power Automate and Azure Logic Apps are workflow services that can automate your
processes, business, or system and integrate with Microsoft and 3rd party services with
over 300 connectors. These powerful services are designed to get you going quickly,
building the workflow between business services providing that familiarity without
having the steep learning curve.
Power Automate provides a user-friendly and focused experience within Office 365 that
can easily get end-users going once assigned an appropriate license.
Azure Logic Apps provide a user-friendly designer surface similar to Power Automate
with the option to build complex integration solutions, utilise advanced development
tools, DevOps and monitoring, if required.
Both options aim to significantly reduce the effort and quickly build and automate
processes between services, allowing you to focus on higher-value tasks.
Highlight key differences between Logic Apps

and Power Automate
Whilst Power Automate is built on top of Azure Logic Apps, there are differences in
terms of the environments they are used from, e.g. Office 365 and Azure, which provides
unique features and optional methods of construction. Here are some of the following
key differences:
Description Power Automate Logic Apps
Focus End Users and Makers in Office 365 IT Pros, Developers, Admins using Office
365 and Azure Services
Description Power Automate Logic Apps
Licensing Per-User License in Office 365 Consumption-Based or Fixed Pricing Model

Model* via an Azure Subscription
Flow Web-Based Designer, Web and Visual Studio, JSON Definition and Web-
Creation Mobile UI Based Designer
Restricting Data Loss Prevention Azure Policy

Connectors
Error Flow Checker - providing a list of Save Failed - highlighting errors

Handling errors within the Flow
Trigger Types Automated, Instant, Scheduled, UI HTTP (Automated), WebHook, Scheduled,

Flow, Business Process HTTP Call (Manual)
*Check out the license plan details for each of the services, this article only serves as
a guide not pricing information.
For a detailed comparison, check out: Compare Power Automate and Azure Logic Apps
What tools you can use to build each of them

Focusing on the Microsoft options, there are a variety of tools that can be used to create
your Flows within both of the services.
Web-Based Designer tool

Applies to: Power Automate and Logic Apps
Both tools have a rich web-based design tool to author the Flows, connect to services
and monitor their usage. For example, the experience offers:
Design Canvas for adding triggers (what starts your Flow), connectors (the services
you integrate with)
Expression editor for advanced manipulation of input/output values
Flow Checker - these are presented differently but inform you that the Flow you
have created contains an error that needs to be rectified before saving.
History and Connector status - after a Flow run provides useful information to see
what information passed through a Flow
Since both tools have this, learning Power Automate can be easily transferrable to Logic
Apps if your requirements are better suited in the other product.
Power Automate - web based designer
Azure Logic Apps - web based designer
Power Automate flows created before September 2020 can be exported to Logic Apps. If
you are working with the Azure Portal it will require some knowledge of JSON, or for a
friendlier experience using Visual Studio, check out the docs to consider your approach:
Export flows from Power Automate and deploy to Azure Logic Apps
Mobile App
Applies to: Power Automate
For iOS and Android, there is a Power Automate app that can allow you to build Flows,
quickly and control existing Flow settings. The app includes:
a designer surface that will enable you to add and edit actions
create from templates
manage existing flows - if you want to quickly create a Flow on the move
there isn't an expression builder or the ability to add parallel branches.
Visual Studio
Applies to: Logic Apps
Visual Studio is an enterprise grade integrated development environment that allows

you to create cloud, ASP.NET C#, VB, Visual J#, Xamarin projects including Windows API,
Forms, Windows Presentation Foundation apps even classic SharePoint On-Premises
Farm & Sandbox solutions.
Visual Studio supports working with Azure solutions, including Logic Apps, that allows
you to connect to a subscription and provides a logic app editor experience.
For further information on editing Logic apps with Visual Studio, please refer to Manage
logic apps with Visual Studio.
Visual Studio Code

Applies to: Logic Apps
Visual Studio Code is a free and open-source code editor with wide-range support for
programming languages with IntelliSense, extensions to select the tools you work with
extending the functionality of the tool as best fits the project you are working on.
You can install the extension (Azure Logic Apps for Visual Studio Code) from the
Marketplace - Visual Studio Marketplace
Visio
Applies to: Power Automate
Visio Plan 2 offers the feature to create a Business Process Model and Notation (BPMN)
diagrams and export for Power Automate.
For more details of this feature, visit the Power Automate announcement for more
information Export Visio diagrams to Microsoft Flow is now generally available
Getting started and points to consider
Who will create the Flows

When considering Power Automate and Logic Apps, who will create them? Is this
intended for staff to develop on-demand quick flows, or will you this integrate into a
series of backend services, that your ICT service needs to ramp up on?
Learning Power Automate
For users and staff, there is a set of courses on Microsoft Learn training if you want to
know more about building flows to gain more in-depth knowledge about the usage of
the services.
Learning Azure Logic Apps
For ICT or SME users looking to improve their knowledge, there is a set of courses on
Microsoft Learn training if you want to know more about Logic Apps to gain a deeper
understanding about the usage of the services and how they can integrate with a range
of connectors.
Consider the cost of connectors

What services do you intend to connect with?, are they Office 365?, Azure or 3rd Party
API.
This is quite important to work out ahead of time as difference connectors bear a
"Premium" or "Enterprise" (in the case of Logic Apps) which affect the overall cost of
running the workflow in your decision-making process.
You may find that within your Office licenses you already have what you need to start
building Flows with Power Automate - however for Premium connectors, additional
licenses may be required.
For Logic Apps, you can use the Azure Calculator to estimate the cost of your
application. Bear in mind since Logic Apps act as a glue between services, ensure you
include the cost of the services that the Logic Apps connect to, e.g. Azure Resources,
Office 365, third-party APIs.
Security
Security is an essential factor with considering the usage of these services, as these can
connect to a range of 3rd Party sources internally and externally, you may want to
consider implementing a Data Loss Prevention policy or Azure Policy to restrict the
usage of connectors.
In both products, security should always be considered and determine an appropriate

policy for your organization.
Principal author Paul Bullock, MVP
I invite authors with their knowledge on this topic to contribute to this article, sharing
their experience.
So many options
７ Note
There are a crazy number of ways to manage tasks in Microsoft 365, some of which
overlap, while others don’t. Where are all the places we can create tasks?
Why are there so many options?

Microsoft has offered a variety of tools to address different use cases for task
management, from personal to enterprise. They have also created a number of
overlapping user experiences without providing clarity around which tools communicate
with one another, and which do not. This creates a huge amount of confusion for end
users, in knowing what tool to use when and finding a way to see a holistic view of all
their tasks.
The reality is there is no single “best way” to manage tasks, and we are still seeing more
options being added (e.g., Loop), without a real coherent strategy to tie these options
together.
Microsoft Planner
Pros - Planner
The Kanban “task board” is a tried and tested approach that many recognize and
Planner has implemented it well
Planner Tasks integrate well with our views in To Do, Teams, and Outlook
Support for buckets, progress, labels, assignees, dates, priority, sub-tasks,
attachments, comments
Multiple ways to view information (by plan, by bucket, by progress)
Tasks can be assigned to multiple people
Useful filtering to find what you need
Tasks can be copied or moved to other plans
Respects underlying group membership
Support for checklist within a task
Cons - Planner
Has seen some minor updates but nothing significant in quite some time
No consolidation across planner plans
Little to no extensibility or customization beyond out of the box configuration
The API is very poor
Ability to create automation of tasks through Power Automate
Microsoft Lists
Pros - Lists
Can be customized with endless additional metadata that your task list may
require, and it is extremely flexible in terms of layout
The Kanban “task board” is a tried and tested approach that many recognize
Support for attachments, and comments (with @mentions)
Can create multiple ways to view information (by plan, by bucket, by progress, or
any other metadata you create)
Useful filtering to find what you need
Extremely flexible in terms of layout
Respects underlying site/group membership
Ability to centralize tasks across lists with minor customization (using things like
Modern PnP Search web part or Highlighted Content web part)
Ability to create automation of tasks through Power Automate
Cons - Lists
No built-in integration with other applications (e.g., Planner) therefore the
assignment of tasks can easily get lost and end users have no way to see a
holistic view of all their tasks across individual Lists (without additional
configuration)
Sub-tasks are not built-in and could be challenging to implement
Microsoft To Do
Pros - To Do
Provides a consolidated view of Personal Tasks from To Do and Outlook, as well as
Team Tasks from Planner Plans
Allows for the creation of Shared Task Lists outside Planner Plans
Support for lists, categories (web only), hashtags, assignees, dates, importance,
sub-tasks, attachments
Useful searching to find what you need
Built-in notifications
Tasks can be moved to other lists
Cons - To Do
The app’s benefits skew towards Personal Tasks rather than Planner Plans
Can view Planner Plan tasks and “complete” them, but cannot interact with Planner
Plans in more meaningful ways (e.g., add new tasks, view tasks by Plan, etc.)
Personal tasks remain somewhat limited compared to other modern offerings due
in large part to the unchanged underling infrastructure
View of information remains quite rigid
Tasks by Planner and To Do (Teams App)

Pros - Tasks by Planner and To Do (Teams App)
Provides a consolidated view of Personal Tasks from To Do and Outlook, as well as
Team Tasks from Planner Plans
Allows for the creation of Shared Task Lists and Planner Plans within existing
Channels
Support for categories (web only), assignees, dates, importance, sub-tasks,
attachments
Better navigation of Planner Plans, their attached Task Lists, and tasks
Access to same views within Planner including List, Board, Charts and Schedule
Support for creating new tasks, and reorganizing Planner Plans just like within
Planner
Notifications in Teams are useful
Cons - Tasks by Planner and To Do (Teams App)

The user interface can be very overwhelming and the app’s benefits skew towards
Planner Plans rather than Personal Tasks
The experience to view personal tasks is not as strong as To Do
Personal tasks remain somewhat limited compared to other modern offerings due
in large part to the unchanged underling infrastructure
View of information remains quite rigid
Microsoft Loop
Pros - Microsoft Loop

Quick and easy to get started which can be useful live in a meeting or in a Chat
with Self
Support for assignment and @mentions
Cons - Microsoft Loop

No built-in integration with other applications (e.g., Planner) therefore the
assignment of tasks can easily get lost and end users have no way to see a
holistic view of all their tasks across individual Lists.
Cannot be used in Teams, only group chats and meetings
Can be hard to find after they have been used
Initially shared with specific people based on who the chat or meeting was with
Sub-tasks are not supported
Microsoft Outlook
Pros - Microsoft Outlook
If you like the web’s To Do interface, it’s another place to access it
Allows for the creation of Shared Task Lists outside Planner Plans
Support for lists (classic = folders), categories, assignees, dates, importance, sub-
tasks, attachments
Support for categories (web only), assignees, dates, importance, sub-tasks,
attachments
Useful searching to find what you need
Tasks can be moved to other lists (folders)
Built-in notifications
Cons - Microsoft Outlook

Seems redundant now even though the underlying tasks have not really evolved
Odd old user interface (classic tasks) still available in desktop client
Hashtags don’t work in classic
Sub-tasks (steps) don’t work in classic
OneNote
Notes - OneNote
Can be used to assign tasks to yourself or others using the classic task interface
Tasks show up in Outlook and To Do
Only visible in desktop OneNote client
Not very intuitive
Office (Web) Comments
Notes - Office (Web) Comments

Users can use the commenting feature within to now add “Tasks” to users
Task does issue an email notification to the assignee
Tasks are not integrated and are easily lost
Azure Dev Ops (ADO)
Notes - Azure Dev Ops (ADO)

Geared towards development scenarios (dev and QA)
Supports resource management
Configurable to meet team needs
Task does issue an email notification to the assignee
Tasks are not integrated with other tasks and can mean multiple places to track
Microsoft Project
Notes - Microsoft Project
Intended for more thorough project management including resources, schedule,
budgets and timelines
Provides a more modern visual experience, including Kanban view
Supports enterprise portfolio management
Integration with other task platforms is not great
Requires additional licensing
Dynamics 365 Project Operations

Notes - Dynamics365 Project Operations
Project Online features are embedded into Dynamics 365 Project Operations (D365
Project Service Automation)
Expands capabilities pre-project into sales and quotes and post-project into
expenses, invoicing and more
Requires additional licensing
Viva Goals
Notes - Viva Goals

Viva Goals will support syncing of tasks from Azure Dev Ops, Project, and Planner
to align daily tasks with organizational priorities
What Option to Choose

For the time being, it is best to select an option that easily integrates (and
communicates) easily with other Microsoft 365 solutions. However, each organization
may need to handle tasks differently, based on their needs. The diagram below can be
helpful in determining what task management solution to roll out at the personal level,
but selecting a solution for enterprise project management or development projects will
quite likely need to look beyond the confines of the defined safe space (i.e., the Task
Hub).
Making Good Technology Decisions:
Establishing Decision Criteria
Part 1: Microsoft 365 - Making Good Technology Decisions: Establishing Decision

Criteria (this article)
Part 2: Microsoft 365 - Making Good Technology Decisions: Data Storage
Part 3: Microsoft 365 - Making Good Technology Decisions: Front End
７ Note
Effective November 2020:
Common Data Service has been renamed to Microsoft Dataverse. Learn

more
Some terminology in Microsoft Dataverse has been updated. For example,
entity is now table and field is now column. Learn more
This article has been updated to reflect the latest terminology.
The longer I work in technology, the more I realize that few things are absolute. In fact, I
often say “All absolute statements are wrong.” When people think about building
solutions in the Microsoft 365 ecosystem, they tend to think about the ways they’ve
solved problems in the past. If you’re a SharePoint person, you’re likely to think about
using a bunch of SharePoint lists. If you’re a Dynamics person you’re going to think
about using Dataverse. If you’re an old school database developer, you might think
about using SQL. The point isn’t that any one of those is wrong, it’s that it’s important to
consider the various options you have available to you within the Microsoft ecosystem.
The requirements for the thing you are trying to build should drive your decision-
making, not just what you already know.
But beyond the technical choices, there are many different criteria that are important to
consider when you plan to build a solution. Reading through these criteria, it may sound
a bit like the classic “it depends” that comes from many consultants, but the reason
many consultants use that phrase is because it’s true. In the list below I attempt to
provide a list of some of the important factors a technical architect should consider
when planning a solution.
But it’s not just important to the technical architect. If you work somewhere in the rest
of the organization and are having conversations with the technical folks about a
solution you need, understanding these criteria will help those conversations go better.
Decision Criteria
Some of these decision criteria are discrete; others are continuous. It’s possible to come
up with a scorecard-like approach to measure each of your solutions against but
understand that some of the criteria may be more subjective. However, using these
criteria can also be part of the way to manage your portfolio of solutions: to see how
your full range of solutions compare to each other.
Knowing where your organization sits in the technology adoption life cycle is one way to
think about things, but there’s much more to it if you go a layer deeper.
Figure 1: Rogers' bell curve from Wikipedia
Technical Fit
Usually technologists think of technical fit as the main and perhaps only reason to make
a choice about how to build a solution. However, there are often multiple options which
each provide a decent technical fit but may not be perfect for the solution. Perfection is
a luxury; we may realize that there is a perfect technology to build a particular solution,
but that solution will never be built in time, or that that solution will never be used by
enough people to justify using the perfect technology. A good technical architect will
understand how to sand the corners in these decisions, considering some of the other
factors listed below.
Maturity of Technology
Some technologies may look perfect on paper or sound perfect if you listen to the
marketing messages. But oftentimes the technology is not mature enough to do all the
things that people claim it can do. We sometimes joke that version 3 of a product is
when it gets good enough to consider. It’s not always that extreme, but in today’s world
of Minimum Viable Products (MVPs), Previews, and even the now old-fashioned betas,
understanding where a technology sits in its lifecycle is important. The fact that a
technology is early in its lifecycle doesn’t have to be a bad thing, but if you don’t know
that’s the case, it can be a very bad thing, leading to project delays and even rework.
The importance of the solution and the skills of the organization may mean that
choosing a technology that is not mature is much riskier. It may be that your
organization is very technically savvy and is often a leader in using new technologies; it
may be part of your strategy. The maturity of any product is important as it can have a
huge impact on solution success.
Skills Required
Sometimes you look at the way you would like to build a solution and realize that you
don’t have the skills in-house to build it well. At this point you have an option: you can
either train your people or hire an outside consultant. Sometimes the mix of skills that
you do have in-house may cause you to choose a solution path that is less orthodox or
less optimal. That may or may not be a bad thing. If you want to build a solution that
your staff can support, sometimes you must cut corners. There is purity in building
things the supposed right way, but there’s reality in building them in a way that you can
both get it done and support the result. If you decide to bring in skills from the outside,
be very clear about what sort of knowledge transfer you expect from them. You should
also build that knowledge transfer cost into the project budget.
Time to Market
Some solutions must be there, and they must be there fast. This may mean that there
simply isn’t time to build something robust, scalable, and with exactly the right
technologies. If there is a long runway, we may have the luxury of being able to stand
back look at all the options, all the skills, all the variables, and choose the best approach
because we are not time constrained. In many cases, we can’t take all that time.
It’s important to have a true sense of the solutions time to market requirements. In
many cases the answer is yesterday when in fact it may not be the case at all. Non-
technology people – especially if they have had bad experiences with technical teams in
the past – may decide they need to use every single inch of runway because they expect
many things will go wrong. In other cases, the must-have date is arbitrary and not tied
to any specific business driver. Open and honest conversations about time to market is
extremely important so no one is surprised.
Another important consideration can be whether some scheduled or known

enhancement to the platform will bring the capability “for free”. In other words, if you
don’t have to build it and waiting a few months to get it from the platform itself may
make a lot more sense. Always try to find out whether something which is scheduled to
arrive is truly scheduled or just on the road map as a “top of mind” item.
Solution Scope
Some solutions have a very broad scope or they’re critical to your business path. For
example, a bank would probably not build its ATM network software on an unproven
technology. That set of solutions is simply too critical to the organization’s success to
take any chances. Other times a solution may have a very narrow audience yet still be an
important solution for the organization. We often think of these as departmental
solutions or solutions which are simply used by a smaller number of people across
disciplines inside the organization.
Solutions with narrow scope can often be built by citizen developers or power users –
and in many cases should be. Those people have intimate knowledge of the
requirements, the people involved, and can even have better technical skills that the
technologists in your organization (but may have chosen a different career path). The
fact that the people building the solution may not have formal development training
does not mean that the solution can’t provide tremendous value to the organization.
Solution Longevity
Some solutions don’t need to last very long. For instance, you may have a need to
manage the company party logistics. The solution that you may decide on here may or
may not be even be used again for next year’s party. Understanding how long the
solution will last may drive some of your decision-making as well. In cases where the
longevity is short there’s nothing wrong with deciding to use note cards or Excel
spreadsheets. If the solution needs to last for months or years or potentially be reusable,
you’ll want to be sure that you provide something that’s more bulletproof and can scale.
Strategic Fit
A shared understanding of how important the solution is to the overall strategy of the
organization is surprisingly rare. Often strategies are distilled into a mission statement
or represented by a balanced scorecard. If there is a set of strategic goals of mission
statement points you can compare the solution to, it can greatly change how you
communicate about the solution as you build it. Saying you absolutely must have a
meeting of 30 people to refine the solution for planning the cafeteria menu is likely not
to stack up against a solution which can drive innovation or efficiency.
Budget
While budget is implied in many of the aspects above, sometimes you just simply must
deal with a fixed budget number. When budget is your primary concern, be very
concerned. Driving your technical decisions purely based on budget often leads to
project failure.
In an ideal situation, the design of the solution determines the budget, not the other
way around. When you are thinking through this set of criteria, the most important
thing you need to know is what constraints you have on the spend. While budgets are
rarely unlimited, some projects get a bright green light due to their importance. Others
may only grudgingly receive funding.
Volume of Data
Some solutions require very little data; some require vast amounts of data. A high
number of transactions – especially if they must occur in a short period of time – is very
different than an occasional transaction with very little data storage. Sometimes this may
be lumped into the technical fit thinking, but it’s important to be clear on how much
data you expect and over what period.
Saying you expect to generate gigabytes of data over the next five years is different
than generating gigabytes of data in the next week. If the solution will never generate
more than a small amount of data, you need to acknowledge that fancy data storage
mechanisms might just not be needed.
Security
How important is the content you will be generating? This is usually the driver for
security needs. Many organizations try to use a one-size-fits-all approach to security –
everything is equally important and requires the same high-water mark of security – but
this simply isn’t realistic. Understanding the actual security needs for the specific
solution is extremely important.
Usually the most important factors are statutory or regulatory requirements, then
organizational policies, then common sense – in that order. Be sure you don’t allow the
security folks to apply the one-size-fits all rule. There is also a vast volume of material
about the certifications and security features for Microsoft 365 available in the Trust
Center. Don’t try to reinvent the wheel by trying to prove that the platform is secure.
Mine that vast trove of content for the specific proof you need and reference it with
your security folks. Almost more importantly, if the solution you’re proposing simply
doesn’t need to be secure – sports league sign ups? – then acknowledge that right up
front.
Requirements
Yes, requirements are at the bottom of this list. That may seem backward, but the
requirements for the specific solution ought to be framed using the considerations
above. A good and experienced architect can sometimes just know how everything
above fits the requirements, but it never hurts to be more explicit in your thinking and
discussions. This can be especially helpful if you need to explain your decision-making
process upward or to outside parties.
As consultants, we are often told how to build a solution with very little backup
information about how that set of decisions was made. Sometimes that’s because the
decisions weren’t well thought through, and other times it’s simply a matter of
communication. Requirements also can’t just be a thick document in this modern era. It
must be more a common understanding of the needs and goals for the solution.
Now what?
But wait, you might say. At this point we haven’t even picked the technology! We don’t
know what we are going to build! That may be true, but you’ll have a much better
picture of what the solution is, how important it is to the organization, how much time
to have to devote to it and to build it, who might do the works, etc.
In the next part of the series, I’ll write about some of the data storage mechanisms you
have available to you on the Microsoft 365 platform. Using the thinking you have put
into understanding the solution against the above criteria, you’re likely to make far
better decisions than if you just decide to pick the technology first.

This article was originally published as a part of the "Microsoft 365 - Making Good
Technology Decisions" series, written by Microsoft MVP Marc D. Anderson for
CollabMagazine .
Data Storage

Criteria
Part 2: Microsoft 365 - Making Good Technology Decisions: Data Storage (this
article)
Part 3: Microsoft 365 - Making Good Technology Decisions: Front End
７ Note

more
Once you’ve thought through the decision criteria for your specific solution (as covered
in part 1) – which ought to fit into the broader decision criteria for your portfolio of
solutions – you can turn to the technical specifics. The next few parts of the series are
probably where people argue the most about purity and “best fit”. Sometimes the best
fit isn’t just a technical fit: you need to take those other criteria into account. The best
technical solution isn’t always the same one for everyone. If you frame the technical
decisions based on the decision criteria, you’ll be likely to make technical choices which
have a higher potential for success. You may even find yourself arriving at different
choices than you might otherwise expect.
Data Storage Concepts

When we build a solution within the Microsoft 365 ecosystem, we almost always need to
store some content which is generated during the use of the solution. I’ve always
thought about that content as falling into several different, broad brush buckets. Caveat:
there are bound to be readers who disagree with me on multiple levels. I may be over-
simplifying or using terms in different ways than the norm. My goal is to get the
concepts across without being too muddy; let’s see how I do.
Reference Content
Reference content is the content which makes the transactions work. If we are recording
outcomes of meetings, we want to know who was in the meeting; that content is
provided from the set of users in our farm or tenant. If we want to track customer
interactions, we need a consistent data set of customer information; that may be stored
in a list or in Managed Metadata. If we want to process invoice documents, we’ll want to
tag them with the appropriate metadata about which office or region is responsible for
them; that may be stored in Managed Metadata or lists.
You can see the pattern. Before we can think about performing transactions, we must lay
down the sets of reference data to support them. In many cases, this reference data
needs to be consistent across a wide range of transactional content, so we turn to
centralized storage services like the Managed Metadata Service. We get a service to
manage Users and Groups for “free” from Active Directory (AD) or Azure Active
Directory (AAD).
In other cases, the reference data is purely local, like perhaps the responsible party for a
certain process step within a department. In those cases, we can build our own lists or
libraries to contain the data.
Guess what: Each of the reference content sources may also need to support
transactions. If you get a new customer, you need to add them to the customer list. If a
new person joins your organization, they need an Office 365 license. And so on.
Transactional Content
Usually transactional content is what gets the most attention when we are building
solutions. When we create a list or library in SharePoint, each row represents at least one
transaction: adding that item or document to the list or library. You perform hundreds or
thousands of transactions daily, both at work and in your personal life.
Transactional content is that content which represents activity which occurs frequently,
like creating a service ticket, checking out a resource, or filing a status report.
Transactional content becomes meaningful because of its use of reference content as
well as simpler fields like text fields.
Regardless of where you store reference data, you need to account for it before you
perform your first real transaction. The relationships between transactional content and
reference content is one reason why technical people focus on what’s called a data
model. Data models show how all the different types of content fit together.
Data Model
You may have seen a diagram that looked something like this sometime in your career.
This is an example of a data model for a relatively simple system. (I found it in a
StackOverflow post, and it seemed like a good example, so I’ve adapted it for this
article.)
This data model shows a way you might store information about company devices in a
simple device management solution. Don’t worry too much about the details – this data
model is too simple to be of much practical use. The point is, we often have multiple,
related tables (think SharePoint lists) in a data model.
The top row of tables can be considered reference lists. The bottom table can be
considered the transactional table. In order to create items in the
company_device_history table, we need the reference information in the other three
tables: company, company_device, and device. As I mentioned above, you will also have
transactions in the reference tables: you may need to add companies or devices in order
to start tracking them. But the primary transactions will be managed in the
company_device_history table.
Each of the boxes in the data model can be considered a data entity. A data entity is the
mix of fields and their behaviors which make up the representation of a business object.
In SharePoint, the structures of lists and libraries are dictated by the data entities we
apply to them. Those data entities may be created directly in the list or library by adding
columns or by enabling the use of Content Types on the list or library. Other data
storage mechanisms provide different approaches and levels of rigor to managing the
data entities they can contain.
The data we add to each table inherits the data entity’s structure and behavior. Each
table is basically a rectangle of data, where the rows are items and the columns are
fields. This rectangular construct is very familiar if you use Excel, or create shopping lists,
or collect data to make it useful in many other ways.
Many times, we think of the different apps or screens we build from a table-centric view.
For example, if we are adding a company_device_history item, it will probably be a
different screen than if we are adding a new company. I’ll discuss these differences more
in Part 3.
Logging and Auditing

Most platforms record some information about how a transaction occurred. Most data
storage mechanisms give you the basics: who did something and when. But in many
cases, for statutory or regulatory reasons, or simply to keep track of who did what in
more detail, you’ll need to build logging or auditing capabilities into your solution.
This usually means you explicitly create lists or some other data storage mechanisms to
contain the detailed logging information. In many cases with SharePoint Designer
workflows, the Workflow History list contained a log of the activity generated by the
workflow. Over time, old items in those lists would be deleted. This is the case with the
Office 365 Audit Log as well: the history is maintained for a rolling 90 days. If you need
more tightly integrated logging or longer time horizons, you may decide to build your
own mechanisms. More sophisticated data storage options may provide full-fledged
logging and auditing as part of their transaction engines.
Data Storage Options

Now that we’ve run though a little data theory, we can start thinking through the
options we have in Microsoft 365. Here are some potential ways you can think about
storing the data for your solutions from the simplest to the more complex. A lot of this
is a grey area; while I think about this as a rough spectrum from top to bottom, others
may see it as more discrete with several options being equivalent. In those cases, the
framing above will help you to make the distinctions.
Single SharePoint List

SharePoint lists (for the sake of this discussion, lists and libraries are equivalent) are far
more powerful than many people think. In a list we can set up any data structure we
choose, we get robust forms “for free”, we get data validation tools, and much more.
In many straightforward situations, a SharePoint list can be a solution unto itself. We

may just need something like a list of activities for customers that we can refer to from
time to time. In this case a simple SharePoint list may be more than adequate. This kind
of single list solution is a very common use of SharePoint: a straightforward rectangle of
data where we can record information which serves a useful purpose.
Single SharePoint List with Enhancements

An out of the box SharePoint list gives us quite a bit, but we also have additional
enhancements we can apply to that list. In modern SharePoint we can use column and
view formatting that help us build solution-like functionality right into the list itself. This
could allow us to display the items in the list as cards with multiple actions available in
each card. It could allow us to add behaviors to the content in a column that allow us to
trigger actions or notify other people of something important. We can also customize
the forms with Power Apps, or even create mobile ready standalone Power Apps for the
list. We can apply business logic with Power Automate flows as items are created or
modified. (As of this writing, Power Apps for SharePoint content alone are covered by
Office 365 licenses. Many people don’t know that, so one divergence from my “no
licensing” rule.)
When we add these types of enhancements, we are giving the list various powers to
provide us increased utility. While a list itself is useful, when we change the UI or add
new behaviors to it, the list becomes more and like a bespoke solution. When we extend
the list in these ways, we often need help from someone who has different skills and
knowledge of the platform, but it’s not that unusual for savvy end users to get a list to
this point.
Multiple SharePoint Lists

If a single list is inadequate, many times we use multiple lists to accomplish what we
need. For example, we may have a list which contains transactions with customers. To
ensure that we have a common view of the customer, we might have a look up column
inch which looks up from a customer list.
From a database design perspective, combining multiple SharePoint lists into a solution
can seem crude, as we don’t have a lot of control over referential integrity, cascading
deletes, and many of the other capabilities we’re used to in full-fledged database
storage mechanisms. However, people have been building quite sophisticated solutions
with SharePoint lists as the storage mechanism for many years, with some sort of front
end which treats those lists almost like a database.
Each of the lists within our solution can have enhancements added to them, whether
that list contains transaction content or reference content. Adding, editing, or deleting
content in any of the lists may require different permissions, form structures based on
the user’s role, business logic represented by a Power Automate flow, etc. By combining
multiple lists – each of which can serve its own set of purposes – into a larger solution,
we can build rather sophisticated applications.
It’s worth reiterating, however, that SharePoint lists are not database tables and
SharePoint is not a database. The content in SharePoint lists ends up in a SQL database
somewhere, but that doesn’t mean that the lists themselves are database tables. This is a
common misconception about SharePoint, especially when technical people start
working with it for the first time. Just because there’s an instance of SQL running
somewhere, it doesn’t mean that you’re working with a database. We are separated
from the underlying SQL databases by a layer of Application Programming Interfaces
(APIs), and with Office 365 we cannot touch the SQL database directly.
Microsoft Dataverse
The Dataverse is a part of the Power Platform. It also has a different licensing model
then SharePoint does within Microsoft 365.
What Dataverse gives us is the ability to manage entities in a more sophisticated way. In
the multiple SharePoint list section above, that’s essentially what we we’re doing, but we
don’t have as many sophisticated capabilities we can bring to bear. For example,
Dataverse allows us to create real references between entities, business rules, forms,
views within and across entities, and more. Dataverse is in fact a layer of abstraction on
top of SQL databases, so you get some of that sophistication without having understand
how to design and maintain a database directly.
When we build entities in Dataverse and add relationships between them, we need to be
more careful up front. Generally, the more sophisticated the data storage mechanism,
the more up-front planning is required, as large-scale changes are difficult after the fact.
Not impossible – just more difficult.
Azure Tables
Azure Tables are like Dataverse in that they give us the ability to manage a set of
entities, but the underlying technology is NoSQL. Choosing Azure Tables over Dataverse
may well be driven by your available skills or determined by comparing licensing costs.
In many organizations, the fact that we even mention the word Azure means we need to
interact with a different set of technical people in order to obtain access. This means
that Azure Tables – while they may seem to hold more appeal from a technical
perspective – may be out of reach in a larger organization, often due to security
concerns.
SQL Databases
SQL databases or what many technology people would call “real” databases. Looking at
all the options above a database person would see them as highly inferior. SQL
databases make sense when you’re building something that needs to have industrial
strength, scale to any size, be fault tolerant, and even more importantly support highly
complex data structures.
Now what?
Once you’ve decided on your data storage mechanism – and it’s possible you may have
arrived at a combination of these options for a more sophisticated solution – you can
build out your data model. Depending on where in the spectrum you have landed, you’ll
need to apply different level of rigor to the data model up front, as I’ve mentioned. With
SharePoint lists, the 80/20 rule is in full force: you can easily make adjustments
iteratively. If you’ve landed at the SQL database end of things, you’ll need to nail down
the data model much more completely.
Next, you’ll start building out the user interface (UI) for your solution. I’ll tackle some of
your options for the UI in the next article in the series: Building the Front End.
CollabMagazine .
Front End

Criteria
Part 2: Microsoft 365 - Making Good Technology Decisions: Data Storage
Part 3: Microsoft 365 - Making Good Technology Decisions: Front End (this article)
７ Note

more
In the prior two articles in this series, I’ve gone over how to evaluate your organizational
readiness and what criteria to use to make decisions [Decision Criteria] as well as where
to store the underlying data for your solution [Data Storage]. In this installment, I will go
through some of the front-end options available to you, providing some of the plusses
and minuses for each.
SharePoint List Forms

SharePoint list forms often are pooh-poohed even by the people who use them. The
best thing about them is that when we set up a list, we get those forms for “free”. The
forms will ensure that you are entering the right data types and handle all the CRUD
operations. The forms are even Content Type aware (and I am a big Content Type fan!);
if you change the Content Type, the forms automagically adjust to reflect the
appropriate metadata. If you have a list which stands alone with relatively
straightforward input needs, the out of the box forms are probably all you will ever
need.
A shortcoming of these forms in modern SharePoint is that you cannot build conditional
logic between any two or more columns as things currently stand. We used to add
JavaScript and CSS to the out of the box forms in classic SharePoint (huzzah,
SPServices?), but this is not possible in modern SharePoint. If you are still in classic and
you are customizing forms with JavaScript and CSS, read on…
Customized List Forms with Power Apps

(Canvas Apps)
Power Apps canvas apps are a way to customize the forms in a list context even if it is
just a simple conditional display of a column or a cascading dropdown. The general
approach here is to build out the list architecture first, and then customize the forms
with a canvas app. There is much confusion about the licensing implications of using
canvas apps, but all Microsoft 365 licenses include usage of the Power Platform for the
purpose of customizing and extending Microsoft 365 applications; this means canvas
apps for list forms does not require any additional licensing.
Embedding a canvas app in the context of a single list does not limit us to interacting
with only that single list. For example, if we have a parent/child relationship between
two lists, the canvas app embedded in the parent list can also interact with the child list.
At this point, your canvas app can start to feel more like a small application.
Power Apps are billed as end user tools, but still require the right mindset to build
something with any complexity and be successful. Much like InfoPath before them,
canvas apps provide supposedly “low code” capabilities, but that only holds true if the
form is relatively straightforward.
Standalone Power Apps (Canvas Apps)

Embedding canvas apps in the context of a single list is often just the ticket, but in other
cases, you want an app which stands separate from the data storage mechanisms.
Standalone canvas apps are one way to do this. Contrary to what I believed for quite
some time; this also falls under your Microsoft 365 licensing.
With a standalone canvas app, you might have two or more underlying SharePoint lists
for data storage, or even Dataverse or some other storage mechanisms. By moving to
this level of abstraction, your end users really do not know where the data lives, nor do
they need to. The data is somewhere, and the app you build provides the ways to
interact with it and perhaps the entirety of the ways to review and report on it.
Using canvas apps this way, you can use the Microsoft Power Apps (Preview) Web Part
to embed the app right in any SharePoint page (where there is ample page real estate
for it realistically to live). Alternatively, you can send your users via a link (perhaps a
Quick Link) to the Power Apps environment where your app is hosted. Again, they do
not need to know where the app lives, just how to get to it.
Power Apps (Model Driven)

If you have decided to use Dataverse for your data storage, you can choose to use
canvas apps (via a premium connector, thus with a licensing cost) or model driven apps.
To say that Power Apps have two flavors (canvas apps and model driven apps) is rather
disingenuous. The two types of Power Apps could not be more different to build or to
use. Because both tool sets were built by the Dynamics 365 folks, they are under the
same marketing name, but the skills to build with them are quite different.
Model driven apps provide a very different way to think about app building. With model
driven apps, the data structures – entities in Dataverse, primarily – determine most of
the possibilities for the front end. This is not a bad thing, but it can feel stranger than
canvas driven apps, where it feels more comfortable taking an iterative app building
approach. Note that my prior article was about data storage: I’ve found over the years
that getting your data model right up front (the 80/20 rule applies) makes building
solutions on top of it much easier, anyway. Model driven apps take that a step further,
requiring the data model first. Iteration is possible, but the further down the path you
go, the harder it is to change your data model.
SharePoint Framework (SPFx) Solution

Coder’s gotta code, right? Well, in some cases, coding is just the right answer. When we
need unique functionality and we have the skills and resources to support it, creating
custom SPFx solution can be a great idea. Whichever data storage solutions we have
chosen – even if we need to utilize external data sources – as long as that data is offered
up via some sort of modern Web interface (most often REST), we can incorporate it into
an SPFx solution.
SPFx solutions allow us to add functionality to SharePoint and Microsoft Teams (so far).
In SharePoint, we can create Web Parts or Extensions. Extensions include (with simplified
explanations):
Application Customizers – think header and footer replacements with dynamic

logic
Field customizers – think customized list views
Command Sets – think buttons in toolbars
In many cases, these SPFx entry points allow you to provide consistent and powerful
capabilities in single pages or across pages in a tenant.
SharePoint Framework (SPFx) Single Page App

Parts
The last specific option I will outline here is an SPFx Single Page App Part. This way of
creating a solution is different almost purely because it allows us to take over a full page
(mostly) much like we would with a single page app (SPA). (I have had some vigorous
debates with some people about what a SPA really is. To me, it just means an app that
uses most of the page and does not interact with any chrome around it. Some will
disagree.) This type of SPFx solution also reduces the surface area where the user might
interact with its settings or placement. This means it is not a capability a user adds to a
page, it is a capability developer deploys to the user base as a page. (In a sense, this is
like a standalone Power App.)
Everything Else!
Of course, there will always be enterprises which decide some other front-end building
tool is the cat’s meow and thus should take the place of all the above. Microsoft 365 is
generally a modern Web environment and many services offer up well-documented APIs
which this crowd can use. To me, this is often folly as trying to get two different
technologies to work together can become a war of vendors, but it is certainly possible,
and lots of people find great success here. As for me, I prefer to stick with the Microsoft
365 ecosystem.
Summary
We have a plethora of options for our front ends. But do not think you need to pursue
only one of these options. Different types of solutions lend themselves to different
front-end building tools. A departmental solution might be perfectly built with canvas
apps where an enterprise-wide solution may make more sense with model driven apps –
or vice versa. If you have thought through your decision criteria and data storage for the
solution, in many cases the front-end tool set will logically be obvious.
To some degree, this series of articles has given you a laundry list of options you might
choose as you are making your architectural decisions. Understanding each option more
fully is important for you to make good decisions. Unfortunately, there are different
worlds across the ecosystem that do not often intersect, whether it is the people or the
technologies. By trying to think about the various options on the spectrum, we can
better serve our constituents by making better informed architecture decisions for our
solutions.
CollabMagazine .
Library scenarios
７ Note
This guide will provide scenario-based guidance for the planning of SharePoint
document libraries.
Functional group scenario

It is not uncommon to have functional groups within teams. For example, Benefits or Pay
and Compensation groups within a Human Resources team. Providing dedicated
document libraries for each functional group will simplify content organization and user
navigation within the site. Files common to all groups would be stored in a common
document library.
Using the example of a Benefits and Pay and Compensation groups within a Human
Resources team, we would plan for the following document libraries:
"Documents" used to store files common to all members of the Human Resources
team.
"Benefits" used to store files for the Benefits functional group.
"Pay and Compensation" used to store files for the Pay and Compensation
functional group.
Example image shown below:

Subject matter scenario
High value or frequently accessed content is often grouped together by subject matter.
For example, project plans and governance documents. Creating dedicated document
libraries by subject matter can help to organize files and simplify user navigation within
the site.
Using the example of project plans and governance documents, we would plan for the
following document libraries:
"Projects" used to store all project plans and related files.

"Planning" used to store all governance documents.

In some cases, high value content is limited in quantity, and additional document
libraries add complexity to user navigation. In these situations, highlight the high value
content by pinning it to the top of the document library . When you pin an item, a
thumbnail image will appear at the top of the document library page making it easier
for users to find it.

Sensitivity scenario
Some sites are required to store sensitive content that is not suitable for site members
or visitors to view. For example, confidential employee reports. Creating a dedicated
document library with unique permissions allow the secured storage of sensitive content
within the site while employing a security trimmed navigation experience.
Using the example of employee reports, we would plan for a "Confidential" security
group and a "Confidential" documentary library with unique permissions that exclude
the members and visitor security groups.
Example image below of the "Confidential" security group:
Example image below of the "Confidential" document library unique permissions:
Custom security groups and document libraries with unique permissions add
complexity to ongoing site management. Before implementing consider moving
sensitive content to its own site collection.
Multimedia scenario
Organizations often group image, audio, and video files in document libraries for
reference use or archival purposes. For example, branding and marketing materials.
Providing dedicated document library or Asset Library for multimedia purposes allows
for consistent use and storage of an organizations image, audio, and video files.
If you don't see Asset Library as an option in your built-in apps, contact your
SharePoint admin to see if they are available for your site.
Using the example of branding and marketing materials, we would plan for:
"Assets" document library or Asset Library for image, audio, and video files.
"Marketing Materials" document library for style guidelines and related content.
Multimedia document libraries can be designated as an Organization Asset Library

making image files available to users for site and page creation.

For video files intended for streaming check this Overview of how to feature videos
in Microsoft 365 with pages, sites, & portals.

Using Site Templates to Manage Project
Life Cycles
７ Note
One possible use for Site Templates (which used to be called Site Designs) is to manage
the life cycle of a unit of work. Site Templates allow us to do such things as create lists
and libraries, apply a theme, install an add-in or solution, set permissions, etc. (See: Site
template JSON schema)
We can also trigger a Flow, so that opens up a whole additional world of possibilities. If
we can’t accomplish what we need to do in the Flow, we can also call a custom Web
Service from the Flow. In the Web Service, we can do anything CSOM opens up to us. In
other words, Site Templates are the entry point we can use to do pretty much anything
we need in our sites.
So what does this have to do with project life cycle? Well think about it like this:
A project may start as just a proposal. In order to work on that proposal, we may
need a library to store the information we are using to put the proposal together.
(For some reason, many organizations I work with don’t see the value of
connecting the proposal artifacts with the project itself. I do!)
Once the proposal is accepted, we need some libraries to store our working
documents.
When the project starts to wrap up, we’ll want to collect our important learnings
and high value artifacts for later reuse.
Finally, when the project is truly done we may want to “archive” it.
Site Templates could help us move through this process:

When we create the site, we might apply the Proposal Site Site Template. It might
create a Proposal Documents library and associate the site with the Active
Proposals Hub Site. Associating with the Hub site would set the theme to theme to
“active proposal blue“.
If the proposal is accepted, we might apply the Project Site Site Template. This Site
Template might instantiate a few Content Types, create a few Document Libraries
and apply the Content Types, associate the site with the Active Projects Hub Site,
and add the Executive Team to the Site Members. By associating the site with the
Active Projects Hub Site, the theme would be set to “active project green“,
When the project is nearing completion, we could apply the Knowledge Capture
Site Template. This might instantiate a few Content Types, create a Document
Library to capture the important outcomes and apply the Content Types, set the
theme to "knowledge capture teal", and add the KM Team to the Site Members.
When the project wraps up apply the Archive Project Site Template, which
disassociates the site from the Active Projects Hub Site and associates with the
Archived Projects Hub Site. (This would naturally apply the “archived project grey”
theme.)
This scenario may not fully match yours, but you probably could see something similar
applying in your world. Because Site Templates are generally additive and always should
be idempotent, each application of a new Site Template should have no detrimental
effect on the existing containers of content.
Depending on what information you track in the site itself or in another site – perhaps in
a Project Inventory list – you could even apply these Site Templates quasi-automatically.
For example, apply the Knowledge Capture Site Template when the Project End Date is
within two weeks. It may make sense to add an approval step so if something about the
project is out of band, the project manager can decide not to progress yet.
There are opportunities to automate much of this as well. We could run a Flow on the
Project Inventory list and when a project changes status or a key date is approaching,
we could automatically apply the Site Templates. We could also use the search API to
find sites with a specific piece or set of content and apply a Site Template with a Flow
based upon that discovery.
In other words, if you have a business process you want to support, Site Templates could
be an important piece of the puzzle. Moving a project through its life cycle is just one
powerful example.

Working with Cascading Lists in
SharePoint and Power Apps
７ Note
This example shows how you can cascade SharePoint lists and only show a subset of the
data.
Cascading is useful when you have several lists that are related to each other and you
only want to see the relevant options based on a previous selection.
We will illustrate this with a scenario. Our ambition is to create an awesome list of great
innovations from various countries and to be able to cascade the innovations based on
the choice of region, filtering the countries for the specific region.
1. SharePoint Lists
This example uses 3 different SharePoint lists:
Country: Contains a single line of text columns for the Title and Region. The list is
populated with 231 countries with an associated region. The View used is grouping by
Region. The taxonomy of world regions can be found here .
Region: Using the default Title field for the region title. The additional text field
Countries is used as a placeholder for column formatting only.
Innovations: The main list in this example, this list is where all the great innovations can
be added, using Lookup fields for both Region and Country (and Country:Region) and a
single line of text column for Title.
2. Column formatting (JSON)

In this step we will construct a JSON object and add it to the column formatting to
customize how the column field in the Region list is displayed. When completed, the
column field will show a formatted link to the grouped view in the Country list.
First, we will have to create a navigation link to the grouped view in the Country list.
First, click on a heading so the list only shows the heading. Then copy the URL and move
the "FilterValue1=" to the end of the URL.
Navigate to the Region list and select or create a new single text column named
"Countries". Click on the Countries column header and select "Column settings" and
"Format this Column" in order to show the Column formatting screen.
Finally, paste the URL into the JSON formatting (see code below). Remove the last value,
("Africa") so the $Title field is used instead of the static value. Paste in your custom
edited JSON and press Save.
JSON
"$schema":
"https://columnformatting.sharepointpnp.com/columnFormattingSchema.json",
"elmType": "div",
"style": {
"display": "inline-block",
"padding": "10px 0 10px 0",
"min-height": "auto"
},
"children": [
"elmType": "span",
"style": {
"display": "inline-block",
"padding": "0 10px 0 0"
},
"attributes": {
"iconName": "Forward"
},
"elmType": "a",
"txtContent": "Show Countries",
"attributes": {
"target": "_top",
"href": {
"operator": "+",
"operands": [
"INSERT_URL_HERE",
"[$Title]",
"&FilterType1=Lookup"
]
3. Power Apps (Filter, Choices)

Now we will customize the form for the Innovations list by opening Power Apps in a
browser. In the Innovations list, create a new list item and choose "Edit form" then
"Customize with Power Apps". This may look different depending on your specific
environment. If so, read the article Customize a SharePoint list or library form by using
Power Apps for additional information.
In Power Apps, select the Country card and under the Advanced tab select "Unlock to
change properties" to open up for edits. Depending on your specific instance the given
names for components may be different, so adjust accordingly.
Select the DataCardValue3 (Combo Box) in the Country_DataCard1 (Card), and select the
Items function value.
Because the Choices function only allows for two values (Id, Value) for the lookup to the
Countries list, we have to make some additional changes.
Make sure that the "Region" column is checked in the lookup field to the Country list.
Basically this shows up in Power Apps as an additional table.
Using the Filter function and the in operator we now can reference the values based in
the Id from the Country to show the proper Title value based on the selection of the
Region.
powerapps
Filter(Choices([@Innovations].Country), Id in
Filter(Choices([@Innovations].'Country:Region'), Value =
DataCardValue2.Selected.Value).Id)
Principal author: Henrik Yllemo

Document Lifecycle Scenarios
７ Note
Not all documents are created equal. Based on the relative weight and importance of a
document, we may decide on quite different ways to manage a document through its
lifecycle. In this article, I present several different scenarios for managing a document
lifecycle.
No one of these scenarios will be appropriate for all of your documents. Instead, you
should consider this a set of potential options as you think through your own document
life cycles. One or more of these scenarios may be adaptable to your specific needs.
Ad hoc Document Becoming More Permanent

When smaller teams of people work together in Microsoft Teams, they frequently come
up with "chunks" of content spread across Files, OneNote, posts, Wiki pages, etc. As the
ideas gel, those chunks often need to be assembled into more complete documents,
whether for sharing with the entire organization, a customer, or perhaps management.
The effort of assembly in this case takes the ad hoc components and glues them
together into a coherent document for further editing and polish. Common file formats
in this case are Word or PowerPoint.
Personal Thoughts Turning into Organizational

Document
This scenario is similar to the inner and outer loop ideas presented by Microsoft over
the last few years. We usually test concepts first by writing them up for ourselves. The
document generally sits on our desktop or in our OneDrive for Business.
 Tip
Ideally if we are working with documents on our desktops, they are also synching
to OneDrive with OneDrive PC Folder Backup (née Known Folder Move).
When we feel our document is "ready" or has reached a point where we would like
some feedback - usually from "trusted" co-workers - we share the document where it
sits by creating a sharing link and sending it to them.
Once we've collaborated on the document with the small circle, we may decide it is
ready for our larger work team to review and give us feedback. At this point, we may
move the document from our OneDrive into the Team Site (SharePoint) or Files tab
(Microsoft Teams) where out team has access and we share a link again. This is the
beginning of the shift from the inner loop to the outer loop.
If our ideas in the document are truly useful or brilliant, we may end up publishing the
content on our Intranet as part of our department's Communication Site (SharePoint) or
on Yammer.
We may get such rave reviews for this document that we end up publishing it externally,
perhaps on our Intranet site or in presentations at conferences or symposia. Usually
before this happens, the document (or connected content in another form) goes
through another round of editing in its new form, and that can happen by resetting
back to the personal thoughts entry point above. Content we share externally generally
requires a different tone and filter than that which we share internally.
That little personal idea we had can have long legs!
Important Organizational Document

Some documents are simply too important organizationally to arise informally. They also
may require some organized and sometimes mandated processes. In this case, the
document is generally created in a SharePoint Document Library with important,
required metadata columns. It may be moved through a process using a Power
Automate flow for approvals or other important state changes.
The goal with documents like this - perhaps a company policy or regulatory filing - is to
ensure accuracy and adherence to all organizational constraints.

Power Automate - Send SharePoint files
as attachments
７ Note
Scenario
We have a library with a number of folders, and each of the folders contains multiple
files. These files need to be sent out as attachments, when needed. There are many use
cases for this capability, but the example in this article is related to contract
management. As you might have guessed, these documents need to be sent as
attachments outside of the company.
What do you need

Power Automate, standard M365 license
SharePoint library - this could of course be a Teams connected library
Mailbox in Exchange Online
７ Note
If you are new to Power Automate head over to the official documentation to learn
more.
The Steps
1. The flow is started by the user
2. The user inputs the recipient's details
3. Flow will locate the correct folder
4. Flow will collect all the files
5. Flow will add the files to an attachment array
6. Flow will send the email with the attachments
In our SharePoint team site we have a Contracts folder and inside this folder we have
our partners and customers as sub-folders.
The contract files are located inside the customer/partner folder as below
Using the library menu | click Automate | Power Automate | Create a flow
The flow we are building is an Instant Flow, so in the dialog click "See your flows" to
navigate to the Flow editor page.
Choose to create a new flow | Instant-from blank.
Name your flow, choose to "For a selected file" as trigger, and then click Create.
Whenever the flow runs we need some data from the end user. In this case "Recipient
Name" and "Recipient Email". We will create two variables:
Recipient Name
Recipient Email
FolderName | this is the folder we will grab the files from
AttachmentsArray | this is the array where we will put all files to be sent
The next step is to grab the data for the item that started the flow. That way we can
verify if the "item" that started the workflow is a file or a folder.
If folder is "true", we will then append the folder name to our variable "FolderName",
and use this in the next action to grab all the files properties in the current folder.
We will then use "Apply to each" to append the files' content to our Attachment array
variable. The trick here is to append the right content. Thanks to this guide at the Flow
forums by Sunay Vaishnav, I finally managed to get this working.
As of this writing, the best way to append SharePoint files to an attachment array is:
JavaScript
"Name": @{items('Apply_to_each')?['{FilenameWithExtension}']},
"ContentBytes": @{body('Get_file_content')?['body']}
The final action is the "Send email (V2)" action. You will need to populate the action with
the following inputs:
Recipient email | user input

Recipient name | user input
AttachmentArray | attachments form previous step
From (send as) | user who started the flow
The whole Flow should look something like this:

When you are all done, click Save, Test, and Share with your users
The recipient should receive an email with the files attached.

How can I use Learning Pathways in my
organization?
７ Note
Introduction
Learning Pathways is a customizable, on-demand learning solution in Microsoft 365.
Learning Pathways offers a fully customizable SharePoint Online communication site
(that may be used as a training portal), easy provisioning from the SharePoint Look
Book , the ability to make your own training playlists with custom assets, a custom web
part to surface training content across your SharePoint site collections, and up-to-date
Microsoft documentation for Microsoft 365 solutions.
Use Cases
Centralized location for all training content

Learning Pathways comes with all Microsoft 365 documentation categorized into
technologies and playlists which is an excellent start for most organizations. Even better,
this takes the burden off the Information Technology, learning, or training departments
to either create or gather this content.
If an organization creates their own custom training or has training for other
technologies outside Microsoft 365, adding custom training to Learning Pathways
creates a one-stop-shop for all training content across the organization.
While many companies still need or actively use a Learning Management System (LMS)
to support requirements like role-based training assignments and reporting, many of
these systems do not house the documents. Saving training documents and videos to
Microsoft 365 can help support the enterprise LMS by integrating content into Learning
Pathways and providing the ability to surface the training content in context on relevant
sites through the custom web part.
For example, there is training content on the LMS for how to click through a
procurement system to purchase goods. There is also a page on the procurement site
talking about the business process. You can reduce the friction of getting all necessary
content to the end users to complete a purchase by using the Learning Pathways web
part to embed that specific playlist for purchasing goods on the same page where the
rest of the business process is referenced. Learning Pathways helps shorten the steps
across the intranet by having information to complete top tasks right where people
need it.
Raising the technical literacy of the organization

Whether it is training for a brand-new Microsoft 365 launch, supporting your SharePoint
Champions or advancing the finance department’s Excel skills, Learning Pathways
supports creating self-service learning opportunities through curated playlists.
Each playlist offers dropdown menus for “Level” and “Audience,” helping end users
determine where to begin. The order of the playlist can match which pieces are most
important to the organization or follow a logical progression increasing in difficulty.
Breaking training content into bite-sized chunks may also support your end users as
they try to fit learning into already busy days.
For example, Contoso has decided to begin self-service SharePoint site creation. There
are different types of governance for collaboration and communication sites. This
governance exists in the intranet on the Information Technology site collection. The
governance can now be added to a playlist for “Team Site Owners” and “Communication
Site Owners” to ensure they are not only learning how to use the technology, but also
following the better practices that supports a consistent user experience across
Contoso’s environment as well as keeping content secure.
Documentation for custom solution with training in

context
Microsoft 365 offers many opportunities for customizations to your environment. These
custom solutions may have specific steps to follow and likely need training
documentation to support their usage. Adding the training content to Learning
Pathways and then embedding on the site where these custom applications live
removes the friction for an end user to understand what they can do in your custom
solution and how to complete their objectives.
Consultant supporting an organization new to Microsoft

365
When organizations work with external consultants for a Microsoft 365 implementation,
they may find themselves drinking from a firehose with the volume of information that
is shared throughout the project process. Consultants can better support these new
organizations by capturing all recommendations, newly established governance, and
training in one playlist for the Microsoft 365 product owners. The organization now has
one place to look for all historical information as they continue on the intranet
development journey after the engagement has ended. Since the content is in Learning
Pathways with all other training content, even the power users have only one place to
look for everything they need whether it is a basic action in SharePoint or custom
development to an SPFx web part.
Conclusion
Learning Pathways is immediately helpful to an organization as it comes with a
SharePoint site collection with Microsoft documentation pre-loaded into playlists. The
content is updated and released by Microsoft removing the burden from the
organization to document training and keep it up to date. Organizations can now focus
on extending learning pathways by customizing playlists, adding their own assets, and
focusing on structuring their content to best support their end users.

Advanced Highlighted Content Web
Part
７ Note
Highlighted Content Web Part - tl;dr

The Highlighted Content Web Part (HCWP) is used for displaying content from one
or more buckets – more than one list, library, or data source in a single place on a
page.
It's an out of the box web part - style options are Grid, List, Carousel, and Filmstrip.
This article assumes you're a site owner and not looking to custom code your own
solutions.
The type of content - and where you query it from – change your HCWP
configuration and filtering choices.
HCWP filtering capabilities are more complex than most other modern web parts.
You can use KQL, CAML, and/or Managed Properties to filter and display specific
results. We'll cover examples of that here.
As a site owner making pages for SharePoint or Teams, you understand the value of
automatically rolling up content from multiple lists, libraries, and sites to display them
on a page. Using built-in list or library web parts work fine... but your end users never
put things in just one place. They're empowered to self-organize their content across
multiple sites! The Highlighted Content Web Part can help here, automatically showing
users the right content on a page, regardless of its physical location.
Modern pages, modern web parts
Site Owners may remember classic web part pages and their content rollup web
parts. The Highlighted Content Web Part is the successor to the Content Query and
Content Search web parts. The mental model is very similar, but HCWPs only work in
modern pages.
What should I learn?
To dig into the real power of the HCWP you'll need to increase your knowledge in key
SharePoint areas and technologies. Here's the learning path you should traverse:
1. HCWP fundamentals
2. Site Columns
3. Managed Properties and SharePoint Search
4. KQL
5. Maybe CAML (But, maybe you don't have to?)
1. Fundamentals
If you're new to the Highlighted Content Web Part you can start by reading Microsoft's
documentation. In fact, even if you have used the HCWP before, this existing
documentation is a must read.
Use the Highlighted content web part
This Community Docs article won't rehash what's already covered there.
2. Learn about Site Columns

Knowing what a Site Column is, and how it relates to SharePoint Search, will be
important for setting up Managed Properties (the next step).
Start your Site Column learning with these Microsoft Community Docs articles:
What is a Site Column
List Column or Site Column - Which one to choose?
 Tip
It is fast and easy to make a new list or library column – but if there's a chance you
think you'll need to filter by it with a HCWP, create that List Column into a Site
Column instead. Taking an existing List Column and converting it to a Site Column
can be a lot of manual work.
3. Managed Properties
Beyond the basic filter options of the HCWP (like "Title includes" or "content includes"
or dates), the HCWP allows more advanced filtering and sorting by a Managed Property.
For the HCWPs, the Managed Property is one of two things:
1. A built-in property, no search configuration required. IsDocument is an example -

this one lets you include or exclude documents in a query. Another built-in
Managed Property is Author which queries content based on the Microsoft 365
user who created (Created By) the object.
2. A Site Column associated Managed Property - where a Site Column in a list or
library is made available through SharePoint Search as a Managed Property. This
requires some configuration.
Managed Properties are available to filter and sort in HCWPs either through the regular
filter interface or via the more customizable KQL and CAML interfaces. More on that
later.
Start your Managed Property learning with this Microsoft Community Docs article:
How do Site Columns Become Managed Properties for Search?
And more here with Microsoft's documentation:
Manage the search schema in SharePoint
 Tip
Is your recently-configured Managed Property ready for HCWP filtering or sorting

yet? In SharePoint Online, sometimes it takes a little while once you've mapped the
Crawled Property to the Managed Property before that Managed Property is
available. While you're waiting, test availability via regular SharePoint Search first. If
you can search for results by a Managed Property in Search, you can filter content
by that same property in your HCWP.
4. Using KQL to query, filter, and sort

Once you've added a HCWP to a page, you'll have to tell the web part where to look,
and what to display. At first, the web part's basic filter and sort options seem like they
should cover most situations. But as you progress further into more complex projects
(and your users realize the capability displaying very specific content on a page) you, the
site owner, may find yourself needing to build out HCWPs with Custom Queries using
KQL (Keyword Query Language) .
Good thing you set up all those Managed Properties from Site Columns already! KQL
filtering and sorting is one of the payoffs for that work.
KQL runs a search over a specific area of content and returns results in your HCWP.
A very basic KQL query in a HCWP might look like:
author:"Patrick Doran"
While a more complex one might look like:
LastModifiedTime>=2021-06-01 AND LastModifiedTime<=2022-04-26
７ Note
Spacing counts – A space between a colon and a " might return a very different
result.
Start learning KQL by reading Microsoft's reference:
KQL Syntax Reference
KQL Pro Tips
A Path to success – The Path property is built -in and can quickly narrow down
scope if you know the list(s) and library(s) you want to get content from.
Path:"https://mytenantname.sharepoint.com/sites/HumanResources/Enrollment"
Narrow it down further with the built-in Filetype property:
Path:"https://mytenantname.sharepoint.com/sites/HumanResources/Enrollment" AND
Filetype:"XLSX"
Many conditions – If you have a lot of conditions, wrap statements in parentheses

to make readability easier and enforce what should be AND versus OR.
(Author:"Patrick Doran" OR Author:"Sally SharePoint") AND (Filetype:xlsx OR
Filetype:docx)
Helpful built in syntax for HCWPs

Hopefully now you understand the why behind Managed Properties and KQL. Below are
examples of helpful KQL search syntax terms that are all built into SharePoint Online
(and probably are there for your SharePoint 2019 site). They're already configured and
can save a lot of time in many HCWP scenarios.
Use these to filter and sort your content:
Managed Type Note Example

Property
IsDocument True or False Identifies if content is IsDocument:"True"

a Document or Page.
List Items are are
false here.
Filetype File extension An extension, like Filetype:xlsx

XLSX or DOCX or PDF
Author Someone's This more or less Author:"Tricia Teams" or Author:

name, or the equates to the {User.Name}
SharePoint SharePoint 'Created
property for By' field.
the current
user
Path A URL, or It might be a URL of a Path:

part of a URL specific list, library, or https://mytenant.sharepoint.com/sites/* .
everything in the
whole tenant. Note
you cann use
wildcards ('*') here
and in other KQL
queries.
ContentType Text Any available Content ContentType: Document or ContentType:

Type that SharePoint EnrollmentDocs
Search can access
There are many more built in Managed Properties you can use; these are just some of
the most commonly useful ones.
 Tip
A Find a managed property search in the HCWP filter configuration panel will show
you some of what's built in versus what's custom:
4. Using CAML to query and filter
If your HCWP is displaying content from a specific document or pages library, you can
use CAML. If you've ever seen an XML file or RSS feed, CAML looks a lot like that.
An example CAML statement to filter data in a HCWP might look like:
XML
<Query>
<Where>
<Geq>
<FieldRef Name="Expires"/>
<Value Type="DateTime">
<Today/>
</Value>
</Geq>
</Where>
<OrderBy>
<FieldRef Name="Modified"/>
</OrderBy>
</Query>
This is looking for a column called Expires, where the value is equal to today or after and
its sort order is by Modified date.
Start learning CAML via Microsoft's documentation:
Learn about CAML query schema
７ Note
CAML vs KQL: Which one do I use?
With two Custom Filter options for a Highlighted Content Web Part, picking one
comes down to the type of data you're filtering. A HCWP scoped to a single list or
Document/Pages library only lets you filter with CAML, while all other scopes let
you filter with KQL.
In many scenarios, KQL might be able to do everything you need, and may be easier
to write versus long, complex nested CAML queries.
If you want to use KQL in a
document library, just set the query to the site (rather than a particular library) and
scope it with the Path managed property.
Real-world examples
The rest of this article will provide scenarios and tested examples to show you some
possibilities.
 Tip
Since this article is part of the Microsoft Community Docs, you're encouraged to
contribute your own scenarios!
Get started contributing here: Microsoft
Community Docs
Scenario 1: Contract documents across siloed department

sites
In your organization, a new contract process required documents from different
departments. The vendor qualification document sat in the Quality team, the contract
review doc was with Legal, and the vendor initiation worksheet was with Purchasing.
These documents lived in each department's own separate Communications Sites and
needed to be presented in on a single page.
This looks like a job for the Highlighted Content Web Part!
Your libraries might be in sites like:
https://mytenant.sharepoint.com/sites/Legal/Shared Documents/
https://mytenant.sharepoint.com/sites/Quality/Shared Documents/
https://mytenant.sharepoint.com/sites/Purchasing/Shared Documents/
As the person setting up the HCWP:
You'll use a HCWP to retrieve documents from 3 different sites in the same tenant.
Each document will have a shared Site Column with a value applied. The HCWP's
job is to return any documents with a matching value for this Site Column.
You'll query based off a Site Column called "Contracts" and will be looking for a
value of Legal, Purchasing, or Qualifications
You'll make sure the same Site Column is available in all three sites, in the three
libraries.
７ Note
Adding the Site Column is probably easiest if you can do it the SharePoint Admin
Center. Don't forget to publish it!
Setup with regular Filtering (not a Custom Query)

1. In your HCWP, set your Source to be All Sites or maybe a Hub Site if you're using
one. You could also pick 'Selected Sites' if you're' sure the documents you want to
show will only come from Legal, Quality, and Purchasing. libraries. Leave the Type
as Documents and Document Type as Any.
2. Under Filter, you could pick Title includes the words and add one filter each for
Legal, Quality, and Purchasing as long as those are the file titles. This option is a
little riskier because someone could upload another file with those words in the
title and they'd also appear in the web part.
The safer call here is to use SharePoint metadata. Since you've already added the
Contracts column as a Site Column, and flagged each file as wither Purchasing,
Legal, or Qualification, let's use that instead.
3. In Site Settings, check to see if this column is already a Managed Property with a
Crawled Property associated with it. Once that's done, head back to your page, edit
your HCWP, and set the Filter values based on your Managed Property. You'll find
it using the word 'Contract' and the Managed Property Name will display soon. In
these screen captures, we've added the three filters (of the same type, so they are
OR not AND)
And that should be all you need to do. If you've uploaded and tagged your documents,
added the right values to the Site Columns, and configured the Managed Properties
correctly, you'll see three docs displaying in the web part.
Setup up with KQL

Assuming you've set up Managed and Crawled properties for the Contracts column in
SharePoint Admin center, you should now have a property like ContractsOWSCHCS
(though yours might be named differently).
In your HCWP, choose 'Custom Query' instead of 'Filter' and set the Source to be 'All
Sites'. Now enter this in the Query text (KQL) field, and click Apply:
isDocument=true AND (ContractsOWSCHCS: Legal OR ContractsOWSCHCS: Purchasing OR
ContractsOWSCHCS: Qualification)
Your HCWP should now show your three documents.
Setting up with CAML

CAML is not supported in this scenario. As we're looking for documents across multiple
sites. CAML only shows up as a HCWP custom filter option when you select 'A document
library in this site' or 'A page library in this site' for the Query source.
Scenario 2: Showing the right content at the right time

Another common scenario might be displaying Human Resources documents on an
intranet Communication Site during annual enrollment. There are many supporting
documents for medical, dental, vision, wellness, life insurance, etc that an employee
might need to access. These benefits documents are changed each year at a specific go-
live date for open enrollment, but the structure of the Benefits site generally stays the
same.
There is a short period of time where the current year and future year documents need
to both be accessible as well.
Using SharePoint metadata columns in libraries to indicate benefit type and year - paired
with a HCWP - make for easy transitions as the HCWP filtering query just needs to be
updated.
In this scenario we'll assume:
Our single HCWP will appear on a page in a Communications Site.

A single SharePoint Document Library with extra two columns – a date one for
year, and a choice one for benefit type.
Since this is a formal process, you'll make a new Content Type and Site Columns up
front.
You, the site owner, will manually change the dates in the queries when enrollment
season starts and ends.
Scenario library setup:
1. Create a library
2. Create Content Type
3. Create site columns for Year and Benefit Type columns and add those to your
Content Type.
4. Enable the new Content Type in the library. (This will also add your Site Columns.)
5. In Site Collection Search, map the Crawled Properties to Managed Properties for
both Site Columns. Pay special attention to the Year column, which needs to be a
date/time Managed Property.
6. Add documents to the library, and make sure you populate the Benefit Type and
Year values.
7. Go get a coffee or tea and wait for SharePoint Search to crawl your library and site
columns.
Your new library might look like:
Name Year Benefit Type Content Type
Dental for Annual Enrollment.docx 1/1/2023 Dental Enrollment
Life Insurance Enrollment.pdf 1/1/2022 Life Insurance Enrollment
Medical Insurance Enrollment Form.pdf 1/1/2023 Medical Enrollment
Vision Enrollment Form.pdf 1/1/2023 Vision Enrollment
Wellness Worksheet.xlsx 1/1/2022 Wellness Enrollment
Setting up with regular Filtering (not a Custom Query)
Add your HCWP to the page, pick Filter instead of Custom query, and set your source to
be the document library with your Content Type and Site Columns.
Under Filter, search for the Enrollment Content type you made. Then add additional
Managed Property filters for Year which is a Site Column you added. And because it's a
date/time column, the HCWP will ask you to specify a range of time to filter. Before,
After, or Between.
In this case – set Year between 01/01/22 and 12/31/22. The HCWP will show only
documents from that library for 2022.
Setting up with KQL

Add your HCWP and pick Custom Query, and set your source to be the entire site. (If
you select Document Library, the HCWP will default to CAML).
Your KQL query will look something like this:
ContentType: "Enrollment" AND (EnrollmentType: "Vision" OR EnrollmentType: "Dental"

OR EnrollmentType: "Medical") AND (Year>=2022-01-01 AND Year<=2022-12-31)
In this example, ContentType is a built in Managed Property that allows you to reference
the Content Type you already associated with your library.
Setting up with CAML
Add your HCWP and set the scope to be this one document library. When you pick
Custom Query, the interface will look a lot like the KQL syntax query, but it will
specifically request you input CAML.
 Tip
Valid CAML Query isn't trivial to write. There are a variety of 3rd party tools and
plugins designed to connect with your SharePoint site and help you build out the
query that'll work in your environment.
Scenario 3: Showing very specific, personalized list items

Often in SharePoint you'll have a list that becomes a database – a source of truth for
many users. Often there is some criteria – "top 10 highest grants this month" or "All the
grants issued in Hawaii" – that really matter. Those can be put in a page using a HCWP.
For our scenario, we have a large list (10k items) of grant applications that was imported
from a spreadsheet. Customer wants to see cards on a page with just items they've
created and just ones from their home territory of Idaho.
Setting up with regular HCWP Filtering
This is probably the easiest approach. We'll use three filters to meet this customer's
needs.
Set source to All Sites. First filter with be using the built-in Managed Property of Path .
Setting this up with CAML
CAML won't work here – it only works for documents and pages.
Setting up this scenario with KQL

Add your HCWP and pick Custom Query and set your source to be the entire site. You'll
now write KQL syntax that scopes the returned list items to the Path of your List, filters
by any item that has the word 'Idaho" in it, and only items where you've created or
modified:
(Path:https://mytenant.sharepoint.com/sites/DemoSite/Lists/Demo%20Grant%20List AND
"Idaho" AND Author:{User.Name})
Pro HCWP Tips

The built-in Managed Property Path has real power. It lets you specify scope all
the way from a single list item to an entire tenant. No configuration required. With
some wildcards and a little time, you can build some useful KQL to bring back
content you want.
If you can configure your Managed and Crawled Properties in the SharePoint
admin center, you should.
Once you get proficient at HCWPs, you might rely exclusively on Custom Queries
with KQL for filtering. But if you can use the built-in filters under Filter and Sort,
maybe you should? The next person coming along to update your web part might
not have read this article and HCWP's built-in filters are a little easier to read if
you're new.
The built-in filtering guidance from Microsoft's documentation is worth
remembering: "When you use multiple filters, your results will be based on OR
operations for filters of the same type, and AND operations for filters of different
types."
The Trending sort and filter pulls from OneDrive, too. That may/may not be what
you want.
If you want to enable Audience Targeting in your HCWP, you need to also enable it
in the list/library first.
Keep Reading
The time you invest in learning the HCWP will help you in other areas of the Microsoft
365 platform, especially with SharePoint search. Keep learning:
Content Type Filters in Modern SharePoint from Joanne Klein
Modern SharePoint Web Parts: Highlighted Content Web Part from Lightning
Tools
Highlighted Content Web Part Custom Query from Lighting Tools
Managed Properties in SharePoint Online and Crawled vs Managed Properties in

SharePoint Online from SharePoint Maven
SharePoint Online Highlighted Content Web Part from SPGuides.com
CAML Query Examples in SharePoint from SPGuides.com
How Do Site Columns Become Managed Properties - Thus Available for Search
from Microsoft Community Docs
Crawled and Managed Properties Overview from Microsoft
How to Display a list of sites on a Modern Web Part page from TechNet
KQL Basics in SharePoint from Mikael Svenson
CAML Query Syntax in SharePoint from SharePoint Cafe
Principal author: Patrick M. Doran . Thanks to Emily Mancini for contributing scenario
examples.
Using Shared Channels (Teams Connect)
for External Collaboration
７ Note
One of the most exciting announcements from Ignite 2021 was that of Shared
Channels (Microsoft Teams Connect) which seemingly promised to finally resolve the
considerable friction involved with cross-tenant collaboration (collaborating with other
organizations using Microsoft 365). The idea of Shared Channels was simple, yet
powerful. Instead of moving between Tenants to access information, allow for that same
information to be available within your home tenant! Now that we've been able to see it
in action in the Public Preview, what do we think? Has it realized the hype from last
year?
What Are Shared Channels

At its simplest, a Shared Channel is essentially a 'collaboration space' that can be re-
used in multiple places. Because it is reused, it implies that it can be accessed by
different users than those who are in the Team. Only members of the Shared Channel
can access it.
There are a few ways these channels can be re-used:
1. Reused in multiple Teams across tenants (this article) so that users from multiple
organizations can work together in the same 'space' without needing to switch
tenants.
2. Reused in multiple Teams in the same tenant (see this article for details) so that
users from multiple Teams can work together in the same space without needing
access to the same Teams
Shared Channel Limitations

While Shared Channels offer most of the same functionalities available within other
channels, there are a few features that are not supported, including:
Only Azure AD work or school accounts are supported for external participants.
Guests cannot be added to Shared Channels (see here ).
Shared channels support tabs except for Stream, Planner, and Forms.
Line of business (LOB) apps, bots, connectors, and message extensions are not
supported.
You cannot remove a shared channel from the parent team within which it was first
created
When you create a team from an existing team, any shared channels in the existing
team won't be copied over.
Notifications from shared channels are not included in missed activity emails.
No Loop Components
Not supported in Class Teams
For more details see Shared channels in Microsoft Teams.
Potential Benefits for External Collaboration

Shared Channels promised to resolve a list of common challenges with effective
collaboration between organizations, including:
No more painful tenant switching: By seeing cross-tenant channels as Shared

Channels within our own environment, the lines between organizations become
blurred and work can take place unhindered
Avoid over-sharing information: By allowing for privacy of content at the channel
level, we avoid the risk of users seeing content elsewhere within the Team and
Microsoft365 Group.
Reduce Team proliferation: Instead of creating a long list of barebones and
shallow Teams, merely to support a sharing across organizations, we can now
facilitate fewer but 'architecturally deeper' Teams
Improve visibility of information and reduce duplication of content: By allowing
for centralized channels, we can reduce and eliminate channels created for the
same purposes but spread across multiple teams, and reduce them with a single
source of truth which also simplifies the management and monitoring of
information within the channel
Potential Challenges
Without getting into the technical details, Teams Connect (Shared Channels) relies on
something called Azure B2B Direct Connect, which is different than B2B Collaboration
used for External Collaboration (Guests). The big difference is that this requires
organizations to trust one another's security (essentially to 'federate' identities) in order
for this feature to be available.
The key portion here is that B2B Direct Connect requires a mutual trust relationship
between two Azure AD organizations to allow access to each other's resources. Both
the resource organization and the external organization need to mutually enable B2B
Direct Connect in their cross-tenant access settings. While this may not seem like the
end of the world, it does seem counter to the well-known concept in Cyber Security of
Zero Trust, especially its well-known adage 'never trust, always verify.'
A more 'trusting' security stance may be possible for organizations with subsidiaries, or
companies that all operate under shared ownership, we feel this is going to be a
massive challenge for most organizations, especially those with strict security policies.
This is hugely disappointing and we've heard this sentiment echoed by many clients and
partners with whom we've discussed the topic.
How To Set It Up
1. Access Azure AD > Identity Governance > Cross-tenant Access Settings
2. Add an organization to enable B2B Direct Connect
3. Find an organization by domain or Azure ID
4. Setup Default Inbound/Outbound Settings (Host Tenant)
5. Have other tenant admin perform these steps for their organization (Recipient
Tenant)
6. Setup Shared Channel (Host Tenant)
7. Send Channel Share Request (Host Tenant)
8. Accept Shared Channel (Recipient Tenant) and select Team for it to reside in
9. Approve Shared Channel Placement (Host Tenant)
The result:
Note: This sample opened up bi-directional sharing for all users in both organizations.
Microsoft allows further granular controls on B2B direct connect and many additional
security settings.

Using Shared Channels (Teams Connect)
for Internal Collaboration
７ Note
One of the most exciting announcements from Ignite 2021 was that of Shared
Channels (Microsoft Teams Connect) which seemingly promised to finally resolve the
considerable friction involved with cross-tenant collaboration (collaborating with other
organizations using Microsoft365). The idea of Shared Channels was simple, yet
powerful. Instead of moving between Tenants to access information, allow for that same
information to be available within your home tenant! Now that we've been able to see it
in action in the Public Preview, what do we think? Has it realized the hype from last
year?
What Are Shared Channels

At its simplest, a Shared Channel is essentially a 'collaboration space' that can be re-
used in multiple places. Because it is reused, it implies that it can be accessed by
different users than those who are in the Team. Only members of the Shared Channel
can access it.
There are a few ways these channels can be re-used:
1. Reused in multiple Teams across tenants (see this article for details) so that users
from multiple organizations can work together in the same 'space' without
needing to switch tenants.
2. Reused in multiple Teams in the same tenant (this article) so that users from
multiple Teams can work together in the same space without needing access to the
same Teams
Shared Channel Limitations

While Shared Channels offer most of the same functionalities available within other
channels, there are a few features that are not supported, including:
Only Azure AD work or school accounts are supported for external participants.
Guests cannot be added to Shared Channels (see Guests and shared channels in
Teams ).
Shared channels support tabs except for Stream, Planner, and Forms.
LOB apps, bots, connectors, and message extensions are not supported.
When you create a team from an existing team, any shared channels in the existing
team won't be copied over.
You cannot remove a shared channel from the parent team within which it was first
created
Notifications from shared channels are not included in missed activity emails.
No Loop Components
Not supported in Class Teams
For more details see here.
Potential Benefits for Internal Collaboration

Interestingly, while it was not the focus of early demos and previews from Microsoft,
there is one very interesting use case for Shared Channels that does not require the
need for external security decisions. In fact, it doesn't even relate to collaboration with
external organizations. Though counter-intuitive to its original premise, there is a very
real use case for Shared Channels within an organization to streamline knowledge
management and sharing! Rather than needing to create such spaces as separate
'communities', traditionally entire Teams, we can now create these as re-usable channels
and add them wherever we need - a much more flexible and modular approach.
It is important to note that some organizations are already using Yammer for some of
these use cases, and we do not intend to imply this is a bad approach. Yammer has
fantastic community-based functionality with its great Q+A features and much more.
That being said, for organizations not ready or willing to introduce another tool into the
mix, there is now an option available within Teams that can simplify information
management, and streamline communication without adding considerable new layers of
complexity.
Some benefits we see of this internal use case include:
Access to useful information within the context of an existing Team, such as a

project
Reduced Teams proliferation
Fewer Teams that must be made Public, or that require inviting huge swaths of the
organization as users
Single Source of Truth
Better retention of knowledge and simpler knowledge management
Better visibility and 'findability' of important information
Potential Challenges
One issue we see with Shared Channels is just how confusing the whole experience
seems to be for end-users. Firstly now users have a choice of 3 types of channels that
they can create:
This can be confusing as users rarely know the different channel type (Public vs Private)
but now there is another one in the mix. This will require significant knowledge on
behalf of users to understand the subtle difference.
Also when sharing a Shared Channel the options are even more strange and confusing:
The options are confusing to many users. While the choice of 'People' is straightforward,
selecting a 'Team' actually prompts the user to find a Team Owner, not a Team. This
Team Owner will decide where the Channel will be placed. Again this leads to all sort of
confusion to what exactly a Shared Channel is, who is a member and who can access it.
How to Set It Up
1. Ensure Shared Channel creation is enabled in Teams Admin > Teams Policies
2. Locate the Team that will serve as the permanent host
3. Click Add Channel, give the channel a Name, then select Shared Channel for
Privacy
4. Once the channel is created, click Manage Channel for the new Shared Channel
5. Using the button at the top right, click Share with a Team (for a team owned by
someone else), or Share with a Team You Own (for a team you own
If Sharing with a Team You Own, find the Team from the list and click Done.
If Sharing with a Team (i.e., Sharing with a Team you do not own) locate the
Team Owner and click Send Invite. This will send the invite to the Team
Owner to approve and they will select where to use this Channel. Once they
have Accepted, a notification will arrive prompting you to to Approve where
they have placed it. If you cannot locate the notification, return to Manage
the Channel and view Sent Invites.
The result:

Working with modern client-side pages
using PnP PowerShell
７ Note
７ Note
The below sample codes is updated to work with the PnP.PowerShell version 1.11.0
If you need to work with SharePoint Online, whether it's doing some minor
modifications or building a custom SharePoint provisioning solution, PnP PowerShell is
one of the greatest tools there is. It will certainly help you achieve your goals. PnP is a
lot more than just PowerShell, but since I'm an IT-Pro at heart, PowerShell is the number
one tool I have in my toolkit.
First things first, if you are unfamiliar or new to PnP, head over to the PnP PowerShell
overview to get introductions and guidance on how to setup this.
PnP PowerShell overview
Client-side pages is a big topic. In this article I will cover some real world use cases
where I've been using PnP PowerShell.
Some basics
 Tip
Client-side page is a term we use to tell others that the page we are working
with is a SharePoint modern ".aspx" page.
Currently Site Designs and Site Scripts don't have support for Client-side
pages
You should be the owner of the site you are working with as it will make a lot
of things easier
Connecting to SharePoint with PnP
This is the first command we need to know in PnP:
PowerShell
Connect-PnPOnline -Url $siteUrl -Interactive
７ Note
The switch "Interactive" will make sure you can authenticate if your account is
configured with MFA, and provides more features.
But this requires the tenant
admin approval of the "PnP Management Shell" app in Azure AD, and it's not easy
to get this approval sometimes.
After connecting you can start working with the pages you have in the site.
The code below will create a new page named "Welcome" and add some web parts on
the page.
PowerShell
#Set variable pagename
$pagename = "Welcome"
#Add 3 new sections to the page
$page = Add-PnPPage -Name $pagename -LayoutType Home #Using layouttype

Home, removes the title and banner zone
Add-PnPPageSection -Page $page -SectionTemplate OneColumn -Order 1 #

OneColumnFullWidth is only available if the site is a Communication site
Add-PnPPageSection -Page $page -SectionTemplate TwoColumn -Order 2
Add-PnPPageSection -Page $page -SectionTemplate OneColumn -Order 3
#Add Hero webpart to page
Add-PnPPageWebPart -Page $page -DefaultWebPartType "Hero" -Section 1 -

Column 1
#Add text webpart to page
Add-PnPPageTextPart -Page $page -Text "Lorem ipsum dolor sit amet,

consectetuer adipiscing elit. Maecenas porttitor congue mass a. Fusce
posuere, magna sed pulvinar ultricies, purus lectus malesuada libero, sit
amet commodo magna eros quis urna." -Section 2 -Column 1
#Add the list webpart to the page, but stating that it's a document
library then add the library GUID
Add-PnPPageWebPart -Page $page -DefaultWebPartType "List" -Section 3 -

Column 1 -WebPartProperties
@{isDocumentLibrary="true";webRelativeListUrl="/Shared Documents"}
Now we want to modify another page:

Home.aspx
We'll start by creating a $page output containing the details about the page.
PowerShell
$page = Get-PnPPage -Identity Home.aspx
$page.Controls # this will give us a full view of all webpart on the

page, and their properties
Based on the output above, running the below code will give us the properties of the
"Document library" webpart on the page, and you can see that it's linked by default to
the default document library.
PowerShell
$page = Get-PnPPage -Identity Home.aspx
$webpart = $page.Controls | ? {$_.InstanceId -eq "ffa23c74-bf22-42d0-

8889-9a996fd8642b"}
$webpart.PropertiesJson
We create a new view in the Document Library and set this as standard for the webpart,
then run the above code one more time. Note the "viewid" value in the URL.
The new output will have a lot more details about the new webpart configurations:
"selectedListUrl":"/sites/DEMO505_72/Shared Documents"
"selectedListId":"6a041fef-b2a2-45b4-b827-c1b268bc63d3"
"selectedViewId":"4f8130a7-fa49-4c65-bafe-d3b738811187"
In order to work with the webpart properties through PowerShell, I had to convert the
properties from JSON, make changes, convert back to JSON, then update the web part.
For example, if we want to set the default web part view without manually editing the
page, first we need to find the view ID. You will find this in the library when you change
the view, or by using "Get-PnPView".
I now have two views in my library:
AllItems | 43539779-8800-4745-a680-01aca0c43139
Modified by Jimmy | 4f8130a7-fa49-4c65-bafe-d3b738811187
Code to update the webpart
PowerShell
$webpartJson = $webpart.PropertiesJson
$webpartobj = ConvertFrom-Json -InputObject $webpartJson
$webpartobj.selectedViewId = "43539779-8800-4745-a680-01aca0c43139"
$webpartJson = ConvertTo-Json $webpartobj
$webpart.PropertiesJson = $webpartJson
$page.Save()
$page.Publish()
Current web part view:
New webpart view:
Above is the technique I use when I want to work with specific pages. When I want to
provision SharePoint sites with a certain configuration and pages, normally I combine
the above with PnP Provisioning template commands.
Firstly I will create an export of all pages from my template site.
PowerShell
Get-PnPSiteTemplate -Out "C:\Development\template.xml" -Force -
IncludeAllClientSidePages #includeallclientsidepages will copy all other
pages in the site
７ Note
When running the above command you might see the following error: "Get-
PnPSiteTemplate : GetAccessTokenAsync() called without an ACS token generator.
Specify in AuthenticationManager constructor the authentication parameters",
proposed solutions to this can bee seen in below posts:
Get-pnpsitetemplate unauthorized , this is recommended if you can get approval

from your Azure Admins.
Cannot export site template
I will then clean the template.xml, by removing all other components that I don't need,
and in the "ClientSidePages" node you will find the web parts' instanceIDs that you can
reuse later.
To apply the template to a new site, in your script connect to the new site then run
Invoke-PnPSiteTemplate with the template:
PowerShell
Connect-PnPOnline -Url https://tenant.sharepoint.com/sites/$newsite -

Interactive
Invoke-PnPSiteTemplate -Path "C:\Development\template.xml"
Afterward, depending on your needs, add extra code to update the web parts.
Finally, I would like to thank everyone that has contributed and still contribute to PnP,
it's super #awesome and it's making my day easier everyday.
Useful resources
PnP PowerShell overview
Creating new client-side page

Should everyone create Teams? A Low
Code Provisioning solution
７ Note
This article shall shed a light on two aspects of Modern Workplace: Microsoft Teams
Provisioning using a low-code solution while ensuring that Teams Owners are digitally
literate enough to be responsible owners.
Uncle Ben was right: With great power comes great responsibility. If we give users great
tools with great power, we also need to make sure to properly skill them up. We also
need a lean process to deal with common asks.
Everyone wants to work with Teams, as it provides us the collaborative workplace we

need to be able to work from anywhere. And with Teams comes the relatively new
concept (at least for an end-user) of ownership. Owning a Team empowers users to
determine how they want to collaborate, but we should also enable users to make wise
decisions so they are literate enough to understand the implications.
Just blocking Microsoft 365 Groups / Teams creation and having an established approval
process owned by IT won't meet business needs. Your users will work around that and
find shadow IT solutions. Yet allowing everyone to create Groups and Teams will lead to
over adoption: too many Teams which should be channels, too many channels which
should be chats.
The key therefore is to balance these extremes.
Solution Overview
A user asks a chatbot for a new Team in natural language. A Power Automate flow picks
up this information and checks if the user is already in an Azure AD security group called
Educated Users. If the owner to be is already a member in this Educated Users security
group, a second Power Automate flow gets the manager's approval and provisions the
team. If the user is not a member of this group, the user will be invited for training and
testing.
If the user passes the tests, he/she will be added to the group of Educated Users (which
means that for the next Team request, he/she doesn't need to pass a test again) and the
second flow gets the manager's approval and provisions the Team.
If the user doesn't pass the test OR if the manager doesn't approve, notifications will be
sent and the process ends.
What we need to build before we do the

Chatbot
2 Security Groups in Azure AD: Educated Users and Uneducated Users
Events for training in a calendar
Form for training session invitations in Microsoft Forms
Flow to send session invitations
Form to test users
Flow to log tests in a SharePoint list
SharePoint list to calculate the result with a few calculated columns
SharePoint list to log all teams requests
2 Security Groups in Azure AD

Go to portal.azure.com, click on GROUPS and then on NEW GROUP. Give the group
names like "Educated" and "Uneducated". Assign your users to the groups. By default,
all users should be in the group of Uneducated Users.
Form for training session invitations in Microsoft Forms

Go to forms.microsoft.com and set up a form to ask which training sessions the user
wants to attend.
Flow to send session invitations

Go to make.powerautomate.com and create a new flow without a template. Use the
"When a new response is submitted" trigger from Forms, then the "Get the response
details" of the form add a filter query to get the right event from the calendar, then
update the event by adding the user to it.
Form to test users
Forms is able to do surveys (there are no correct answers) and quizzes (there ARE
correct answers). Unfortunately, you can't use the score of a quiz in Power Automate to
see if a user has passed the test. Therefore, create a normal survey and use a SharePoint
list to calculate the result of the test.
SharePoint list to calculate the result with a few
calculated columns
Create a new list in SharePoint with these columns:
Title
Given answer 1
Correct answer 1
Given answer 2
Correct answer 2
is answer 1 correct
is answer 2 correct
Total score
Result
For the calculated columns enter the following information in the Formula box.
is answer 1 correct: =IF([Given answer 1])=[Correct answer 1],"5","0")

is answer 2 correct: =IF([Given answer 2])=[Correct answer 2],"5","0")
Total score: =[is answer 1 correct]+[is answer 2 correct]
Result: =IF[Total score]<10,"not educated","educated")
Choose Number as the data type for the first three, and Single line of text as the data
type for Result.
Flow to log tests in a SharePoint list

This Power Automate flow creates items in our SharePoint list. Go to
make.powerautomate.com and click TEMPLATES, search for the "Record form
responses in SharePoint" template.
SharePoint list to log Teams requests
Create a new list and add columns Teamname, Description, Owner, Privacy, Status, etc.
Chatbot in Power Virtual Agents

We will now:
create a ChatBot in Power Virtual Agent (PVA)

create a Power Automate flow that's called from PVA
create a 2nd Power Automate flow to provision a Team based on the information
we got out of the first flow
add our bot as an App to Teams to publish it
Create a Bot in Power Virtual Agent

Go to Power Virtual Agents to create a new bot. Create a new topic and enter some
trigger phrases. Don't try to be too formal: the chatbot supports natural language
understanding powered by LUIS.
Outline the conversation in the Authoring Canvas. Ask all the questions we need to have
answered to provision a Team like: team name, description, owner, and visibility. You can
also ask for the first members or channel names. Save all inputs as Variables and give
them easily recognizable names like VarOwner or VarTeamName.
A flow that's called from PVA

Click on the + sign to create the next node after your last question / message in Power
Virtual Agent and click on CALL AN ACTION and then CREATE A FLOW
The PVA template will open up in a new browser tab. Save this template with a new
name.
Initialize your variables for all the information the user gives us so we can provision the
team: team name, description, privacy, owner, members and first channel.
After we took care of all variables we need to check the group membership of our
owner.
The CHECK GROUP MEMBERSHIP action returns the string of the Group ID if a user is a
member of the group and will return NULL if the user isn't member of that group.
Expression: empty(null)
If he/she is in the educated group, we can just log the request in the SharePoint list we
already prepared.
If the user is still in the Uneducated Group, we need to invite him/her to a training and
test him/her (and wait a bit so he/she can complete this).
To invite the user to the training and link him/her to the test, we can use Adaptive Cards.
If you never used Adaptive Cards before, just go to Adaptive Cards , select
MICROSOFT TEAMS as host applications and replace the text of one of the samples with
your text in the visual editor. Below, the Designer auto generates some JSON for you —
copy-paste this into a POST YOUR OWN ADAPTIVE CARD AS A FLOW BOT TO A USER
action.
This is how our card looks then:

The clickable buttons link directly to the forms for training sessions (remember, we
already built a flow to invite users automatically!) and the quiz (yet again, our flow logs
the answers and SharePoint calculates the result for us!)
Now we need to know if the user passed the test:
If the user passes the test, he/she will be added to the Educated Group and we log the
request in SharePoint. If the user doesn't pass, we will just send notifications and end
the process.
Create a 2nd flow to provision a Team based on the
information we got out of the first flow
Microsoft Graph
Power Automate doesn't provide an action "Create a Team". Therefore,
we will call Microsoft Graph to create teams, add members, create channels, and a lot
more, but we first need to authenticate to make this magic happen.
Register an app in Azure AD

Go to portal.azure.com and click on APP REGISTRATIONS, and click NEW REGISTRATION.
Give it a name and save the ID of your tenant and the ID of our App (Client) After that,
click on API PERMISSIONS (use APPLICATION) and select MICROSOFT GRAPH. We need
to add the Group.Read.Write.All permission and grant admin consent for that as well.
To make it work, we also need an App Secret. Please, save this. In this minimal viable
product, I just saved it in a variable, better to use Key Vault for that. Regardless where
we store the App Secret: You only have ONE chance to save it, as soon as you leave this
blade, you can't see it anymore.
This is what you need to do in the 2nd flow in Power

Automate
Your trigger is WHEN A NEW ITEM IS CREATED (remember, the PVA flow will end with
this action, so basically, the PVA flow kicks off our second flow).
Now we need to initialize the following variables:

Tenant ID, App ID, App Secret are strings and we get all these IDs out of the app
registration of the previous step
Group ID is a string as well but is empty for now
I was so tired of typing the Graph URL over and over that I put it into a var as well
— this is optional
We will later need the MailNickname to provision the Team.Mailnickname is the
Displayname of the Team WITHOUT spaces. Use the replace expression:
replace(DISPLAYNAME," ","") which just means, replace all spaces with nothing.
Manager's Approval
We will again create an Adaptive Card for this:
Depending on the outcome we let Microsoft Graph create first a group and then update
it to a team or we will end the process if the manager doesn't approve. Here is what
happens if the Outcome is not Approved:
We update our SharePoint list (status is now rejected) and we post another Adaptive
Card to our user to inform him/her and terminate the process.
If the Outcome of the Approval is Approved, we need to update our List as well and add
an HTTP Call to first create a Group:
As we do not only want a Microsoft 365 Group but also a Team based on that group, we
need the Group ID. To get this ID (remember, we initialized an empty var for that
already!), we need the parse JSON action and set our Group ID var to that value:
Now it's time to use another two HTTP calls for creating the Team and adding the
channel:
Please keep in mind to expand the SHOW ADVANCED OPTIONS and enter all
authentication information as shown in the Create a group step. Now update your
SharePoint list (status is no created) and inform your user with another Adaptive Card in
Teams:
Publish our Bot & add it as an App in Teams

To publish your Bot, just click on PUBLISH in PVA and choose Microsoft Teams as
Channel. Copy the APP ID and open App Studio in Teams, where you can create apps.
Paste in this App ID and fill in Name, Description, and some links for your privacy
statement and terms of use. As valid Domain use token.botframework.com. Download
your app as a package and then install it from Teams App Catalogue.
This is our result as a gif:
Coming back to the purpose of solutions like this:
The goal is to enable users and to give them great powers! We now have an easily
maintainable solution for IT and a very lean process for the business side of a company
to request common asks. We are more efficient as we only need to involve human
working time if needed. We don't need to spend lots of time to make users adopt this
system as the interface is easy to understand even for users who are not that tech-savvy,
plus we have a good chance to narrow the historical gap between business and IT. It's a
#BetterTogether story.
If you don't like the chatbot approach, you can also work with a request form in
Microsoft Forms or with Power Apps if you prefer another UI.
A few words on licensing

Licensing for this solution isn't covered by Microsoft 365 E3 or E5 subscription:
The HTTP connector is a Premium connector and requires therefore a Power
Automate Standalone Plan Learn more about Power Platform licensing.
Power Virtual Agents needs to be purchased separately, more info here
If you use a Power Apps Canvas App instead of Power Virtual Agents, you will still
need a Standalone License because of the HTTP connector.
Principal author: Luise Freese

Benefits of using PowerShell with
SharePoint
What is PowerShell?
７ Note
PowerShell is an automation scripting language from Microsoft, which was originally

only available on Windows devices, and built on top of the .NET Framework.
Since 2016,
we also have PowerShell Core which is open-source, cross-platform, and built on top
of .NET Core.
The version that ships on Windows devices is called Windows PowerShell, and the
cross-platform version is called PowerShell Core and is also available on Windows.
PowerShell for SharePoint

In the SharePoint world, we have multiple modules available, and which one to use
mostly depends on your SharePoint infrastructure. Is it SharePoint on-premises? Is it
SharePoint Online?
Let's have a look at all the different modules currently available for SharePoint.
Client-Side Object Model (CSOM)

The Client-Side Object Model is more intended for developers, as they will use it to build
applications by accessing many SharePoint functionalities. But it can be used by
administrators when native PowerShell cmdlets don't exist, or to create scripts.
SharePoint PowerShell Snapin

Whenever we use PowerShell, we usually install the required module, and run Import-
Module . However, with SharePoint on-premises, before you can access the cmdlets
(except if you're on the pre-loaded SharePoint Management Shell), you need to run
Add-PSSnapin Microsoft.SharePoint.PowerShell . Not a big deal, but something to know.
There's a lot of possibilities to manage your environment with the SharePoint on-
premises cmdlets, as the module contains approx. 840 cmdlets.
SharePoint Online Module (by Microsoft)

Microsoft also created a module for SharePoint Online , however it contains approx.
162 cmdlets (late 2019).
That's a big drop from the on-premises version, isn't it? But when you think about it, it
makes sense. With SharePoint Online, as you may know, there's a lot Microsoft is taking
care of, therefore there's no need for us to manage databases, Service Applications, or
even Web Applications as a few examples.
PnP PowerShell (Patterns & Practices)

PnP PowerShell is a Community initiative/effort and is available on Github.
It combines
complex CSOM cmdlets in the background, and gives us the look and feel of native
PowerShell that we are familiar with. PnP.PowerShell (latest version) supports SharePoint
Online only. For those using on-premises SharePoint, PnP-PowerShell (legacy version)
works with SharePoint 2013, 2016, 2019 and SharePoint Online but is no longer being
maintained.
Currently (late 2019), and depending on the SharePoint version, there are approx. 400
cmdlets, and 4 modules available for:
SharePoint Online
SharePoint 2019
SharePoint 2016
SharePoint 2013
CLI for Microsoft 365

Also part of the PnP initiative is the CLI for Microsoft 365 . This allows you to manage
your Microsoft 365 tenant and SharePoint Framework projects on any platform.
No matter if you're on Windows, macOS or Linux, using Bash, Cmder or PowerShell,

using the CLI for Microsoft 365 you can configure Microsoft 365, manage SharePoint
Framework projects and build automation scripts.
So why should I use PowerShell?
As mentioned at the beginning, PowerShell is an automation scripting language.
Therefore, most of the tasks that require many 'clicks' or are repetitive should be
automated.
PowerShell is used primarily for bulk actions, or complex automation tasks
mixed with other files format like .csv, .json, or .XML, and will reduce most time
consuming efforts in the long run.
If you need to create only one site collection, using PowerShell wouldn't really be
beneficial.
Real world scenario

Imagine it's Friday 4.00pm, you are just tasked to create 100 Site Collections, and you
can't be late for a very important appointment that day. Do you think you can achieve
that manually, (very) quickly so you can leave early? 😰
Chances are... you're going to miss your appointment.
If you use PowerShell, it's likely to take less than 5 mins, and off you go!
Anything else?
Sure, you have other purposes for using PowerShell in SharePoint of course.
Other than
creating things, you can change/remove them all at once on multiple sites, extract
information like Users/Groups/Permissions, and even integrate with other platforms like
Azure to automate your most complex tasks!
More examples where PowerShell is used:
Site Scripts & Site Designs

WPF Applications (Graphical User Interfaces)
Reports on Site Collection Inventory
Who should know PowerShell?

This question might be a bit tricky for some.
Administrators should definitely know PowerShell. No question about that.

Site Owners mostly delegate to administrators if there's a lot of activities to
perform on their site(s).
End-Users are unlikely to need PowerShell unless it's one of their interest.
PowerShell Development is also a known skill and usually coupled with other ones like
C#, or SQL Server to only name a few.
Why is it so important?
Managing SharePoint on-premises or online effectively and efficiently is crucial. This also
applies to other platforms like Active Directory, Microsoft Exchange, or Systems
Administration.
You don't need to be called a 'developer' to run a few cmdlets or create scripts.
If you live within the Microsoft ecosystem on a daily basis, you will likely use PowerShell
at some point.

Managing SharePoint Online Security: A
Team Effort
７ Note
Security has always been an important topic, and even more nowadays.
We want our
users to securely access the environment, share files, and our IT team to sleep at night
don't we?
In this article, we'll look at the most important settings in Microsoft 365 to help you
secure your SharePoint Online environment, and see how it involves more than
SharePoint administrators!
Note: Details on how to configure each settings is out of scope of this article, but links
to the official Microsoft documentation will be provided whenever possible.
Tenant settings
This should be the first place to go before even getting the users into SharePoint. But
unfortunately, most of the time the default settings remain untouched, and users start
using the platform.
There are a few tenant settings to pay attention to however. Sharing settings are
extremely important. If left to default, they can have dramatic consequences and lead to
data breaches. So let's start with this setting.
Sharing settings
To access the Sharing settings (tenant level), navigate to the SharePoint Admin Center,
under Policies, select Sharing.
The first thing that should make your heart beat faster at this stage is the slider for
SharePoint and OneDrive being at the same level as the word "Anyone". Isn't it a scary
thing to read that users can share files and folders using links that don't require sign-in
from the recipient? ANY recipient for that matter.
So unless you're absolutely sure that you want to keep it that way, slide down one level
immediately!
Note: You don't even need to know the exact company policy for OneDrive for
Business at this point. The slider will also follow the SharePoint setting down one level.
That's because you can't have a more permissive sharing policy for OneDrive for
Business than you have for SharePoint.
When you know what the company policy is, you can choose the appropriate sharing
settings between the following:
New and existing guests

Existing guests
Only people in your organization
More external sharing settings

Again, we have a few options available to help securing a bit more if necessary. You can
select them all or not. But it's not because you can that you should!
Limit external sharing by domain: If selected, you can Allow or Block specific domains. A
common scenario would be collaborating with specific customers or partners. This
setting is available at the tenant level, as well as at the site level.
Note: From the moment you choose to "Allow" one or more domains, the other ones
will be blocked. If you decide to "Block" one or more domains, the other ones will be
allowed.
Allow only users in specific Security Groups to share externally: If selected, members
of the security group(s) will be the only ones capable of sharing externally.
Note: This option is only available if your sharing settings (tenant) are set to "New and
Existing Guests" or "Anyone". For more information, please refer to the official
Microsoft documentation: Manage Security Groups.
Guests must sign in using the same account to which sharing invitations are sent: This
adds an extra layer of security to make sure that the user accessing the file(s) is the one
you expect to. Selecting this option is highly recommended when possible.
People who use a verification code must reauthenticate after this many days [number
of days]: New method where guests will authenticate using a one-time passcode for the
number of days you configured.
For more information about this feature, please refer to the official Microsoft
documentation: Secure external sharing recipient experience.
Site settings
SharePoint permissions... A vast topic, which most of the time, ends up in hair pulling
and sleepless nights. And things are not getting better when sites are group-connected!
See the permissions as crescendo. We start at the top (site level), and going down in a
granular fashion, we can assign them to items (documents).
SharePoint Groups
Regardless of the type of site (group-connected or not), when you create a site (although
it depends on the template), by default 3x SharePoint groups are created:
Owners
Members
Visitors
Each (built-in) group has a permission level assigned to it. Use those ones first, but if
they don't fit your needs, create a new SharePoint group, and assign your own custom
permission level to it.
You can copy a permission level, and select or deselect options for your requirements.
Best Practice: If necessary, create your own SharePoint group and permission level,
and avoid modifying or deleting the built-in groups. For more information, please
refer to the official Microsoft documentation about the Default SharePoint Groups.
Active Directory (AD) Groups

Most organizations already have an on-premises Active Directory, which is synchronized
to Microsoft 365. When assigning permissions to a SharePoint site, the recommended
approach is to add security groups to those SharePoint groups.
However, it's entirely possible to create Microsoft 365 security groups directly in the
admin center, and add those to your SharePoint site as well!
Active Directory groups are different from SharePoint groups. When you create a
SharePoint group, it will only be available within the site where it's been created.
Best Practice: Add security groups to your SharePoint groups for easy management.
Although it's possible to add users individually to sites, it will be harder to manage
down the line.
Breaking permission inheritance

Sometimes, you might need to share only a library or a document with a user, and not
the entire site. That's where we can break permission inheritance. This is more a Site
Owner responsibility, rather than for a site member responsibility.
When you create a site and then start creating libraries, lists, and upload documents, all
users accessing the site also have access to those libraries and documents. Remember
the crescendo thing? 😉
When breaking permission inheritance after creating the library or list, the default
SharePoint groups (i.e.: Owners, Members, Visitors) will still appear under the site
permissions settings.
Add your account (to keep access), then remove the default
SharePoint groups, and add whoever needs access to this library, which has now unique
permissions.
Site Sharing
Site sharing will differ if your site is connected to a Microsoft 365 Group or not. The
modern interface allows for a more comprehensive way to control permissions, and
offers more granularity when sharing.
Sites not connected to Microsoft 365 groups

If your site is not connected to a group, then not much has changed really. Despite the
modern interface, SharePoint aficionados will still recognize how to share a site, or be
familiar with the Advanced Permissions Settings.
Sites connected to Microsoft 365 groups
When connected to a group, you still have the possibility to share the Site Only.
Meaning that you don't have to share other resources associated with a Microsoft 365
group (i.e.: shared mailbox, Planner, etc...).
If however, you wish to share the site as well as including the user(s) within all the
resources provisioned with the Microsoft 365 group, then you need to select Invite
people >> Add members to group. The choice is yours! 😉
Change how members can share
Something else that might also mitigate how sharing occurs, is the possibility to select
between the following 3 options:
Site owners and members can share files, folders, and the site. People with Edit
permissions can share files and folders.
Site owners and members, and people with Edit permissions can share files and
folders, but only site owners can share the site.
Only site owners can share files, folders, and the site.
With regards to first 2 bullet points, the difference is that in option 2, only the site owner
will be able to share the site. Members will not. I have to admit, it confused me at first,
and I had to read it a few times!
While the 3rd bullet point is self explanatory, we can imagine that it might prevent users
from performing their tasks? What if you need to share something with a colleague or a
customer? And this will also add more work for the site owner...
This option could be used if your users are new to SharePoint, pending training for them
to be more confident in sharing, or simply because you really want to prevent them
from sharing.
Access Requests
If you observed the screenshot above, we also had Access Requests turned on by default.
What is this?
This feature has been around for a while, and is better that the dreaded "Access denied"
message with no possible interaction whatsoever! Although there is more configuration
to be done in SharePoint on-premises, everything is ready to go in SharePoint Online!
We don't have to worry about anything else than choosing who should receive those
requests, add a custom message for the requestor, and review the pending requests.
Two options for who should receive Access Requests:
Site Owners
Specific email
To know more about how to configure Access Requests, have a look at the official
Microsoft documentation: Set up and manage access requests .
Other Security Features To Consider
Multi-Factor Authentication (MFA)

The first that springs to mind, and not only related to SharePoint, is MFA to secure your
identities. A few years back, we were only thinking about applying MFA to (at least)
Global Admins, but really it should be applied on all accounts whenever possible.
Security and Compliance

After securing SharePoint as an environment, we'd also like to secure the data hosted in
SharePoint, right?
So we'll hear about Sensitivity labels, Retention labels and policies, Data Loss
Prevention (DLP), Sensitive info types... But where are those? Well, they are managed in
the Security and Compliance Center.
Should I manage and create those as a SharePoint Administrator? Probably not. This will
require someone with permissions to the Security and Compliance center, as well as the
knowledge to create labels and policies.
Ideally, this should be directed by company requirements, thoughtfully planned, and

carefully implemented.
Note: Depending on your current Microsoft 365 licensing subscription(s), and the way
features evolve quickly, please refer to the official Microsoft documentation: Microsoft
365 compliance.
Devices Accessing SharePoint Data

More options are available within the SharePoint Online Admin Center, but may rely on
an Azure subscription.
The following documentation is very interesting to help understand how Microsoft is

protecting the SharePoint and OneDrive for Business data, as well as providing other
links for your reference: How SharePoint and OneDrive safeguard your data in the cloud.
Conclusion
As we've seen throughout this article, SharePoint security is not only a matter of having
SharePoint admin permissions. It definitely is a team effort where so many other roles
are involved!

Basic Security Set Up for Microsoft 365
７ Note
Security within Microsoft 365

Microsoft 365, as a service, contains many administration portals, options, and
configuration settings focused solely on Security. Each service is protected
predominantly by Azure Active Directory for Authentication, with each application
authorizing users to access either the app itself content that resides within. Out of the
box, newer tenants have the Security Defaults enabled that implement some necessary
and best-practice capabilities. These are a great start; however, they shouldn't be the
only configuration organizations should use. Organization-specific security controls and
procedures should augment all out of the box configuration.
Security within Microsoft 365 is not just about enabling features and controls; it also
involves the human side of teaching and guiding users to understand the restrictions
and what they should be doing to help. Organization Security is a combination of
Security Controls and Protection, combined with end-user training and guidance.
Security Licensing
With all of the Microsoft 365 services, many-core security components come with the
standard licensing. Features, such as the Security Defaults, are included in core licenses;
however, most advanced Security capabilities are not. These features are either available
as separate add-on licenses or bundled into the either the Enterprise Mobility +
Security E3/A3/G3, Enterprise Mobility + Security E5/A5/G5, Microsoft 365 E3/A3/G3,
Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5 Security, and Microsoft 365
Business Premium.
Enabling the Security Defaults

The Security Defaults within Microsoft 365 reside within Azure Active Directory. By
default, all Microsoft 365 Tenants, created on or after October 22nd, 2019, are equipped
with these features. Tenants created previous to this date will not be enabled, though
they may be available. These controls are available at no extra cost to the organizational
license cost.
These defaults enable five of the most common security features and controls.
1. Enforcing Azure Multi-Factor Authentication registration for all users

2. Forcing Administrators to use Multi-Factor Authentication
3. Block Legacy Authentication protocols
4. Requiring all users to perform Multi-Factor Authentication when needed
5. Protect privilege access
A caveat to using these controls is that if you have custom created Conditional Access
Policies, you cannot utilize them.
To enable the Security Defaults within your Microsoft 365 directory:
1. Sign in to the Azure Portal as either a Security Administrator, Conditional Access

Administrator or Global Administrator
2. Click on Azure Active Directory, then click Properties
3. Select the link at the bottom labeled Manage Security Defaults
4. Set the Enable Security Defaults toggle to Yes
5. Select Save
You can also choose to disable these features and create your own set of security rules
and controls, by either not enabling the Security Defaults or if they are enabled setting
the Enable Security Defaults toggle to No. Learn more about the Security Defaults
provided out of the box.
Custom Security Configuration

There is not a perfect configuration of Security controls or features that can meet every
organizational need. There is not a single product that can achieve this, either. Best
practice has mandated a mix of controls, features, services, and products to gain a better
Security posture for a long time. Microsoft 365 security features are hierarchical, with
Microsoft's highest level at the overall service level. Next is the Tenant level, which is
then unique to your organization, with a core emphasis on Authentication and
Authorization, including perimeter protection. Lastly, are the features available within
each application and component, including shared options that span multiple
components.
This design allows more granular control and protections that can cater to your
organizational specific configuration. The advantage to this over the Security Defaults is
that they are unique to what you need, and the level of risk you wish to accept.
Accepting the Risk

The type of Security protections you might enable or deploy comes down to the level of
risk you are willing to accept as an organization. Enabling or Disabling the Security
Defaults will be precisely that. For example, when working within Microsoft 365 for
Education, the Security Defaults are not the most efficient security controls to use. You
may wonder why? If you remember, a core Security Default is forcing all users to register
for Multi-Factor Authentication. If you are within a school, such as a High School, this
will force all Students to register their Mobile Devices to access services. This approach
forces all Students through the registration process, which would require extensive
planning and support.
It then becomes a decision on assuming the risk. If you understand the risk, then the
control for this becomes negated. Designing a Security plan for any organization will
require this level of thinking and may not provide the security level that an organization
needs.
Basic Security Setup

Every Microsoft 365 Tenant needs a Security configuration. The out of the box
capabilities provide the first line of defense at the service level. Even though
Authentication controls are in place, they are not the only controls required.
There are ten core security controls and features, which will provide a solid foundation
for other protections that can be applied as needed by the organization if enabled
within all Tenants.
The following list of Security controls and features outlines the Business and Security
Risk, the Protection Features or Components, and links for How to Enable the required
protections.
Multi-Factor Authentication
Risk: In nearly every Data and Security breach involving a compromised account, simply
enabling Multi-Factor Authentication would have blocked the attack. Forcing every
authentication request to validate a second factor, such as using an SMS or Token, will
limit any malicious actors' ability to use the account.
Protection: Best practice dictates not to use SMS/Text messages where possible, as this
has been under attack for a long time and is not as secure as it once was. Require end-
users to install an Authentication app on their mobile devices that push the request to
the device where they can approve as needed. These applications also provide in-time
tokens that last a specific time and are available in situations where push notifications
are not appropriate or cannot work.
Multi-Factor Authentication can be explicitly assigned to users or administrators or

enforced using Conditional Access Policies. The preferred approach to implementing
Conditional Access Policies. These policies provide more granularity when users need to
provide the second factor, versus it having to be every time. Administrator Multi-Factor
Authentication using Conditional Access Policies can be created and enabled for free,
whereas end-user configuration does require every user to have a license that allows
this to work.
How: To learn how to implement Administrator and User Multi-Factor Conditional

Access Policies, use the links below.
Enable a Conditional Access Policy for Multi-Factor for Administrator Accounts

Enable a Conditional Access Policy for Multi-Factor for all User Accounts
NOTE: Be aware that adding a single Azure Active Directory Premium (Plan 1 or Plan 2)
for an Administrator will enable the features, but not license it for every user.
Sign Out Inactive Users Automatically

Risk: Long or non-existent session timeouts leave sessions vulnerable to re-use by
people other than the current user. Users of a public computer might close the browser,
thinking that they would automatically log them out. An attacker might then re-open
the browser some time afterward, re-entering the same session. An attacker with access
to the user ID might be able to re-enter the session without re-authenticating.
Protection: The Idle session sign-out lets organizations specify when end-users receive a
warning and automatically sign out of Microsoft 365. After the specified period of
inactivity within SharePoint Online and OneDrive for Business, automatic sign-out
occurs. This sign-out activity works using end-user requests sent to SharePoint Online or
OneDrive for Business, not by moving the mouse in the browser when accessing either
service.
Users will be signed out from all Microsoft 365 services with a time specified, not just
SharePoint Online and OneDrive for Business unless they have selected to stay signed-
in. The end-user experience is different if they are inactive in other browser tabs but not
in a SharePoint Online or OneDrive for Business one; then, all tabs will stay signed in.
How: Learn how to implement Idle Session Sign-out.
Block Legacy Authentication

Risk: Legacy authentication protocols use basic authentication. These protocols, such as
POP, SMTP, IMAP, and MAPI, can't enforce any second-factor authentication, making
them preferred entry points for malicious actors attacking the organization. More than
99 percent of all password spray attacks within Azure Active Directory, utilized legacy
authentication. To add, more than 97 percent of all Credential Stuffing attacks against
Azure Active Directory also used legacy authentication.
Protection: Though blocking legacy authentication is critical to the Microsoft 365

Tenant's Security, you need to ensure that all applications and mail protocols used to
support the modern authentication approach and work without the legacy capabilities.
Such applications and services that utilize legacy authentication are:
Authenticated
SMTP
Autodiscover (used by Outlook)
Exchange ActiveSync
Exchange Online PowerShell
Exchange Web Services
IMAP4
MAPI over HTTP (used by Outlook 2010 and later)
Offline Address Book
Outlook Anywhere (RPC over HTTP)
Outlook Service POP3
Reporting Web Services
To help identify legacy authentication used within your organization, you can filter the
Azure Active Directory Sign-ins and validate that legacy is either required or can be
disabled.
1. Sign in to the Azure Portal as either a Security Administrator, Conditional Access

Administrator or Global Administrator
2. Click on Azure Active Directory, then click Sign-ins
3. Add the Client App column by clicking Columns, then Client App
4. Click Add Filters, then Client App
5. Select all Legacy Authentication Protocols, then click Apply
Filtering will only show you the attempted sign-ins that used legacy authentication
protocols. To view the actual protocol used, you can click onto an entry, and it is
displayed.
Blocking legacy authentication is performed by configuring conditional access policies.
How: Learn how to block legacy authentication.
Set User Passwords to Never Expire

Risk: When enforcing periodic password resets, passwords become less secure. Users
tend to pick a weaker password and vary it slightly for each reset. This type of behavior
can often lead to the re-use of existing passwords, as well as malicious attackers,
guessing the password. If a user creates a secure password (long, complicated, and
without any pragmatic words present), it should remain as strong in 60 days as it is
today.
Protection: It is now recommended by the National Institute of Standards and

Technology (NIST) to disable password expiration. The guidance is only to force a
change or update a password if an account is confirmed as compromised. Azure Active
Directory provides the ability to set password expiration policies and disable it for
specific users or all users.
There are two options for disabling expiration of passwords:
1. Disable password expiration either on a per-user or for the organization within

2. Sync passwords from On-premises Active Directory using Azure AD Connect. This
sync includes password policies
How: Learn how to implement password expiration policies using the links below.
Set the password expiration policy for your organization

Set an individual user's password to never expire
Banned Password List

Risk: It is common practice for end-users to reuse existing passwords across multiple
services, whether personal or business. It is also common for easy to discover passwords
to be used. When accounts use either common or simple passwords, there is a higher
chance of account breach.
Protection: Azure Active Directory includes a global banned password list, that protects
all Microsoft 365 services. Azure Active Directory also provides organizations the ability
to add a list of banned passwords. As users change their passwords in the cloud, if the
new password matches any of the prohibited passwords, the end-user will be notified,
and they will need to change the password they typed. The custom banned password
feature is limited to 1000 words. It is not for blocking large lists of passwords.
How: Learn how to implement a banned password list
External Sharing
Risk: External sharing of content is always a risk for any organization. Due to how
SharePoint assigns permissions and control access, data such as Personally Identifiable
Information (PII) data might get shared externally with no protections, especially if any
external email is allowed. SharePoint External Sharing is a top-level configuration setting
which controls sharing content from SharePoint to anyone, including non-corporate
accounts. This setting is available at the Tenant organization level, which is utilized at
lower levels within Office 365 unless set explicitly at the application level.
Protection: Microsoft 365 provides external sharing settings at the tenant and
application levels. The decision to modify these settings should be business-related.
Setting this to Only people in your organization, limits external sharing capabilities.
Content can then only be shared using accounts that already exist within the existing
Azure Active Directory, whether internal users or external guest accounts. Adding
external accounts then becomes a controlled process.
How: Learn how to implement external sharing protections
Account Lockout Threshold

Risk: Many successful account compromises happen because simple protections aren't
defined. The most common is the number of times a password can be entered
incorrectly before locking the account. The higher the number, the more times a
malicious actor has to guess the password freely.
Protection: Azure Active Directory Smart lockout uses cloud intelligence to lock out
malicious actors trying to guess end-users passwords. The intelligence platform
recognizes sign-ins from valid users and treats those differently from those that
attackers and other unknown sources. The smart lockout can lock out the attackers yet
still allow users to continue to access their accounts. Smart lockout is on by default
within all Azure Active Directory instances; however, organizations can customize them
as needed. The default setting is ten failed sign-ins, with the recommendation to set
lower as required and in conjunction with the organization.
How: Learn how to implement account lockout threshold

Mobile Application Management Policy
Risk: When end-users connect mobile devices to Microsoft 365 if they are Bring-Your-
Own-Devices (BYOD), they could sync OneDrive and SharePoint content locally off the
corporate network and devices.
Protection: Microsoft 365 provides rules that ensure an organization's data remains safe
or contained in a managed app. These policies can include rules that block the user's
attempt to access or move corporate data or are a set of prohibited or monitored
actions users can perform when in the app. Mobile application management policies are
independent of a Mobile Device Management (MDM) solution and do not require
enrollment of devices.
The core benefits of Mobile application management (MAM) policies are:
1. Protect organizational data at the app level

2. End-user productivity isn't affected
3. Policies don't apply when app use is in a personal context
4. App protection policies make sure that app protections are in place
Using Mobile application management (MAM) policies will require end-users to have a
license for Microsoft Intune assigned to their Azure Active Directory account.
How: Learn how to implement mobile application management policies
Block Client Forwarding Rules

Risk: Client Rules Forwarding Block lets you manage email auto-forwarding in your
organization. Using client-side forwarding rules to exfiltrate data to external recipients is
becoming an increasingly used vector for attackers.
Protection: Exchange Online provides the ability to enable client forwarding rules and
disable them. There are three core options:
Remote Domains - Set 'Allow automatic forwarding' to disable

Role-Based Access Control (RBAC) - Use RBAC to limit the impact by creating a
new management role that restricts forwarding and delivery
Transport Rules - Implementing a Transport Rule can stop emails set to be Auto-
Forwarded to an external address. These transport rules use 'IF' logic. The rule
checks if the sender is located 'Inside the organization', along with if the recipient
is located 'Outside the organization', and if the message type is 'Auto-Forward',
then it rejects the message.
How: Learn how to block and control client forwarding rules
Do not allow users to grant consent to un-managed

applications
Risk: Before an application can access organizational data, a end-user must grant the
application permissions. By default, all users can consent to applications for permissions
that don't require administrator consent. By allowing users to give apps access to data,
users can easily acquire useful applications and be productive. However, this
configuration can represent a risk if it's not monitored and controlled carefully. There is
even a possibility of data exfiltration from the tenant. Attackers can maintain persistent
access to services through these integrated apps, without relying on compromised
accounts.
Protection: Azure Active Directory provides two core protections to mitigate the risk.
Modify how end-user consent applications

Enable the administrator consent workflow
When modifying how end-user consent applications, organizations can choose from
three options:
Disable user consent - End-users cannot grant permissions to any apps.

Users can
consent to apps - End-users can only consent to apps published by a verified publisher
and registered in the tenant.
Users can consent to all apps - This option allows all end-
users to consent to any permission, which doesn't require admin consent.
How: Learn how to manage end-user and administrator app consent, use the links
below.
Configure how end-users consent to applications

Configure the admin consent workflow
Security Considerations
With any security configuration, they are only as good as the attacks that are known.
New attack types are surfacing almost daily, which could make these controls ineffective.
To help mitigate Microsoft 365 provides multiple logging capabilities and reports. Some
are straight reports or log entries; others provide feedback or even instruction on how
to mitigate.
It is essential to continually monitor and review these reports and logs, not only to
ensure they are working but also to implement further controls and capabilities as they
are needed.
Principal author: Liam Cleary

Managing External Guests in SharePoint
vs Teams
７ Note
"Guest", such a beautiful word. In my humble opinion Guest Users is one of the most
valuable assets we have, and learning how to best collaborate with Guest users is an
essential skill set.
Lucky for us Microsoft with the continuous innovations in Office 365 makes the process
more seamless everyday.
Guest User -> a user outside of your Office 365 organization.
Enabling Guest Users

In the Office 365 Central Administration center:
1. Verify that Sharing is enabled for the tenant in the tenant Admin Center.
2. Verify the Office 365 Group allows users to invite guests by checking the boxes to
let group members outside your organization access group content and let group
owners add people outside your organization to groups.
3. Verify in the SharePoint Admin Center that guest sharing is on and set the way
your governance dictates
What is the differences in Permissions and

Sharing
At basic level Office 365 Groups have two permissions settings:
1. Owner | Full control of the Group, and Site Collection Administrator of the backend
SharePoint Site
2. Member | Edit permission to the Group, and member with "Edit" rights to the
backend SharePoint Site
SharePoint permission groups, on the other hand, provide more granularity:
1. Site Collection Administrator | Full control of the SharePoint site plus access to Site
Collection settings
2. Site Owner | Owner permission to the site but cannot control some features in the
Site Collection
3. Site Members | Edit permissions to the site, this allows the users to also modify lists
4. Site Visitors | Read only permissions to the site
Differences when in use
It is easy to see who is a guest in Teams: all guests will have (Guest) appended to
their user name
In SharePoint you have to check the email address to verify a user is external (a
guest)
In Teams, guests can't be an owner of the Team
In SharePoint, a guest can be promoted to Owner of the site
In SharePoint (Groups) you can't add an external guest as a member of the O365
Group, this has to be done through the Outlook Web App (OWA), but you can
share the SharePoint site only
What about "Permission Inheritance"
Teams -> the only option to break inheritance in Teams is to create a

#PrivateChannel in the Team
SharePoint -> members and owners are allowed to break inheritance at any level:
list/library, folder, or file/item
Currently there is a number of things you can't do in Teams that force users to "navigate
to SharePoint"
1. File versioning, users can't see version history in Teams

2. Edit file metadata
3. Publish a file a major version if major/minor versioning is used
4. Start a Flow from a file
5. Sharing folders or files
How does it work then?

In most of the use cases I've been dealing with lately I have to use a combination of
both Teams and SharePoint's sharing features to make it works as it should.
Use case #1
Imagine you have a "Private Project Team", that is restricted to members:
You need owners and members, this can easily be managed by Teams
If you have Guests that are members of the project, you can easily invite them to
your Team
Use case #2
Imagine you have a "Private Project Team", that is restricted to members but have some
content that need to be reviewed by someone who is not a member of the project, and
cannot be added as a member to the team for any reason.
You use Teams to add/remove members as needed to your project, including guest
users
You then use SharePoint to share any content to any other users who are not a
member, both internal and guest
Use case #3
Imagine you have a "Private Project Team", that is restricted to members, and you need
to add guests to the project to collaborate on all files but don't want them to have
access to the Teams Conversations or other Teams connected apps.
You use Teams to add/remove members as needed to your project, including guest
users
You then invite the "others" external guest to the SharePoint site only as members
You can, of course, share the SharePoint site with visitors to allow read-only access
to all content
How to check if you have a lot of external users

In Teams, just look at the members list, everyone with (Guest) is external
In SharePoint, use the new "External user report" in Site Analytics to verify
Block guest access to certain Teams

Now and then you will need to make sure that Guest users can't be invited to a certain
Team by accident, for example the HR or Finance Team.
Follow the guide below to achieve this, as pr. my knowledge you will need Global
administrator right to achieve this.
Block guest access to Team
Useful resources
Manage guest access in Office 365 Groups
Adding guests to Office 365 Groups

Teams Shared Channels for Admins
７ Note
Teams "shared channel" is one of the greatest, if not THE Greatest new feature released
to Teams in 2022.
Enabling Shared Channels

To enable and understand more about this feature, follow one of the guides in the
Resources section.
After you have enabled shared channels and created your first shared channel, there are
a couple of things which are good to know.
７ Note
Beware that as this feature is in "Preview" the information below might change.
The difference between external "Guests" and

"External" users
When you add a external user to your Team, you will see that the user is labeled as a
"Guest", this is what most of us are doing right now.
When you add the same user to a shared channel, that external user will be labeled with
"External", meaning there won't be a "conflict" related to the user for this channel.
After the External user is added, in their Teams client they will receive a notification and
the External team will show up. This works almost instantly for the user.
This is also super sweet, as the users don't need to switch tenants.
Collaborating in chats will show an "alert" with a message about the "shared channel".
Where is the "External" user?

As you may know, when you add a external user in a Microsoft Team, they exist as a
"Guest", and the guest record will exist in your Azure Active Directory (AAD), meaning
you can enforce policies, such as Multi-Factor Authentication (MFA) for the guest
account.
But for shared channels, the "External" user only exists as an external user to that shared
channel. Currently, there are three places where we can see those external users:
1. In the Manage channel settings for the channel

2. In the Teams Admin Center by drilling into the Team and the specific channel
3. In the Site permissions fro the backing SharePoint site - but only if we're a bit
tricky, so this may go away in the future.
Manage channel settings for the channel

In the Manage channel settings, you can see the external users in the Members section.
Teams Admin Center

In the Teams Admin Center, you can drill into the Team and the shared channel to see
the Members.
SharePoint Site Permissions
In the SharePoint site which is created for the shared channel, you won't have a link
option for "Site permissions" in the "Site settings" menu to check there, either.
But it doesn't mean that the permission page is not there. Navigating to your shared
channel site with the extra url /_layouts/15/user.aspx will take you to the classic
permission page you're used to.
Here, you can see your External users with their "ObjectId" and "HomeTenantId".
Tips and tricks before enabling shared channels
for production
1. Review your user training, and make sure everyone knows the difference between
"Guest" and "External" users.
2. Beware that currently the External user can't be managed outside the Teams
shared channel settings, as far as I know.
3. I presume/hope MS will give us a GUI for external users before GA. If not we can
create a PowerShell script to get this information from SharePoint Online, from a
governance perspective.
4. If you plan to use Shared Channels, make sure you update your governance
policies.
Resources
Andrés Gorzelany - Enabling Teams Shared Channels 101
Shared channels in Microsoft Teams (Preview)
B2B direct connect overview (Preview)

The Power Platform Data Loss
Prevention (DLP) policies you should be
considering on Day 1
７ Note
Why do I need to consider DLP?

Protecting your organization's data is a big topic and as you would expect, Microsoft is
putting a lot of focus into this area.
However, an area that is often overlooked is within the Power Platform.
Security teams are typically focused on Microsoft 365 Security and Compliance:
Retention Polices, DLP, Azure Information Protection (AIP), Labelling, etc. – and this is all
good stuff – but what about people moving data (internally and externally) using Power
Apps and Power Automate?
In Defining a Power Platform Environment Strategy I wrote about the concept of using
Power Platform environments for Application Lifecycle Management (ALM) purposes
and provided some examples of when it might be appropriate to build out from the
single Default Environment that is created for each and every tenant. I purposely kept
this simple and excluded other factors that may influence or complicate matters further,
however DLP Policies may influence your strategy.
To follow on from that post, and assuming the concept of ‘Environments’ is better
understood, the next step is to ensure your Power Platform is secure.
Note: Power Platform DLP (Data Loss Prevention) policies are not the same as Microsoft
365 Data Loss Prevention (DLP) policies!
What are connectors?

Out of the box, there are some 340+ ‘connectors’ which allow you to connect Power
Apps and Power Automate to other services.
These services include the Microsoft “Standard” connectors (some 25+) such as
SharePoint and Outlook and “Premium” connectors which connect to other line of
business applications such as Google G-Suite, Box.com and DocuSign, which require you
to have either existing credentials or a subscription to authenticate to them.
So why are DLP policies important then? And

why do I need to consider from day 1?
The Power Platform opens up the option for users to create ‘Personal Productivity
Applications’ and move data around, such as a user creating a Power Automate Flow to
Box.com which is triggered on a SharePoint library that copies every document that is
created or updated!
How do you create a DLP Policy?

From the Power Platform Admin Centre – Click on Data policies and click New Policy.
Give your new policy a name.
Note: To create a DLP policy, you need to be a tenant admin or have the Environment
Admin role.
Define which connectors you want to include in your policy.
Specify how you want this policy to be deployed. In the scenario of allowing a single
business application to use a non-Microsoft connector, you would use the ‘Add multiple
environments’ option to allow you to select the specific environment(s).
Select the environment(s) you wish your policy to apply to.
Publish your policy.
Note: DLP policies enforce rules for which connectors can be used together by
classifying connectors as either Business or Non-Business. If you put a connector in the
Business group, it can only be used with other connectors from that group in any given
app or flow.
Recommendation
It can get relatively complicated when defining your DLP policies, and certainly a
consideration that plays a part of defining your Power Platform Environment Strategy,
but my recommendation for a day 1 policy is to block everything you can (Note: you
can’t block the Microsoft connectors!) and only allow access where there is a justifiable
business reason.
If you want to get clever, then creating DLP policies that are deployed to specific Power
Platform Environments and allow access to a single connector such as DocuSign solely
for the purpose of a Power Automate solution that runs on your Contracts Management
document management site, would be an option.
Further Reading
Microsoft: Data loss prevention policies
Principal author: Aaron Rendell

Performing guests reviews with Azure
Identity Governance
７ Note
For most organizations using Microsoft 365, guest management is simply not a
"manageable" task with the tools they have. Most administrators feel ill-equipped to get
a full understanding of the extent of guest access within their tenant, let alone make
decisions on whether current guests and their access are still legitimate, or not. As
collaboration scenarios grow in complexity, organizations mature in their usage patterns
of the Microsoft 365 platform, and digital security becomes an increasingly scrutinized
part of the enterprise – the challenge of managing guests is reaching a tipping point
where it can no longer be ignored.
Why review guests?

There are a host of reasons justifying the need to review an organization’s guest
accounts. Some of these reasons include:
Guests are easily "forgotten" and retain lingering access to Teams, sites, apps, and
content long after they need it. This presents a significant potential security risk,
especially as new users join the sites or Teams and begin to add content to sites or
Teams they assumed were private.
We often know little to nothing about guest accounts, meaning it is easy for users
to share the wrong content with the wrong person. This again presents a
significant possible security risk.
Many organizations do not archive or decommission sites or Teams that are no
longer active. For internal users, this amounts to noise, but for guest users who
retain their access, this can have more serious consequences.
Many guests never even redeem their invitation to collaborate with your tenant,
but by virtue of being invited, they exist in your Azure Active Directory and can be
selected again as a guest via search.
Lack of controls and governance policies at the tenant or Microsoft 365 Group
levels may have led guests to be inadvertently granted access to more than the
sender realized.
In the vast majority of cases, there is a lack of a "reporting structure" for guests,
meaning no one within an organization is assigned the role of
managing/sponsoring/overseeing a particular guest. This general lack of
responsibility and accountability often means disorder.
Even once guest policies are put in effect (e.g., Guest Group Setting in PowerShell,
or Sensitivity Labels), existing guest users are left behind in these sites or Teams.
What is required to set up a guest review

process
The features discussed below require Azure Active Directory Premium P2 licenses. See
the Resources section for more details.
How to set up a guest review process

1. Navigate to Portal.Azure.com .
2. Under services, navigate to Identity Governance.
3. Navigate to Access Reviews and click New Access Review.
4. Under the Review Type tab, select the Type of Review being created (Teams +
Groups, or Applications).
5. Configure the Review Scope and if desired, choose whether to include only
Inactive Users and specify an inactivity day threshold (e.g., 30 days).
6. Under the Reviews tab, select the way the Reviews shall be carried out. The options
below show a review beginning immediately, on all sites or Teams with Guests, and
subsequently, repeat the process on a Quarterly basis. We've opted for a multi-
stage review (Note: Multi-Stage access reviews are currently in Preview) where our
first stage will ask Guests to perform a Self-Review, followed by a second stage
performed by Team Owners. We also specify a Fallback Reviewer (Adele Vance) if a
Team Owner cannot be found. You should create the review based on your
governance rules.
7. At the bottom of the tab, select the scenarios that can progress from Stage 1 to
Stage 2. In this case, any guest who has decided during the self-review that their
access can be removed need not continue to the second stage – only guests who
believe they still need access or did not provide an authoritative answer should
proceed to the second stage.
8. Under Settings, determine whether you wish to use 'Decision Helpers' and what
should occur if reviewers do not respond to the process.
9. On the Confirmation Screen, confirm and Create the Access Review.
What participants will receive

Participants in a guest review process will receive an email from Microsoft and direct
them to the My Access portal to review the action. The user experience is not bad, but
may require some adoption and change management efforts to be successful.
Monitoring a guest review process

To monitor an ongoing Access Review, the Access Review can be opened, and individual
groups can then be expanded. This can be cumbersome when done at scale and it is
difficult to get an overall sense of individual guests and their current access reviews
across the environment.
Resources
What are access reviews | Microsoft Learn
MAU billing model for Azure AD External Identities | Microsoft Learn.

Yet another Tool? Why you will probably
love Project Moca aka Outlook Spaces
７ Note
Outlook Spaces is now officially in preview and like many others, I wondered which
place in Microsoft 365 it has and how users can benefit from it.
What is Outlook Spaces

Outlook Spaces is a dynamic space in which you can aggregate information from your
projects in a more visual way. It is a canvas similar to Microsoft Whiteboard, but without
the ability to draw on. You can add notes, files, links, tasks, goals, emails and events,
cards for weather, people and locations and organize all of that in buckets. Users, who
are already familiar with Microsoft Planner will recognize this concept easily.
You can access Outlook Spaces in Outlook on the web. Right now it's likely that you will
need to log in with your personal account to try it out as only a limited number of work
accounts are enabled for that. Remember, it's still in preview but still worth a try. Find
Spaces/Project Moca in the module switcher on the lower left hand corner of Outlook
on the web. If you can’t see it, click on the '...' ellipsis.
Additional information for admins: This feature is shipped off by default. You can enable
it via PowerShell. For reference check Set-OwaMailboxPolicy.
Which use cases will Outlook Spaces serve
Following its purpose of making organizing all the different workloads a bit easier,
Outlook Spaces is a nice feature of Outlook on the web that allows users to have one
big overview to see the whole picture of their work in one place. Many users ask for that
single pane of glass - we know this pretty well from years of discussion about the 'when
to use what' question in Microsoft 365. Having a personal space to track and organize
what matters to you without relying on different structures that others defined for you
(e.g. in different Microsoft Teams teams) will take into account the unique needs of
users. Project Moca enables people to group information, tasks, files, and more in a
context that makes sense to them as an individual. This ensures that they build their
own visual synopsis in a digital tool.
Is it a project management tool

Note that in the 'project management' template you get some predefined buckets
called 'to do', 'in progress', 'waiting' and 'done', following the Kanban board
methodology. Those buckets don't have any impact on the emails, events, and especially
To Do tasks which you drag them into. This means that even if you move a task from the
bucket 'in progress' to 'done', this won't change the status of the task from 'not started'
to 'completed'. Seems pretty logical to me, as To Do tasks only have two status: 'not
started' and 'completed'. My take on the approach of Spaces: Outlook Spaces is a visual
aggregator of personal work content, not a project management tool.
How does Outlook Spaces integrate with other
apps & services
Exchange Online
To Do tasks
Outlook Spaces integrates with Exchange Online, which is why you can add and manage
Microsoft To Do tasks in your canvas.
Email & Events

You can add emails and events from your calendar and also set goals in Spaces, which
will show up in your Outlook calendar across your devices.
Notes
Notes in Spaces will be stored as notes in Exchange Online as well and can be accessed
via:
Outlook Desktop Client

Notes in Outlook on the web
Sticky Notes app on Windows
OneNote app for mobile
People
You can add people cards to Outlook to have the contact information of relevant people
in place.
OneDrive
You can add files from your OneDrive as well as from BOX, DROPBOX or GOOGLE DRIVE
to your space which means that you don't have to make hard copies of files, but instead
add a link to a document. This allows you to benefit from having a living document,
regardless the platform. Please note that you can't add files that are shared with you but
are stored in another users OneDrive. What you can do is add those files as a web link.
Location & Bing weather

Spaces connects to Bing Maps in location and weather cards. If you add a location and
later click on it, it will open Bing maps in a new tab of your browser. Via the ellipsis on
the card, you can also use the get directions feature.
How can people include this tool into their

existing behavior and routines
The more advanced and mature Microsoft 365 gets, the more complex the answers to
questions like:
shall I use email, a Teams message, a Teams channel message, or a Yammer post to
start a conversation
shall I use To Do or Planner for managing tasks
shall I use OneNote or Microsoft Whiteboard to take notes and ideate
shall I use PowerPoint or Sway to present and tell stories
The response will always include an 'it depends' and then a more or less long
explanation that different scenarios and goals will lead to different requirements and
therefore a different set of tools that a user will use to accomplish his/her goals more
easily than with others. Users often ask for that 'one tool to rule them all' and until now,
the answer regarding task management was always Microsoft To Do, as it is an
aggregator of:
my own tasks
my group tasks (that natively live in Planner boards)
external tasks (that sit in emails)
The ability with Power Automate to add To Do tasks also for selected messages or for
messages in which a user is @-mentioned extends and supports To Do's approach to
not only be an easy to use personal task management tool, but also serve as an
aggregated view on all tasks across Microsoft 365 a user has to deal with - regardless
where the tasks live.
As Outlook Spaces lives in Outlook on the web which natively connects with To Do,
users can now seamlessly create their canvas to get their personal overview.
What about Microsoft Teams

We continue to try to move users from an email-based work behavior to a collaborative
work style in Teams. Why would we now want them to make a step back to Outlook?
Outlook and email have been misunderstood for quite some time. It's not that email per
se is something bad or old-fashioned. We just need to identify good use cases for email.
Email is the least common denominator when it comes to exchanging information. It's
meant to be the service that we use if we don't know which platform for collaboration
our counterpart is using or if we don't share a platform to collaborate. Mostly, this
applies to external people like customers, vendors, etc. If work items still exist in Outlook
as events to work toward and emails to follow up with and (To Do) tasks to accomplish,
it can be hard to get a transparent overview on your own workspace as there is no
personal dashboard - until now.
In fact, there is no Microsoft Teams or Outlook question in general and of course no

Shall I use Outlook Spaces or a channel in Teams question, specifically.
Teams channels are designed for teamwork, to securely collaborate and have all
information, tasks and resources in a specific work context.
Outlook Spaces are a visual dashboard over a single person's work to help a specific
user to see the big picture.
Won't this confuse users

The official consultant answer to this question is a decent it depends. As always, if
Microsoft 365 is deployed without caring for users, change management, adoption or
training, Outlook Spaces will become yet another tool. This applies to all apps & services
in which we don't take into account use cases. But if we first gather requirements or do
some research, why people are using physical whiteboards, why they still print
documents or still sometimes need to put cards with their tasks on big walls to get the
big picture, we will notice, that there was something missing in Modern Workplace.
What about sharing

There is no way to share an Outlook Space with others, because it is meant to be your
personal canvas. If we shared this space, which is meant to be an aggregated view on
your own workloads, we would get into conflict with Teams. Therefore I like the fact that
a space is not shareable and that you can't invite others to it. Otherwise, we would add
more confusion to users.
Conclusion & Advice

As mentioned above, Outlook Spaces needs to be enabled for commercial users with
PowerShell, but it could be that tech-savvy or digitally more interested users may have
seen this feature with their personal account or already use it - to plan their lives. I'd
strongly encourage you not only enable it but to make users understand how email,
events, tasks, persons, and notes sit in Exchange Online and that Microsoft just added
the ability to include files from OneDrive and links as well so that users can make their
own visual dashboard.
Outlook Spaces is not in concurrence with To Do or Planner or to Teams; it's a valuable

addition to services that we are already using for our personal work. We realize more
and more that people's working behaviors are rather unique and that many users ask for
more visual ways to manage their work and to ideate.
Principal author: Luise Freese

SharePoint and OneDrive documentation
SharePoint documentation for IT professionals and admins
For IT Professionals
SharePoint and OneDrive in Microsoft 365 Migrate to Microsoft 365

Find resources for managing SharePoint and Migrate your content to Microsoft 365. Migrate
OneDrive in your Microsoft 365 environment. from file shares, SharePoint Server, Box, or many of
the cloud storage providers.
SharePoint and OneDrive Hybrid PowerShell Reference for SharePoint

Learn about solutions for the SharePoint and Learn about the PowerShell cmdlets you need to
OneDrive hybrid environment, and how to connect manage SharePoint Server or SharePoint in
SharePoint Server and Microsoft 365. Microsoft 365.
SharePoint Server Troubleshoot

Plan, deploy, and manage SharePoint Server. Find troubleshooting and support resources for IT
Professionals and admins.
For other audiences
Developers SharePoint users

Guidance for developing solutions for SharePoint. Find help, training, and technical support for your
SharePoint users.
OneDrive users Microsoft 365 Community Content

Find help, training, and technical support for your Find solutions and scenario guidance for Microsoft
OneDrive users. 365 users as contributed by the IT Professional and
Admin community.
Microsoft 365 for enterprise documentation
and resources
Best-in-class productivity apps with intelligent cloud services that transform the way you work.
GET STARTED QUICKSTART TRAINING

Learn about Accelerate your Train your IT
Microsoft 365 deployment pros and
for enterprise with… admins
Get help with Microsoft 365 for enterprise and other

resources
Explore Microsoft 365 for enterprise deployment guidance, features, and services.
Deploy key elements Manage Microsoft 365 for enterprise

ｃ Identity infrastructure ｃ Windows 10 Enterprise
ｂ Windows 10 Enterprise ｐ Microsoft 365 Apps for enterprise
｀ Microsoft 365 Apps for enterprise ｂ Apps with Intune
｀ Microsoft Intune ｂ Microsoft 365 services
Additional resources
Learn more about other Microsoft 365 features and resources.
Microsoft Purview Microsoft 365 security Microsoft 365 technical

Help your organization govern Protect your organization community
information, protect against across attack surfaces with Connect and collaborate with
risks, and comply with legal or robust security services and peers and experts in the
regulatory standards. solutions. Microsoft Tech Community and
share Microsoft 365 best…
Microsoft 365 Business Premium resources
For businesses with up to 300 employees, Microsoft 365 Business Premium enables you to be
productive anywhere with Microsoft 365 apps and online meetings. Secure your business with
advanced security features, and streamline your IT setup and management with a single solution.
Productivity and security with Microsoft 365 Business

Premium
Watch What's new?

Top five benefits of Microsoft 365 Business See what's new in Microsoft 365 Business Premium
Premium. and Defender for Business.
Get the free partner kit Join the partner webinar series
Practical guidance and go to market resources for Learn how to drive upsell and grow your business
partners for securing hybrid work. with Microsoft 365 Business Premium, Microsoft
Defender for Business, and Microsoft 365
Lighthouse.
What is Microsoft 365 Business Set up Microsoft 365 Business

Premium? Premium
ｅ Microsoft 365 Business Premium overview ｃ Get Microsoft 365 Business Premium
ｅ How Microsoft 365 Business Premium helps ｃ 1. Complete the basic setup process
your business with productivity and security ｅ 2. Set up security capabilities
ｉ Microsoft 365 service descriptions ｅ 3. Protect unmanaged (BYOD) devices
ｅ Compare Microsoft 365 for business plans
ｅ 4. Use email more securely
ｉ Microsoft 365 Business Premium FAQ ｅ 5. Collaborate and share more securely
ｉ Glossary of security concepts ｃ 6. Set up and secure managed devices
ｅ Maintain your environment
What is Microsoft 365 Lighthouse? Resources for partners (English only)

ｅ Overview of Microsoft 365 Lighthouse (for ｃ See the Microsoft 365 Business Premium
partners) Partner Playbook and Readiness Series
ｃ How to sign up and become a Microsoft CSP ｑ Join the partner webinar series!
ｃ Set up and secure your Lighthouse portal ｅ Microsoft Partner Network
ｅ Use baselines for customer tenants ｅ Get started with Partner Center
ｉ Microsoft 365 Lighthouse FAQ
Protect devices Protect email content and Microsoft

365 files
ｅ Get started with Microsoft Defender for
Business ｅ Get started with Microsoft Defender for Office
ｅ Set up unmanaged (BYOD) devices 365
ｃ Set up multi-factor authentication on devices ｃ Protect against phishing, malware, and other
threats
ｃ Install Microsoft 365 apps on all devices
ｃ Know what to watch for in email content
ｃ Protect unmanaged Windows PCs and Macs
ｃ Encrypt or label sensitive email
ｅ Set up and secure managed devices
ｃ Use Microsoft Teams for collaboration
ｅ Share files and videos in Microsoft Teams or
SharePoint
Support and community How do I...

ｈ Announcements ｅ See what's new in Microsoft 365 Business
Premium and Defender for Business
ｑ Get help
ｑ Microsoft 365 for business training videos ｃ See top 10 ways to secure my business
ｅ Send feedback ｃ User trial guide - Microsoft 365 Business

Premium
ｅ Tech Community for small and medium
ｃ Find a Microsoft partner to help my business
businesses
ｃ Change to another Microsoft 365 plan
ｃ Migrate email and contacts to Microsoft 365
ｃ Contact support for Microsoft 365
Microsoft 365 documentation
Find the solutions, scenarios, and resources you need to get started with Microsoft 365 for your
business or organization. Microsoft 365 includes services such as Teams and SharePoint, and
Microsoft 365 Apps such as Outlook, Word, Excel, and PowerPoint.
HOW-TO GUIDE GET STARTED

Set up your infrastructure for Remote learning with Microsoft
hybrid work Teams
TRAINING QUICKSTART
Build your skills with Microsoft Get your small business started
Learn training with Microsoft 365
Admin documentation Products

ｂ Microsoft 365 admin center ｅ Microsoft Teams
ｂ Microsoft 365 for enterprise ｅ SharePoint and OneDrive
ｂ Microsoft 365 for frontline workers ｅ Microsoft Syntex
ｂ Microsoft 365 Business Premium ｅ Microsoft Viva
ｅ Microsoft Purview ｅ Exchange Online
ｅ Microsoft 365 security ｅ Outlook for iOS and Android
ｉ Troubleshooting and support ｅ Planner
ｅ Yammer
Microsoft 365 Apps and Office Solutions for your business

ｂ Microsoft 365 Apps ｃ Set up your infrastructure for hybrid work
ｃ Office for Mac ｃ Set up secure collaboration
ｅ Office LTSC 2021 ｃ Deploy threat protection
ｃ Manage data privacy and data protection
See more
Ｔ
ｃ Microsoft 365 for smaller businesses and
campaigns
ａ Microsoft 365 productivity illustrations
See more
Ｔ
Manage devices Hybrid and migration

｀ Deploy Windows ｃ Migrate your content to SharePoint, OneDrive,
and Teams
｀ Microsoft Managed Desktop
ｅ Device management with Microsoft Intune ｃ Hybrid SharePoint
ｃ Migrate multiple email accounts to Microsoft
365
More apps and services Power Platform in Microsoft 365

ｅ Microsoft Bookings ｅ Power Apps in Teams
ｅ Microsoft Forms ｅ Power Automate
ｅ Microsoft Stream ｅ Power Virtual Agents in Teams
ｅ Power BI in Teams
Guidance and resources for all audiences

Find documentation and resources for end users, educators, and developers, and find community
resources for technical audiences.
End users Educators
Education IT Developers
Tech community Microsoft 365 Community Content

Microsoft 365 Communityver1fromMS

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft 365 Communityver1fromMS

Uploaded by

Copyright:

Available Formats

Tell us about your PDF experience.

Microsoft 365 Community Content

Basics and Definitions

Follow Microsoft 365 on Social Media

Microsoft 365 Search Technologies

What is a Site Column?

What is a Content Type?

What kind of apps can you build on Microsoft 365?

Query String URL Tricks for SharePoint and Microsoft 365

Use the Government Cloud for SharePoint and Microsoft 365

Microsoft 365 Better Practices

Content Type Propagation

OneDrive PC Folder Backup Benefits for End Users

Why Microsoft 365 adoption projects fail

Microsoft Teams Naming Best Practices

Maturity Model for Microsoft 365

Learn about the Maturity Model

Site Builder/Owner - New Site Checklist

SharePoint Naming Guidelines

Why SharePoint Training is Important

Building great content for your Intranet

Identifying Your SharePoint Champions

Empowering Your SharePoint Champions

File Naming on an Intranet

Information Architecture - Site Topology

Information Architecture - Managed Metadata vs Lookup columns

Living Large with Large Lists and Large Libraries

Creating Useful Views for Lists & Libraries

Document Sets for Fast Legacy Process Automation

Taking Advantage of the Content Type Inheritance Model in SharePoint

List Formatting 101

The Principles of Communication

The Principles of Search

The Evolution of Company-wide Email Communication to SharePoint News

How to Share Org-Wide Communication in Microsoft 365

Making Better Decisions

Team site vs Communication site - Which one should I choose?

List columns or Site columns - which one to choose?

Changing Microsoft Teams from private to public - What to expect in SharePoint

A Guided Tour Designed to Help You Select an Effective Navigation Strategy

Designing your solution for scale

Should I store my files in Microsoft Teams or in SharePoint?

Defining a Power Platform Environment Strategy

What Task Management Tool is Right For Me

Using site designs to manage project life cycles

Working with Cascading Lists in SharePoint and Power Apps

Document Lifecycle Scenarios

Power Automate - Send SharePoint files as attachments

How can I use Learning Pathways in my organization?

Advanced Highlighted Content Web Part

Using Shared Channels for Internal Collaboration

Working with modern client-side pages using PnP PowerShell

Should everyone create Teams? A Low Code Provisioning solution

Benefits of using PowerShell with SharePoint

Managing SharePoint Online Security: A Team Effort

Basic Security Set Up for Microsoft 365

Managing External Guests in SharePoint vs Teams

Teams Shared Channels for Admins

Microsoft Office official documentation

FastTrack onboarding and adoption services

Find a SharePoint certified partner

Visit the SharePoint community

Learn how to be a Community Contributor

Active Directory Federation Services (AD FS)