Information Governance - includes Industry Participants

 View Only

A Deep Dive into Provisioning in Teams, With 3rd Parties, Powershells and When Should IG/Sec Be Involved

By Bryn Bowen posted 02-19-2021 11:58


Please enjoy this blog post authored by Bryn Bowen, Principal, Greenheart Consulting Partners.

Of all of the collaboration tools being used in the law firm world, Microsoft Teams is the most popular because it’s already available to end users as part of many firms’ Office 365 suite, and because it offers legal practitioners (and other knowledge workers) an intuitive user interface.  By virtue of its range of capabilities (file sharing, co-authoring, messaging, video and audio calling), and the number of different information repositories within the Team (OneDrive, SharePoint, Exchange), a Teams implementation defines the need for proper governance in order to take full advantage of its functionality.

Given the access rights, security and overall information management consequences of implementing Teams in the law firm environment, thoughtful evaluation and planning by the Information Governance, compliance and IT Security groups in consultation with the legal practices should be done to ensure proper implementation and adoption.

This challenge should be initially addressed when defining the way Teams are provisioned at your firm. The basic questions fall into three general categories:

 Provisioning Teams has these main stages.

  1. Setting up the Team. Why is a Team necessary (client work or administrative use, collaboration for internal working group, exposure to external users, communication convenience, main workspace, transitory workspace etc). Not every matter opened needs a team. Team should either be explicitly requested by the partner opening the matter (at inception or somewhere along the line) or part of a preordained set/type of matters automatically. i.e. following a decision tree for determining whether or not a Team should be established, asking questions like “is work being performed by 2 or more internal people?” and “will client and/or third parties need access to and participate in the creation of documents and information in the course of the matter”
  2. Configuring the Team (security, type of matter etc). Who should have access to the team and under what conditions or restrictions (limited to the working group, respecting ethical walls and confidential restrictions, ability to edit files, etc. How many Channels? Are there any external users?
  3. Is the access rights assignment to the Team consistent with access in other content systems (like the DMS)? How to ensure that this is the case.
  4. Teams lifecycle considerations (managing members and rights, first defining the essential or transitory nature of information including documents and communications and where they are stored in the Team and/or synced to systems of record like the DMS, and end of Team considerations such as retention and disposition, transfer, and legal holds).

As a practical matter, because of the limits to the number of Teams in a Tenant, the number of Teams a user can be a member of and security restrictions in the software, law firms are advised to adopt the matter centric as opposed to client centric Team. Additionally, any security contemplated for Teams should be inclusionary in concept; i.e. only accessible to the working group, not the entire practice, office or firm. The maintenance of ethical wall security (in particular exclusionary walls) is a difficult endeavor because of the Teams structure, and has forced firms to accomplish this on the technology end using code (MS Graph Connector) rather than on the compliance (established, centrally controlled ethical wall software like Intapp Walls) end up to now. This is expected to change soon with the release of ethical wall APIs with Teams which will enable the maintenance of access rights to continue to be centrally controlled through the matter lifecycle.

Provisioning is key, and while automatic provisioning is currently possible within Teams, it may require PowerShell scripting, causing inefficiencies within organizations. Teams templates are pre-built definitions of a team's structure and can be designed around practices or matter types. With Microsoft Graph, you can use the pre-built templates, and you can use Teams templates to quickly create rich collaboration spaces with channels for different topics and preinstall apps to pull in content and services. Teams templates provide a predefined team structure that can help you easily create consistent teams across your firm.

In lieu of this approach, there are providers who have already solved the issue for firms that have certain tools available. Intapp Integrate for example has a Microsoft Graph Connector API that with some scripting (Macanta Consulting) can not only create a Team but with proper templating, configure some of the functionality within the Team. Powershell can also be used to automate the initiation of a Team creation through the Graph Connector.

The desired state for any systemic creation of Teams in the law firm environment is automated, integrated with the firm’s NBI process which triggers the template appropriate to the matter and its nature, and supported by a centralized clearinghouse for maintenance (HelpDesk).

Some basics for implementing Teams in law firms
Centralize the Teams creation role to stop proliferation and to maintain governance capability.  Allowing Teams creation outside of this arrangement runs the risk of not only unnecessary proliferation, but also the potential for information (including client information) to be perpetrated in ungoverned Teams, with all of the attendant issues.

For most firms, Teams should be Matter Centric i.e. a Team = a Client/Matter. This is reflective of the need to manage access rights across matters as distinct from clients.

Remove some functionality (as able) from Teams through internal configuration measures.

External users should be “Guests”, where more restrictions are possible than as “Members”.

There are other considerations when contemplating how Teams can and should be used, particularly around non proliferation of content. A collaboration site is generally not a repository of record i.e. it is a convenient interface – so if you have a DMS (system of record) it should be synced with the documents in Teams. As a default, when a Team is created, a SharePoint online site and attendant document library, Exchange Online mailbox and Calendar, OneNote notebook and a general communication and content sharing channel are also created. This highlights the governance challenge and need for proper configuration, and as an example, restriction and definition (education and training) of use of channels for practitioners is a key part of the provisioning process.

As with any software implementation involving the creation or transfer of data, a specific framework should be developed to govern these activities. Teams support the use of templates to define a standard configuration, including sets of channels, for Teams upon creation. Teams are sub-divided into channels. By default, you get one, and owners can create more. Using a standard litigation matter for example, its Team template might have pre-defined channels for depositions, briefs, and strategy.

Checklist for provisioning Teams in a law firm:

  1. Centralize creation (preferably at matter opening) but create a workflow for ad hoc creation for Teams of existing matters (Help Desk)
  2. Client centric (client = team, matter = channel) or matter centric (matter = team). Recommend matter = Team
  3. Private vs public Team. Recommend private
  4. Create Templates for types of Teams
  5. Create Naming convention for Teams and be consistent. Avoid blocked words and characters. E.g. ClientNumber_MatterNumber_ClientName_MatterName
  6. Team Membership: owner, member, guest. Owner is like an administrator, guest is an external user, someone without an account in the tenant.
  7. Define Policies (settings for Teams): Administration, Messaging (which Chat and Channel features are available), Meetings (scheduling, recording, reports etc), Applications (default is all Microsoft Office applications)
  8. Integrations: DMS (more on this in a subsequent blog post); Ethical Walls
  9. Ongoing maintenance: changes in security/access; additions and removals; decommissioning
  10. Retention/Disposition management
  11. Litigation Holds/Preservation Orders

Finally, the Law Firm Information Governance Symposium is in the process of compiling a guidance on the information governance consideration in implementing MS Teams in the law firm environment, so stay tuned for this comprehensive treatment.

#Security Professionals
#Very Large (over 500)
#Large (251 - 500)
#Medium (151 - 250)
#Small (under 151)
1 comment