Microsoft 365 security

A user guide: How to choose between public vs. private Microsoft Teams

Discover the three types of Teams' privacy settings, the differences between them, and what happens when you create each of them.

When you are creating a Microsoft Teams team, one of the questions you first ask yourself is – “Which privacy should I choose?” That is one of the most important decisions you need to make, so you should understand the differences between privacy settings to make a better and informed decision.

In this blog post, I will explain:

  • Three types of Teams privacy settings
  • Which privacy is better for which use cases
  • How to change the privacy of Microsoft Teams

Microsoft Teams privacy settings

When you are creating a team, you can choose one of the three types of privacy settings as shown in the image below:

  • Private – people need permission to join (only team owners can add members)
  • Public – anyone in the organization can join
  • Org-wide – everyone in the organization will be automatically added (available for global admins only)
Teams change privacy step three

Public Microsoft Teams

Everyone in the organization can see the public teams and join without approval from the team owner. When a user joins the public team, he will have access to all parts of the team – conversations, public channels, folders and files, planner, SharePoint site.

So, if everything is accessible by everyone, when should you consider creating a public team?

  • When there won’t be sensitive data that could cause a data breach (personal information about employees or clients, finance data, etc.)
  • For educational purposes and sharing knowledge
  • When there is a common interest in a specific topic

The most significant advantage of public Teams is collaboration, but you need to be careful as everyone can see everything inside public Teams. Also, in large organizations, it can lead to chaos and decrease productivity if a lot of people join a public team.

Private Microsoft Teams

Private Teams are permission-based, which means that users can join only after the team owner lets them in. Users cannot see private Teams when they navigate to the “Join or create a team “inside Microsoft Teams. There are a few possible ways how users can join a private team:

  • Team owners can add them as members
  • Members of a private team can invite other users to join. This will send a request to the team owner, and he needs to approve the request

After users join a private team, they have access to everything inside that team, and they can start chatting and sharing files with other team members.

As private teams can be accessed only by members and owners, they are more secure and the risk of a data breach is lower.

In my opinion, most of the teams will be private, especially in large organizations, but let’s see some concrete use cases when using private teams:

  • When there will be sensitive data not allowed to be seen by everyone
  • For working on a project with specific people, both from the organization and outside the organization
  • For different departments across the organization

Org-wide Microsoft Teams

Org-wide Teams are a particular type of public teams where all users from the organization are added automatically as members, and global admins and Team service administrators are added as owners.

However, there are some limitations of Org-wide teams:

  • Only global admins can create an org-wide team
  • Only five org-wide teams can be created within a tenant
  • Org-wide teams are available only for organizations with less than 10000 users (Microsoft is looking to increase this limit in the future)
  • At the time of writing, Teams for Education doesn’t support Org-wide teams

Org-wide channels can be used for company communications, but Microsoft provides some recommendations:

  • Allow only team owners to post messages
  • Turn off @team and @[team name] mentions
  • Automatically show important channels
  • Set up channel moderation

Change Microsoft Teams privacy settings

If you realize you have chosen the wrong privacy settings, you can very quickly change it from private to public or from public to private. Of course, global admins also have an org-wide option.

To change the privacy setting of a team, follow these steps:

  • In Microsoft Teams, click on the three dots on the right side of the team’s name and choose edit
Teams change privacy step 1
  • Change privacy and click on the Done button. That’s it!
Teams change privacy step two

Security of the underlying SharePoint site

Every team has a SharePoint site behind the scenes where all the content is stored. The main difference between permissions on a private and public Teams’ site is the “Everyone except external users “domain group. Public Teams have this group in the site members group, and private Teams don’t have it.

Everyone except external users group

Team owners and members can access all teams’ services (Teams, Planner, Calendar, SharePoint site). Still, there are some situations when you would need to share just the content of a SharePoint site to specific people without giving them access to Teams conversations and other services. If you would like to share a site, you need to navigate to Settings -> Site Permissions -> Invite People and click on the Share site only option.

Share site only

Which privacy setting to choose

We have seen three types of Teams’ privacy settings, the differences between them, and what happens when you create each of them, so you should be ready to choose your team’s privacy. Most importantly, if there will be sensitive data, you need to go with a private team. If there won’t be sensitive data, private teams are also the preferred option in most situations, but it depends on your use case and organization size. If you choose a public team, you should be careful with the team’s data as everyone can access the data. If you’d like to manage your teams from a central place – check out Syskit Point, an Office 365 governance tool.

Related Posts