Last week on This Week in Teams we talked about some of this basics of Teams. This week Jay and Craig talked about some important considerations around managing your Teams, such as: naming conventions, team creation, managing membership, and the ever popular guest accesses vs. external users.
The Good, the Bad and the Ugly … Names
When creating new teams consider naming what names that are meaningful. That mean something to you as the owner, but also the IT team, and possible members. An example of a bad name is HR. Your team might be an HR site, but is it the only one in the company. Something like HR_EmployeeRelations_US or HR_EmployeeRelations_UA. Auto prefixes and suffixes can be set in the Groups –> Naming policy –> Group naming policy found in Azure AD.
Also it is important to think about using business appropriate names. Sometimes users can be careless or try to be funny and name teams with bad names. You may have reserved like “CEO” or “Payroll” that we don’t want our users to use, or words that are inappropriate or offensive, so you can upload a blocked words list to Groups –> Naming policy –> Block words policy found in Azure AD.
Who can create Teams?
By default any licensed users can create a team. If you have a small or well trained user base, this can be ok. As your organization grows, you may be concerned with team sprawl. Often organizations will often want to limit Teams creation to an administration group so that they have more control over who can create them. For more information, visit How to manage creation of groups. Lastly, Teams can be created through 3rd party tools or programmatically using the Graph API.
It is important to note that a user can only create 250 teams, but Global Admins and the GraphAPI are exempt from that (unlimited). A user also, can only be a member of 1000 teams. For a complete list of Teams limitations visit Limits and Specifications for Microsoft Teams.
Who is in my Teams? Owners, Members, Guests
Within Microsoft Teams there are two user roles: owner and member. By default, a user who creates a new team is granted the owner status. In addition, owners and members can have moderator capabilities for a channel (provided that moderation has been set up). If a team is created from an existing Microsoft 365 Group, permissions are inherited. Guests can be invited to a team as a member. Guests only have access to the teams they have been invited into and have no other access in Teams.
The table below shows the difference in permissions between an owner and a member.
Action | Team Owner | Team Member |
---|---|---|
Create team | Yes1 | No |
Leave team | Yes | Yes |
Edit team name/description | Yes | No |
Delete team | Yes | No |
Add standard channel | Yes | Yes2 |
Edit standard channel name/description | Yes | Yes2 |
Delete standard channel | Yes | Yes2 |
*Add private channel | Yes | Yes2 |
*Edit private channel name/description | No | N/A |
*Delete private channel | Yes | No |
Add members | Yes3 | No4 |
Request to add members | N/A | Yes5 |
Add apps | Yes | Yes2 |
1 Team owners can create teams unless they’ve been restricted from doing so. Permissions to create teams below.
2 An owner can turn off these items at the team level, in which case members would not have access to them.
3 After adding a member to a team, an owner can also promote a member to owner status. It is also possible for an owner to demote their own status to a member.
4 Team members can add other members to a public team.
5 While a team member can’t directly add members to a private team, they can request someone to be added to a team they’re already a member of. When a member requests someone to be added to a team, team owners receive an alert that they have a pending request that they can accept or deny
To view the Members of team you can go to the … next to the name to get to the teams menu. Select Manage team
You will be able to view all the Owners, Members and guests of a team.
If you are an owner and go to the Settings tab, you will have some control over Member and Guest permissions. Note: These settings cannot be more permissive then what is set in the global Teams settings.
Guest Access, External Access, and External Sharing
What is Guest Access? External Access? And … External Sharing? Check out Jay’s Ultimate Guide to External Sharing with Microsoft Teams for a deep dive on the three, and exactly how they differ.
External access is a way for Teams users from an entire external domain to find, call, chat, and set up meetings with you in Teams. You can also use external access to communicate with external users who are still using Skype for Business.
Guest access allows teams in your organization to collaborate with people outside your organization by granting them access to existing teams and channels in Teams. Anyone with a business or consumer email account, such as Microsoft 365, Outlook, Gmail, or others, can participate as a guest in Teams with full access to team chats, meetings, and files. As the Teams admin, you control which features guests can (and can’t) use in Teams – check out Manage guest access.
The external sharing features of Microsoft SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). Since the files in a team are stored in SharePoint, this is kind of like the backdoor entrance to file sharing.
Podcast: Play in new window