Worried about keeping data secure in Microsoft Teams? Check out our upcoming webinar “Preventing Data Leaks in Microsoft Teams (and Other Collaboration Systems)” on Wednesday, August 28th at 11:00am EST. Register here!
With all the applications that Microsoft Teams brings together within Office 365, there really are tons of ways to collaborate on projects. Teams makes it easier than ever to hold meetings, share information, keep track of tasks, and stay up-to-date on all the projects that people have going on across their organizations! With all the capabilities that Microsoft Teams brings to the table, though, there’s a lot to keep track of, and a lot of different ways information can be shared.
Keeping track of how people can access information and who can do what within Microsoft Teams is a great place to start. So, let’s do this! Here’s a dissection of all the permissions and rights capabilities available with Microsoft Teams.
1. Members and Owners of the Team and Group
Owners of a Microsoft Team have:
- Access to Teams settings and can add new members to a private Team or Group
- Administrative access to the Group SharePoint site associated with the Team
- The ability to “restore” files (if versioning is enabled) to previous versions and delete or archive the Team.
By default, members of a Team cannot access or change Team settings or add members. They can edit the site and make lists and libraries, but they don’t have admin access to the Group SharePoint site associated with the Team. Members can also add channels in Teams (but can’t delete them).
Both Owners and Members (by default) are able to connect external applications–including other storage and collaboration apps–to each Team via Team channel tabs. They can both also add tabs to Teams channels and delete them.
If external sharing is turned on for Microsoft Teams and the Team in question, owners may invite “Guest” users from outside the organization to Teams. Guest users in Teams have the ability to participate in private chats (by default they cannot add or remove channels or tabs), Teams conversations (for joined Teams), and have access to files and the SharePoint information behind the Team as well (they will also be Guest users of the Office 365 Group).
2. Private vs. Public, Restricted Channels, Restricted Rights
Private Teams require that administrators approve membership or directly add users to the Team in question, and information stored in the Team (and the Team itself) may or may not be searchable by the organization depending on SharePoint permissions and Team Settings. The information within a private Team does not show up in search results by default, but the Team name, description, and the members and owners of the Team can be seen by users in the organization.
Public Teams can be joined by any user in an organization, and the related files and chat information are visible to everyone (via searches) as well.
3. The Teams Admin Center: Controlling Access to Services and Users
Microsoft Teams administrators can manage just about every aspect of each individual Team in an organization as well as set all available tenant-wide settings for calls, meetings, and chat collaboration features offered by Microsoft Teams. This includes the ability to allow or restrict external sharing as well as the connectors/applications available via Team channel tabs.
There are three additional levels of Microsoft Teams Administrators that have different portioned levels of organization-wide administrative access to assist in federating the management of Teams:
- Teams Communications Administrators can manage calling and meeting features for Microsoft Teams.
- Teams Communications Support Engineers have access to call quality, reliability information, and the tools to troubleshoot the technical aspects of Microsoft Teams.
- Teams Communications Support Specialists can view user information and call quality analytics to assist in troubleshooting call quality.
4. The “Files” of the Team and SharePoint Permissions
It’s important to remember that the “Files” tab is available and that it’s mandatory for each channel in a Team to be connected to file storage in SharePoint. Files for each channel are stored in a folder in the document library of the SharePoint site that supports each Team.
Owners and Members have the ability to share rights to any files or pages–the entire site collection, even–to anyone in the organization. This means that any files stored or shared inside a Team are subject to the sharing and permissions rules of SharePoint.
In addition, the files in private chats are stored in the One Drive For Business of the users that upload them in a “Teams Chat Files” folder before being shared with others in the chat.
5. Sharing Information with Teams
Each Microsoft Team is connected with an Office 365 Group and serves (in part) as a Security Group with shared resources across many applications in Office 365. Users outside the organization can share access with Microsoft Teams and grant all of the users in that Team rights to SharePoint or OneDrive content. Conversely, you cannot add another Microsoft Team/Office 365 Group to the Members or Owners group for the Team or Group in question.
When a file is shared with the Team (or Group) from a location outside that Team in question, it will be visible as a link via the “Files” tab of the Office 365 Group (not channels within the Team).
6. Communications: Who Can See Information and What They Can See
With the exception of Private Channels (coming soon), all the Owners and Members within a Team can see all the chat, “Files” tabs, and apps available to that Team. In addition, each Owner and Member can access the application information associated with the Office 365 Group behind the Team. This includes the Outlook Calendar and Exchange conversations associated with the Group.
Each channel in a Team also has its own email address, and email can be sent or forwarded to a channel in the Team.
Additionally, Microsoft Teams allows the restriction of private chats among users and subsets of users, (ex. restricting who can create 1-1 chats with leadership team members etc).
With enterprise licenses, it’s also possible to add warnings and restrictions on the kind of content that can be shared within the Teams application (ex. sensitive/explicit content in chats).
I hope you enjoyed this little breakdown of how users can access information through Microsoft Teams and what different levels of users have the capabilities to do! For more detailed information, be sure to check out the links in the article. We’ve also got some great webinars and blog posts packed with tips and best practices below:
- Blog Series: Migrating to Microsoft Teams
- Blog Post: How to Manage Microsoft Teams Notifications
- Webinar: Microsoft Teams and Information Management: What You Should Know!