The initial crawl of your environment is complete. You're comfortable with the layout of ShareGate Protect, have considered policies, and have tested some features.
Now you may wonder, "What's the best order to roll out ShareGate Protect to my organization?"
In this step of the ShareGate Protect guide, we outline the order that we recommend.
Tip: Do you have a few more questions? Want to get a feel for what other IT admins are doing? For all this and more, join an Ask the Expert session.
Index
- Step 1 - Assign owners to orphaned teams and groups
- Step 2 - Categorize to organize
- Step 3 - Get active on inactivity
- Step 4 - External sharing and guest access
Step 1 - Assign owners to orphaned teams and groups
Now that you better understand how ShareGate interacts with owners, we recommend assigning owners to any orphaned teams and groups in your environment.
Owners are in the best position to know what to do with their teams and groups. They know the business purpose, how sensitive the data shared within it is, and what guests no longer require access.
By assigning owners, you can use ShareGate to delegate tasks and collaborate on your policies.
Tip: It's best practice to have at least 2 owners for each team and group. That way there's always someone available to receive notifications and take action on your policies.
Step 2 - Categorize to organize
Organize your environment by business purpose and sensitivity level to gain better visibility of the information in teams and groups, and to apply the right governance policies.
Create purpose tags and sensitivity tags
Purpose tags show you the intended business purpose of teams and groups, while sensitivity tags help you understand their data sensitivity and apply the right security settings.
ShareGate comes ready with a variety of default tags you can use. Or, you can create tags that best reflect your organization:
Ask owners
With your tag options in place, use the Ask owner(s) features to send owners a notification asking them to apply a purpose tag or sensitivity tag.
Tip: Check out the End-user docs category. You can share these articles with owners so they know what to expect.
Automate purpose tags and sensitivity tags
Now that existing teams and groups in your environment are organized by business purpose and sensitivity level, use ShareGate to send automated notifications when owners create new teams and groups.
To turn on automation, go to Policies. Expand the Purpose tags and/or Sensitivity tags section, then toggle on Automatically ask owners.
Note: Purpose tags and sensitivity tags are automated independently. You need to toggle on Automatically ask owners for each separately.
Step 3 - Get active on inactivity
Inactive teams and groups impact sprawl and security of your Microsoft environment. ShareGate can help you take action on current and future inactivity.
Set up your preferred Azure storage account
Choose your preferred Azure storage account so you and owners can take advantage of ShareGate's archiving features.
Select your storage account in the Settings.
Ask owners about inactivity
Are there already inactive teams and groups in your environment? Use the Ask owner(s) about inactivity feature so owners can take action.
Plan and implement the policy
Now that your environment is clear of inactive teams and groups, automate the Inactivity detection policy and let ShareGate monitor for teams and groups that become inactive in the future.
Before setting up the policy, ask yourself, "How long can a team or group be inactive in our organization before it leads to sprawl or before it becomes a security risk?" Use this timeframe in your policy.
For the steps on how-to, see Set up and automate the Inactivity detection policy.
Tip: You can change or update the defined time period as often as you need.
Customize your purpose tags
Using purpose tags, you can set a custom inactivity threshold on the business purpose of a team or group.
For example, a departmental group or team may not need its activity verified as often as a time-based project that could be archived as soon as the project is finished.
For the steps on how-to, see Create and edit purpose tags.
Step 4 - External sharing and guest access
The External sharing review policy lets you ask owners to review and remove any unnecessary external sharing links and guest access from their teams and groups.
Set up the policy so owners can review on a schedule that suits your organization's needs.
For the steps on how-to, see Set up and automate the External sharing review policy.
Customize your sensitivity tags
Using sensitivity tags, you can set a custom start date and review recurrence based on a team or group's security needs.
For example, a team or group with a Confidential sensitivity tag may share highly sensitive information, which should be reviewed more often than your default policy allows.
For the steps on how-to, see Create and edit sensitivity tags.