This post is an excerpt from our latest ebook “Using and Tailoring Microsoft Teams for Your Organization.” Download for free today!
Read the other posts in our series below:
- What Makes Up a Microsoft Teams Workspace?
- Microsoft Teams Cloning: The Copy and Paste of Teams
- How to Optimize and Delegate Administrator Access in Microsoft Teams
Different departments have different requirements for how Microsoft Teams is used. This may affect provisioning, lifecycle, and access policies for how a Team should be used.
For example, while some departments commonly require the ability to collaborate with partners, vendors, and other users outside the corporate tenant in the normal course of day-to-day operations (e.g., vendor management or customer project teams), others require specific permissions or even have restrictions against that type of sharing (e.g., Human Resources or Finance).
Different departments are subject to different policies for configuration settings, some of which are imposed by external compliance regulations while others arise from internal policies designed to drive best practice.
However, the power balance within the native functionality between Team Owners (the administrative role within each specific Team), Microsoft 365 Administrators (across the entire Office 365 tenant), and end users can make achieving and maintaining desired settings and governance levels challenging.
Team Settings Configured By Owners
Each Team creates a primary security boundary separating and differentiating who has access rights to the information within a given team (and yes, as described above, private channels allow for a second level of security by creating a sub-group of users with specific access).
There are two types of memberships in Microsoft Teams (and the Microsoft 365 Group underpinning it): Owners and Members. Each time a Team is created, the person who created it automatically becomes the Owner; they then have the ability assign additional Owners and Members.
A Group Owner has a lot of power and responsibility to configure settings with the Team. By default, this includes but is not limited to:
- The ability to add or delete members;
- Grant owner-level permissions to members;
- Naming and the picture icon of the Team;
- Set the privacy settings for the group (Public or Private);
- Enable guest user settings such as create, update, or delete channels (but not private channels–and only when guest users are enabled at the tenant);
- Add, delete and organize channels and private channels within the Team and determine if members can do the same;
- Add, delete and organize third-party apps within the Team and determine if members can do the same;
- Allow emoji, memes, GIFS and other fun items;
- And even delete the Group (and all data within despite any corporate data retention policies that may be in place)
While the Owner has a lot of power, it is unlikely they have been trained in your organization’s operational governance policies or think like a Microsoft 365 administrator.
For example, an Owner must decide whether to make the Team (and associated Group) public or private, without fully understanding what that means. Or they may not be aware of how private channels work and the impact of enabling them for the Team.
Organizations can turn off the ability for users to create a Team and centralize this ability within IT (or other sets of administrators). However, even if IT provisions all-new Teams with the correct settings, there is no enforcement mechanism preventing Team Owners from changing them throughout the life of the workspace.
If the organization chooses to only let IT be Team Owners, you will not only frustrate your users and lose the dynamic nature of what makes Teams so effective, but it will be a tremendous burden to your IT team.
Team Settings Configured By Administrators
The good news is that Microsoft provides a lot of administration roles and tools to help configure Teams. That can also be bad news depending on your perspective, as it can make administering Teams a complex and demanding task.
For example, the way Teams works within your organization can be impacted by settings configured in at least five different admin locations— Azure AD, Microsoft 365 Admin Center, SharePoint Admin Center, OneDrive for Business Admin Center, and the Teams Admin Center. There are 37 different types of admin roles available in the Microsoft 365 Center and four levels of Teams-specific administrators, each of which has different types of access to settings and tools.
Access the full ebook here to learn more about the wide range of admin roles in the Microsoft 365 Centerthe Microsoft Teams workspace.