Microsoft 365 security

A user guide: How to choose between public vs private Microsoft Teams

Discover the three types of Teams' privacy settings, the differences between them, and what happens when you create each of them.

When you are creating a Microsoft Teams team, one of the questions you first ask yourself is – “Which privacy should I choose?” It’s the public vs private teams in Microsoft dilemma, and it is one of the most important decisions you need to make, so you should understand the differences between privacy settings to make a better and more informed decision.

In this how-to video and blog post, we will explain:

  • Three types of Teams privacy settings.
  • Which privacy is better for which use cases.
  • How to change the privacy of Microsoft Teams.

Microsoft Teams privacy settings

When you are creating a team, you can choose one of the three types of privacy settings, as shown in the image below:

  • Private – people need permission to join (only team owners can add members).
  • Public – anyone in the organization can join.
  • Org-wide – everyone in the organization will be automatically added (available for global admins only).
public vs private teams setting

Public Microsoft Teams

Everyone in the organization can see the public teams and join without approval from the team owner. When a user joins the public team, he will have access to all parts of the team – conversations, public channels, folders and files, planner, SharePoint site.

So, if everything is accessible to everyone, when should you consider creating a public team?

  • When you know there won’t be any sensitive data that could cause a data breach (such as personal information about employees or clients, finance data).
  • For educational purposes and sharing knowledge.
  • When there is a common interest in a specific topic.

The most significant advantage of public Teams is collaboration, but you need to be careful as everyone can see everything inside public Teams. Also, in large organizations, it can lead to chaos and decrease productivity if a lot of people join a public team.

Public Microsoft Teams and Microsoft Copilot

As I mentioned, all users (even those not part of that team) can find the contents of public teams, including Microsoft Copilot.

This means that Copilot will be able to find and use all of the documents belonging to public teams and use it to complete its prompts. The main issue here is that users will use Copilot and accidentally get access to sensitive data such as pay information, personal data, or even sensitive company data.

Don’t worry. It’s not a bug; it’s actually a feature that works as intended. But you have to prepare for it. 

We strongly suggest all IT teams planning on rolling out Microsoft Copilot review their sharing links, sharing settings, group access, and ultimately all of their public teams.

If you want to learn how to prevent Copilot oversharing from happening to you, read our guide on how to stop oversharing in Microsoft 365 or check out our Microsoft Copilot webinar bellow:

Private Microsoft Teams

Private Teams are permission-based, which means that users can join only after the team owner lets them in. Users cannot see private Teams when they navigate to the “Join or create a team “inside Microsoft Teams. There are a few possible ways users can join a private team:

  • Team owners can add them as members.
  • Members of a private team can invite other users to join. This will send a request to the team owner, and he needs to approve the request.

After users join a private team, they have access to everything inside that team, and they can start chatting and sharing files with other team members.

As private teams can be accessed only by members and owners, they are more secure, and the risk of a data breach is lower.

In my opinion, most of the teams will be private, especially in large organizations, but let’s see some concrete use cases when using private teams:

  • When there will be sensitive data not allowed to be seen by everyone
  • For working on a project with specific people, both from the organization and outside the organization
  • For different departments across the organization

Org-wide Microsoft Teams

Org-wide Teams are a particular type of public teams where all users from the organization are added automatically as members, and global admins and Team service administrators are added as owners.

However, there are some limitations of Org-wide teams:

  • Only global admins can create an org-wide team.
  • Only five org-wide teams can be created within a tenant.
  • Org-wide teams are available only for organizations with less than 10000 users (Microsoft is looking to increase this limit in the future).
  • At the time of writing, Teams for Education doesn’t support Org-wide teams.

Org-wide channels can be used for company communications, but Microsoft provides some recommendations:

  • Allow only team owners to post messages.
  • Turn off @team and @[team name] mentions.
  • Automatically show important channels.
  • Set up channel moderation.

Change Microsoft Teams privacy settings

If you realize you have chosen the wrong privacy settings in the public vs private teams dilemma, you can very quickly change it from private to public or from public to private. Of course, global admins also have an org-wide option.

To change the privacy setting of a team, follow these steps:

  • In Microsoft Teams, click on the three dots on the right side of the team’s name and choose edit.
Teams change privacy step 1
  • Change privacy and click on the Done button. That’s it!
Teams change privacy step two

Security of the underlying SharePoint site

Every team has a SharePoint site behind the scenes where all the content is stored. The main difference between permissions on a private and public Teams’ site is the “Everyone except external users “domain group. Public Teams have this group in the site members group, and private Teams don’t.

Everyone except external users group

Team owners and members can access all teams’ services (Teams, Planner, Calendar, SharePoint site). Still, there are some situations when you would need to share just the content of a SharePoint site to specific people without giving them access to Teams conversations and other services. If you would like to share a site, you need to navigate to Settings -> Site Permissions -> Invite People and click on the Share site only option.

Share site only

Public vs private teams in M365 – which privacy setting to choose

We have seen three types of Teams’ privacy settings, the differences between them, and what happens when you create each of them, so you should be ready to choose your team’s privacy. Most importantly, if there will be sensitive data, you need to go with a private team. If there won’t be sensitive data, private teams are also the preferred option in most situations, but it depends on your use case and organization size. If you choose a public team, you should be careful with the team’s data, as everyone can access the data. If you’d like to manage your teams from a central place – check out Syskit Point, an Office 365 governance platform.

Subscribe to our Newsletter

Related Posts