If you've been working with Microsoft 365 or SharePoint for a while, you've probably heard the word "governance" in a meeting or technical article. And you've probably thought: "isn't that for large organisations with big IT departments?"
The short answer is no. Governance is for any organisation that uses Microsoft 365 — and the earlier you think about it, the better.
What does "governance" actually mean?
In its simplest form, Microsoft 365 governance is the set of rules and decisions that define how the environment is used. It's the internal rulebook for your Microsoft 365.
If you think of it like a physical office: governance is deciding who has a key to which room, who can reorganise the files, who is responsible for keeping each area in order, and what happens when someone leaves the organisation.
Without those rules, over time nobody knows who has access to what, documents end up in random locations, and when someone leaves the company their accounts stay active for months.
What does governance cover?
Governance isn't a single document — it's a set of decisions that cover several areas:
Who can do what
- Can any employee create a team in Teams, or only administrators?
- Who can share documents with people outside the organisation?
- Who can install apps in Teams or SharePoint?
- Who can create new SharePoint sites?
The structure — and who protects it
- How the environment is organised — the sites, libraries, and navigation
- Who owns each site and who is responsible for maintaining it
- How structural changes are made — can anyone create a new site or is there an approval process?
- Which site templates are used to keep everything consistent
Naming and organisation
- How files, folders, sites, and teams are named
- What naming conventions exist to make content easy to find
- What metadata structure is used in each type of library
Permissions and access
- How access groups are managed
- What permission level each role in the organisation has
- How external access is managed — suppliers, clients, collaborators
Content lifecycle
- What happens to a site when a project ends
- How long documents are kept before being archived or deleted
- Who periodically reviews that content is still relevant
What happens when someone joins or leaves
- What access a new employee receives from day one
- Who manages the onboarding process
- What happens when someone leaves — who removes access, what happens to their documents, who inherits ownership of their sites
The relationship with information architecture
Governance and information architecture go hand in hand — but they're different things.
Information architecture is the design: how the sites, libraries, metadata, and navigation are organised. It's the building's blueprint.
Governance is what protects that design: the rules that prevent someone from building a wall in the middle of the corridor without consulting anyone. Without governance, even the best architecture in the world degrades over time — someone creates a site here, another person reorganises a library there, and within six months the original order has disappeared.
What happens without governance?
This is perhaps the clearest way to understand what governance is — by seeing what happens when it doesn't exist.
Without governance, after twelve months of using Microsoft 365 it's common to find:
- Dozens of Teams and sites created by different people, with no consistent structure or naming
- Important documents in sites nobody remembers creating
- Ex-employee accounts still active with access to sensitive content
- Nobody knows who "owns" which site or who is responsible for maintaining it
- Search returns results from obsolete sites mixed in with active content
- Each department has organised its documents differently
Sound familiar? It's the starting point for most SharePoint reorganisation projects.
You don't need a 50-page document
A common belief is that governance is only for large organisations with IT departments and external consultants. It isn't.
A 15-person organisation using Microsoft 365 also needs governance — just much simpler governance. It can be a two-page document that answers the basic questions: who can create sites, how are Teams named, what happens when someone leaves.
What matters isn't the length of the document — it's that the decisions are made, written down, and that people know them.
The first step
If your organisation uses Microsoft 365 and has never thought about governance, the first step is making a list of unanswered questions: who can create Teams? What happens when someone leaves? Who is responsible for each site?
When you can't answer those questions, you already know where to start.
The next post in this series covers exactly which decisions your organisation should make — a concrete list of questions every organisation should have answered before the environment grows too large to manage.
Questions about how to start defining governance for your Microsoft 365? Get in touch and we'll work through it together.