1. Governance & Lifecycle Management

  • Provisioning Strategy: In an enterprise, self-service Team creation is often disabled to prevent sprawl. If disabled, ensure the provisioning workflow (usually via Power Automate, ServiceNow, or a custom app) is documented and functional.
  • Naming Conventions: Enforced via Entra ID (e.g., [Department] - [Project Name]). Ensure blocked word lists are configured to prevent users from creating a team called “HR” or “Payroll”.
  • Lifecycle & Expiration: Backed by M365 Groups. Set expiration policies (e.g., 365 days) that trigger renewal emails to Team owners. Orphaned Teams (owners have left the company) must have an escalation path for reassignment or archiving.
  • Archiving: Archiving a Team makes the SharePoint site read-only and freezes the chat. This is preferred over deletion for compliance purposes unless governed by a strict retention policy.

2. External Collaboration & Access Types

  • External Access (Federation): * Allows users to find, call, and chat with people in other Microsoft 365 domains.
    • Does not grant access to Teams channels, files, or SharePoint.
    • Configure allowed/blocked domains via the Teams Admin Center to prevent data leakage via chat.
  • Guest Access:
    • Grants external users access to specific Teams, channels, and files via Entra External ID (B2B collaboration).
    • Must be enabled at the Tenant level (Teams Admin Center), Group level (M365 Groups), and Site level (SharePoint).
  • Shared Channels (B2B Direct Connect):
    • Allows sharing a single channel with external organizations without adding them as guests to the tenant.
    • Requires configuring cross-tenant access settings in Entra ID (both inbound and outbound) for specific partner organizations.

3. Meeting, Calling, & Device Policies

  • Meeting Policies:
    • Lobby Management: Crucial for security. Ensure external users and guests bypass the lobby only if explicitly desired; the safest default is “People in my organization.”
    • Recording & Transcription: Determine who can record (e.g., organizers and presenters only). Recordings now save to OneDrive (for 1:1/group chats) or SharePoint (for channel meetings). Configure auto-expiration for recordings to save storage.
  • Telephony / Voice (Enterprise):
    • Understand their PSTN connectivity model: Calling Plans (Microsoft provides numbers), Operator Connect (managed third-party carrier), or Direct Routing (on-premises/cloud SBCs).
    • Voice Routing: For Direct Routing, trace the path from the user’s Dial Plan -> Voice Routing Policy -> PSTN Usage -> Voice Route.
  • Resource Accounts: Used for Auto Attendants and Call Queues. They require a “Microsoft Teams Shared Devices” license or a free “Microsoft Teams Phone Resource Account” license to function.

4. App Governance & Management

  • Permission Policies: Controls who can install specific apps. The enterprise standard is usually to block all third-party apps by default and require a security/compliance review before adding them to an Allow list.
  • Setup Policies: Controls the “Left Rail” (app bar) in the Teams client. Use this to pin critical company apps (e.g., Viva Connections, ServiceNow) and define the default layout for different departments.
  • Custom Apps: Manage the catalog of line-of-business (LOB) apps uploaded by developers.

5. Troubleshooting & Diagnostics

  • Call Quality Dashboard (CQD): The primary tool for investigating dropped calls, jitter, and poor audio. Link building subnets to the CQD to isolate network issues to specific office locations.
  • The “New Teams” Client (v2):
    • Architecture is now WebView2 (no longer Electron).
    • Cache Clearing: The path has changed. Delete contents in %localappdata%\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams.
  • Presence Issues: Usually caused by calendar sync delays with Exchange Online or stale cache. Verify the user’s status isn’t manually locked (e.g., set to “Duration”).
  • Teams Web App: Always use the web app https://teams.microsoft.com/v2/ as the first troubleshooting step to isolate client-side vs. tenant-side issues.

6. Essential PowerShell Cmdlets (MicrosoftTeams Module)

  • Connection: Connect-MicrosoftTeams
  • Team Management:
    • Get-Team -User user@domain.com (Find all Teams a user belongs to).
    • Set-Team -GroupId <ObjectID> -Visibility Private
  • Policy Assignment:
    • Grant-CsTeamsMeetingPolicy -Identity user@domain.com -PolicyName "Restricted Meetings"
  • Voice Configuration (Direct Routing):
    • Get-CsOnlineUser -Identity user@domain.com | Format-List LineURI, EnterpriseVoiceEnabled, VoiceRoutingPolicy