M365 & Microsoft Teams Governance in Australia

In this video, we dive into the real challenges of guest access in Microsoft 365, especially relevant for Australian organisations navigating compliance, governance, and security.

Why is M365 and Microsoft Teams governance important in Australia?

Without clear governance, Microsoft 365 and Teams pose many risks for Australian companies. Uncontrolled Teams creation, confusing permissions, and security gaps caused by external users can become a problem.

Australian organisations need to comply with the Privacy Act 1988, PSPF, ISM, and in regulated sectors with APRA CPS 234. Companies must be able to demonstrate at all times that access to sensitive data is controlled and documented.

Learn more about the specific requirements in Australia: Microsoft 365 Governance in Australia

What problems arise without governance in Microsoft Teams?

• Uncontrolled growth of teams: Anyone can create teams, and projects are created twice.
• Uncontrolled guest access: External users remain in the system longer than necessary.
• Lack of transparency: IT loses track of permissions and access.
• Audit risk: The required evidence is missing during audits.

What are the requirements for M365 and Teams governance in Australia?

A good governance strategy for Microsoft Teams should cover the following points:

1. Control over team creation: Who is allowed to invite guests, and according to which rules?
2. Naming conventions and standards: Consistent naming for a better overview.
3. Lifecycle management: How long does access remain valid, and who checks this?
4. Secure guest access: Invitations only according to clear processes and with time limits
5. Evidence and reporting: Documented processes that meet audit requirements.

What are the risks of guest access in Teams?

The two common extremes:

• Too open: Any employee can invite guests. Result: little traceability, high risk.
• Too strict: Guest access is globally blocked. Result: Collaboration suffers, shadow IT, files are shared via email or unsecure cloud services.

The solution lies in between: controlled guest access with clear processes.

Check out our Guest Access Guide here: Microsoft 365 Guest Access & Compliance in Australia

How can governance for Teams and M365 be implemented technically?

Microsoft 365 offers simple options for rules with the Azure AD naming policy and basic functions. But in practice, these are often not enough.

External User Manager (EUM) offers advanced options:

Step	Purpose	Involved roles
Self-service request form	Collect metadata (project, owner, expiry date)	End users
Approval workflow	Enforce 4-eyes principle	Manager / IT
Guest onboarding portal	Sign NDA & compliance docs, enforce MFA	Guest user
Lifecycle & access reviews	Auto-extension or removal of access	System workflow

With External User Manager, you can combine security, efficiency, and auditability without placing an additional burden on IT.

Benefits of External User Manager specifically for Australian companies:

• APRA CPS 234 support: Full logging of all guest activities
• PSPF & ISM alignment: Restrict access to sensitive Teams while keeping collaboration open where needed
• ASD blueprints compatible: EUM policies can reflect Australian Signals Directorate recommendations

Why External User Manager for Teams Governance in Australia?

With External User Manager, you get a governance solution that combines compliance, security, and user-friendliness.

• Directly integrated: External User Manager is directly integrated into Microsoft Teams.
• Flexible: Adaptable to compliance requirements in Australia.
• Experience: 60,000 installations worldwide and collaboration with Australian partners.
• Support and consulting: Quick implementation and secure audits.

With External User Manager, you can manage guest access in a controlled manner, automate processes, and pass audits with ease.

Book a free demo and see how governance can work in your company in 30 minutes: