The Ultimate Guide to Microsoft Teams Permissions

microsoft teams
Read our Microsoft Teams Quickstart Guide for other handpicked resources for new Teams users.

With all the applications that Microsoft Teams brings together within Office 365, there really are tons of ways to collaborate on projects. Teams makes it easier than ever to hold meetings, share information, keep track of tasks, and stay up-to-date on all the projects that people have going on across their organizations! With all the capabilities that Microsoft Teams brings to the table, though, there’s a lot to keep track of, and a lot of different ways information can be shared.

Keeping track of how people can access information and who can do what within Microsoft Teams is a great place to start. So, let’s do this! Here’s a dissection of all the permissions and rights capabilities available with Microsoft Teams.

1. Members and Owners of the Team and Group

Owners of a Microsoft Team have:

  • Access to Teams settings and can add new members to a private Team or Group
  • Administrative access to the Group SharePoint site associated with the Team
  • The ability to “restore” files (if versioning is enabled) to previous versions and delete or archive the Team.

By default, members of a Team cannot access or change Team settings or add members. They can edit the site and make lists and libraries, but they don’t have admin access to the Group SharePoint site associated with the Team. Members can also add channels in Teams (but can’t delete them).

Both Owners and Members (by default) are able to connect external applications–including other storage and collaboration apps–to each Team via Team channel tabs. They can both also add tabs to Teams channels and delete them.

If external sharing is turned on for Microsoft Teams and the Team in question, owners may invite “Guest” users from outside the organization to Teams. Guest users in Teams have the ability to participate in private chats (by default they cannot add or remove channels or tabs), Teams conversations (for joined Teams), and have access to files and the SharePoint information behind the Team as well (they will also be Guest users of the Office 365 Group).


Want to learn how to accelerate tech intensity in Office 365 and your modern workplace?

Check out the killer speaker lineup at the 2020 #ShiftHappens Conference!


2. Private vs. Public, Restricted Channels, Restricted Rights

Private Teams require that administrators approve membership or directly add users to the Team in question, and information stored in the Team (and the Team itself) may or may not be searchable by the organization depending on SharePoint permissions and Team Settings. The information within a private Team does not show up in search results by default, but the Team name, description, and the members and owners of the Team can be seen by users in the organization.

Public Teams can be joined by any user in an organization, and the related files and chat information are visible to everyone (via searches) as well.

3. The Teams Admin Center: Controlling Access to Services and Users

Microsoft Teams administrators can manage just about every aspect of each individual Team in an organization as well as set all available tenant-wide settings for calls, meetings, and chat collaboration features offered by Microsoft Teams. This includes the ability to allow or restrict external sharing as well as the connectors/applications available via Team channel tabs.

There are three additional levels of Microsoft Teams Administrators that have different portioned levels of organization-wide administrative access to assist in federating the management of Teams:

  • Teams Communications Administrators can manage calling and meeting features for Microsoft Teams.
  • Teams Communications Support Engineers have access to call quality, reliability information, and the tools to troubleshoot the technical aspects of Microsoft Teams.
  • Teams Communications Support Specialists can view user information and call quality analytics to assist in troubleshooting call quality.
Looking for a complete guide to Microsoft Teams permissions? Check this out: Click To Tweet

4. The “Files” of the Team and SharePoint Permissions

It’s important to remember that the “Files” tab is available and that it’s mandatory for each channel in a Team to be connected to file storage in SharePoint. Files for each channel are stored in a folder in the document library of the SharePoint site that supports each Team.

Owners and Members have the ability to share rights to any files or pages–the entire site collection, even–to anyone in the organization. This means that any files stored or shared inside a Team are subject to the sharing and permissions rules of SharePoint.

microsoft teams

microsoft teams

In addition, the files in private chats are stored in the One Drive For Business of the users that upload them in a “Teams Chat Files” folder before being shared with others in the chat.

5. Sharing Information with Teams

Each Microsoft Team is connected with an Office 365 Group and serves (in part) as a Security Group with shared resources across many applications in Office 365. Users outside the organization can share access with Microsoft Teams and grant all of the users in that Team rights to SharePoint or OneDrive content. Conversely, you cannot add another Microsoft Team/Office 365 Group to the Members or Owners group for the Team or Group in question.

When a file is shared with the Team (or Group) from a location outside that Team in question, it will be visible as a link via the “Files” tab of the Office 365 Group (not channels within the Team).

6. Communications: Who Can See Information and What They Can See

With the exception of Private Channels (coming soon), all the Owners and Members within a Team can see all the chat, “Files” tabs, and apps available to that Team. In addition, each Owner and Member can access the application information associated with the Office 365 Group behind the Team. This includes the Outlook Calendar and Exchange conversations associated with the Group.

Each channel in a Team also has its own email address, and email can be sent or forwarded to a channel in the Team.

microsoft teams

Additionally, Microsoft Teams allows the restriction of private chats among users and subsets of users, (ex. restricting who can create 1-1 chats with leadership team members etc).

With enterprise licenses, it’s also possible to add warnings and restrictions on the kind of content that can be shared within the Teams application (ex. sensitive/explicit content in chats).

I hope you enjoyed this little breakdown of how users can access information through Microsoft Teams and what different levels of users have the capabilities to do! For more detailed information, be sure to check out the links in the article. We’ve also got some great webinars and blog posts packed with tips and best practices below:


Want weekly Microsoft Teams content delivered right to your inbox? Subscribe to our blog!

20 COMMENTS

  1. What about permissions per channel, we have Avepoint but are unclear about the fact Avepoint Cloud backup will backup these Custom Channels that apparently create a hole extra Teamsite in the background that you cannot see in the sharepointadmin portal. Can/will avepoint backup these channels?

    • Hey Harry! We’re currently working on support for this and expect Private Channels to be supported within the next few release cycles. Thanks!

  2. If a channel or teams group is originally public and then switched to private are the files that were already shared immediately made private. If not how do you make private?

    • Hey Kristen! No files are unshared is a Team is made private; it simply means that people in the organization cannot surface or access unshared files without requesting access or joining the Team first. Channels have to be made private when they’re created.

  3. Hi
    I am not able to screen share excel, word and some other applications during meetings, some are available but other open files/programs are not available from the choices except sharing the entire desktop or window.

    Is this a permission thing, please advise ?

    Thanks

    • Hi Kashif! This is caused not by permissions per se, but likely an org-wide setting in Teams restricting screen sharing. Hope this helps!

  4. The Ultimate Guide – more like High Level.

    Ultimate Guide would have way more info.

    A little misleading.

    • Hey Iain, we’re sorry if you feel like this guide didn’t answer some of the questions you might’ve had on permissions. We’ll look at updating it. Hopefully our resources on other topics will serve you better in the meantime!

  5. what about the avepoint backup user, it becomes a member of a channel. Is it possible to hide the notification in the channel, when the backup user becoming a member?

    • Hey Smits, that’s unfortunately not possible at this time. We suggest connecting Cloud Backup with an account that has a neutral name like “IT Support” to lessen the impact of this instead of having an account with a person’s name.

  6. What about file permissions? I thought a member could upload a file, but now I am seeing that this might not be the case. True? False?

  7. Hunter, thanks this awesome. Is there a way i can send an email on outlook of all members (think Distribution List)? Not to be confused with the channel email id you referred to

    • You can! This would simply be the address for the Group/Team itself, typically TeamName@domain.com. This will go to the email box for the Team, and members who follow it (typically the default) will receive the message in their own inbox as well.

    • In addition to what Brent said, assuming you have outlook configured on your computer, you should be able to see the group email in a section called “groups” that should reside below your personal folders in outlook. No additional configuration would have been required for those to show up.

  8. Thanks for the excellent article Hunter. Very useful. We’d like to create a shared calendar in sharepoint to use as a Holiday/Vacation planner for the team. We’d like all team members to see it but only the team owner to be able to edit it. Is this possible?

    • We’re glad you found this useful Chris! That isn’t possible directly within the Team, but you could create a private calendar and share it with the team. The Team Calendar should reflect this, and Team members would be able to add it to their own calendars as well.

  9. Hi Hunter,
    Thanks for the article. I am not clear on the following and was wondering if you have any insight: can an IT Admin access (even just read) files that are stored in a private team channel if they are not part of the team channel?
    Thanks!

    • We’re glad this was helpful Kris! Teams Admins can add themselves or other users to Private Channels in Teams via the Teams Admin Center-> Manage Teams option.

LEAVE A REPLY

Please enter your comment!
Please enter your name here