Читать книгу MCA Microsoft 365 Teams Administrator Study Guide - Ben Lee - Страница 64

Teams uses policies to control what features and functionality are available to users and devices. These policies are usually grouped by category, for example calling, messaging, or app integrations (see Figure 1.14). Unlike with Windows Group Policy where policy objects are merged to produce the desired outcome, in Teams each user or device takes their settings from only one policy of each type.

FIGURE 1.14 Policy list for a user in the TAC

You can typically assign policies directly to users (either individually or in bulk) or auto-apply them based on group memberships. If no specific policies are assigned, the org-wide policy (this will be called global if you are using PowerShell) will apply. This gives good flexibility when deciding how best to apply policies, but does mean that you need to carefully consider what settings you want to place in the org-wide versus individual policies and weigh the administrative overhead of managing/assigning policies. For example, do you put the most restrictive settings into the org-wide policy and then remove these restrictions as required with individual policies, or vice versa? This will mostly depend on your company culture and what the risks might be of having a user picking up the wrong policy by mistake. The best rule of thumb is to try to keep things simple and not make things too complex, which usually means putting the most common settings into the org-wide policies and then only modifying them as required for users after that.

As a user can have only one effective policy, there is an order of precedence applied to determine which settings a user will get. They are applied as follows:

1 Policy directly assigned to a user

2 Policy inherited from groups (by rank order)

3 Policy inherited from org-wide policy

This is great until you realize that you can have a user who is a member of more than one group that you are using to apply policies. Fortunately, when you assign policy objects to groups, you have to specify a policy ranking. The rankings are a numerical value with number 1 being the highest rank. If a user who does not have an individual policy assigned is a member of more than one group with a group policy assignment configured, they will take their settings from the highest rank (but lowest number!) policy. Group assignments for policies are dynamic, so as users are added or removed from the groups, their settings will be modified, but these changes will be subject to O365 replication delays, so they are unlikely to apply immediately. The TAC will show you what policies are being applied to a user if you look up their specific user account and find the Policy tab.

To learn more about assigning policies, visit docs.microsoft.com/en-us/microsoftteams/assign-policies.