SOLVED

Access rights

%3CLINGO-SUB%20id%3D%22lingo-sub-1905073%22%20slang%3D%22en-US%22%3EAccess%20rights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1905073%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20looking%20to%20have%20a%20specific%20group%20of%20users%20on%20MS%20Teams%20that%20need%20to%20be%20isolated%20from%20the%20rest%20of%20the%20organisation.%26nbsp%3B%20I%20think%20the%20best%20way%20to%20do%20this%20is%20via%20a%20private%20team%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20the%20question%20I%20have%20is%20will%20this%20limit%20us%20in%20the%20future%20if%20we%20want%20to%20create%20Org%20wide%20public%20teams%20as%20this%20isolated%20group%20must%20not%20be%20able%20to%20access%20Org%20wide%20public%20teams.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20AD%20is%20setup%20correctly%20I%20think%20we%20could%20create%20members%20of%20team%20sites%20based%20on%20groups%20or%20distribution%20lists.%20Limitation%20of%20this%20are%20that%20it%20will%20only%20add%20all%20the%20users%20within%20that%20group%2FdL%20in%20a%20one-time%20action%3F%20So%20future%20changes%20of%20membership%20in%20that%20group%20won%E2%80%99t%20affect%20the%20members%20of%20the%20team%20and%20they%20will%20need%20to%20be%20added%2Fremoved%20manually.%3C%2FP%3E%3CP%3EI%20don%E2%80%99t%20think%20org%20is%20ready%20for%20the%20dynamic%20groups%20in%20Azure%20AD%20as%20this%20will%20also%20require%20P1%20licensing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20the%20approach%20above%20I%20am%20thinking%20that%20we%20will%20never%20be%20able%20to%20use%20Public%20groups.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20another%20option%20to%20create%20a%202nd%20tenancy%20specific%20to%20the%20team%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1905073%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EBest%20Practices%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1905805%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20rights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1905805%22%20slang%3D%22en-US%22%3EHi!%3CBR%20%2F%3E%3CBR%20%2F%3EYeah%20are%20they%20member%20of%20the%20org%20they%20can%20access%20other%20public%20groups.%20%3CBR%20%2F%3E%3CBR%20%2F%3EOther%20I%20can%20think%20of%20is%20information%20barriers%20but%20that%20isolates%20in%20more%20ways%20you%20may%20really%20want!%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Finformation-barriers-in-teams%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoftteams%2Finformation-barriers-in-teams%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1905976%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20rights%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1905976%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Adam.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20looking%20for%20a%20solution%20to%20make%20some%20users%20restrict%20to%20have%20public%20groups%20access%20like%20All%20staff%20channel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20if%20this%20would%20work%20there.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are looking to have a specific group of users on MS Teams that need to be isolated from the rest of the organisation.  I think the best way to do this is via a private team site.

 

But the question I have is will this limit us in the future if we want to create Org wide public teams as this isolated group must not be able to access Org wide public teams.

 

If AD is setup correctly I think we could create members of team sites based on groups or distribution lists. Limitation of this are that it will only add all the users within that group/dL in a one-time action? So future changes of membership in that group won’t affect the members of the team and they will need to be added/removed manually.

I don’t think org is ready for the dynamic groups in Azure AD as this will also require P1 licensing.

 

With the approach above I am thinking that we will never be able to use Public groups.

 

Is another option to create a 2nd tenancy specific to the team?

3 Replies
Highlighted
Best Response confirmed by Christopher Hoard (MVP)
Solution
Hi!

Yeah are they member of the org they can access other public groups.

Other I can think of is information barriers but that isolates in more ways you may really want!

https://docs.microsoft.com/en-us/microsoftteams/information-barriers-in-teams

Adam
Highlighted

Thanks Adam.

 

We are looking for a solution to make some users restrict to have public groups access like All staff channel.

 

Not sure if this would work there.

Highlighted

@Ashwin2075 

 

Yeah, it doesn't do what you want