The Ultimate Guide to Microsoft Teams Permissions

Post Date: 08/21/2019
feature image
Read our Microsoft Teams Quickstart Guide for other handpicked resources for new Teams users.

With all the applications that Microsoft Teams brings together within Microsoft 365 (Office 365), there really are tons of ways to collaborate on projects. Teams makes it easier than ever to hold meetings, share information, keep track of tasks, and stay up-to-date on all the projects that people have going on across their organizations! With all the capabilities that Microsoft Teams brings to the table, though, there’s a lot to keep track of, and a lot of different ways information can be shared.

Keeping track of how people can access information and who can do what within Microsoft Teams is a great place to start. So, let’s do this! Here’s a dissection of all the permissions and rights capabilities available with Microsoft Teams.

microsoft-teams-admin-management-avepoint

1. What Owners and Members of a Microsoft Team Can (and Can’t) Do

Owners of a Microsoft Team have:

  • Access to Teams settings and can add new members to a private Team or Group
  • Administrative access to the Group SharePoint site associated with the Team
  • The ability to “restore” files (if versioning is enabled) to previous versions and delete or archive the Team.

By default, members of a Team cannot access or change Team settings or add members. They can edit the site and make lists and libraries, but they don’t have admin access to the Group SharePoint site associated with the Team. Members can also add channels in Teams (but can’t delete them).

Both Owners and Members (by default) are able to connect external applications–including other storage and collaboration apps–to each Team via Team channel tabs. They can both also add tabs to Teams channels and delete them.

If external sharing is turned on for Microsoft Teams and the Team in question, owners may invite “Guest” users from outside the organization to Teams. Guest users  have the ability to participate in private Microsoft Teams chats (by default they cannot add or remove channels or tabs), Teams conversations (for joined Teams), and have access to files and the SharePoint information behind the Team as well (they will also be Guest users of the Microsoft 365 (Office 365) Group).

2. Private vs. Public Microsoft Teams: What’s the Difference?

Private Teams require that administrators approve membership or directly add users to the Team in question, and information stored in the Team (and the Team itself) may or may not be searchable by the organization depending on SharePoint permissions and Team Settings. The information within a private Team does not show up in search results by default, but the Team name, description, and the members and owners of the Team can be seen by users in the organization.

Public Teams can be joined by any user in an organization, and the related files and chat information are visible to everyone (via searches) as well.

3. Control Access to Services and Users with Teams Admin Center

Microsoft Teams administrators can manage just about every aspect of each individual Team in an organization as well as set all available tenant-wide settings for calls, meetings, and chat collaboration features offered by Microsoft Teams. This includes the ability to allow or restrict external sharing as well as the connectors/applications available via Team channel tabs.

There are three additional levels of Microsoft Teams Administrators that have different portioned levels of organization-wide administrative access to assist in federating the management of Teams:

  • Teams Communications Administrators can manage calling and meeting features for Microsoft Teams.
  • Teams Communications Support Engineers have access to call quality, reliability information, and the tools to troubleshoot the technical aspects of Microsoft Teams.
  • Teams Communications Support Specialists can view user information and call quality analytics to assist in troubleshooting call quality.

4. The “Files” of the Team and SharePoint Permissions

It’s important to remember that the “Files” tab is available and that it’s mandatory for each channel in a Team to be connected to file storage in SharePoint. Files for each channel are stored in a folder in the document library of the SharePoint site that supports each Team.

Owners and Members have the ability to share rights to any files or pages–the entire site collection, even–to anyone in the organization. This means that any files stored or shared inside a Team are subject to the sharing and permissions rules of SharePoint.

In addition, the files in private chats are stored in the One Drive For Business of the users that upload them in a “Teams Chat Files” folder before being shared with others in the chat.

5. Sharing Information with Teams

Each Microsoft Team is connected with a Microsoft 365 (Office 365) Group and serves (in part) as a Security Group with shared resources across many applications in Microsoft 365. Users outside the organization can share access with Microsoft Teams and grant all of the users in that Team rights to SharePoint or OneDrive content. Conversely, you cannot add another Microsoft Team/Microsoft 365 Group to the Members or Owners group for the Team or Group in question.

When a file is shared with the Team (or Group) from a location outside that Team in question, it will be visible as a link via the “Files” tab of the Microsoft 365 Group (not channels within the Team).

6. Who Can See Information in Microsoft Teams — and What They Can See?

With the exception of Private Channels, all the Owners and Members within a Team can see all the chat, “Files” tabs, and apps available to that Team. In addition, each Owner and Member can access the application information associated with the Office 365 Group behind the Team. This includes the Outlook Calendar and Exchange conversations associated with the Group.

Each channel in a Team also has its own email address, and email can be sent or forwarded to a channel in the Team.

microsoft teams

Additionally, Microsoft Teams allows the restriction of private chats among users and subsets of users, (ex. restricting who can create 1-1 chats with leadership team members etc).

With enterprise licenses, it’s also possible to add warnings and restrictions on the kind of content that can be shared within the Teams application (ex. sensitive/explicit content in chats).

I hope you enjoyed this little breakdown of how users can access information through Microsoft Teams and what different levels of users have the capabilities to do! For more detailed information, be sure to check out the links in the article. We’ve also got some great webinars and blog posts packed with tips and best practices below:

microsoft-teams-admin-management-solution-avepoint

​Hunter Willis has been in web development, SEO and Social Media marketing for over a decade, and entered the SharePoint space in 2016. Throughout his career he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations. In addition, Hunter has served as a strategy consultant for many companies and non-profits in the Richmond area.

View all posts by Hunter W.
Share this blog

Subscribe to our blog