My experience with Microsoft Organizational Wide Teams

In my organization we have been using Microsoft Teams for a quite a long time and our employees are loving it!  Our IT department have been challenged to find a easy way to communicate, share files and videos for the entire organization. We decided to give organizational wide team a try.

We first created a “Private” team so that we could designing shortcuts, channels and channel settings, connection to Microsoft Stream, help pages in Sharepoint and so on.

When we finally were happy with the design and had agreed on ground rules for answering questions and how to operate the team we converted the team to “Organizational wide”.

Within an hour all employees were added to the team. And newly created users was also added. Lovely! It is dynamic!

But at the end of the day we noticed that the amount of team members did not match with the number of employees.

We then realized the following:

  • All users in your tenant who have a role will be added to the team (Sharepoint admin, Global admin etc)
  • All licensed accounts had been added to the Team. This included Exchange Online P1 users, Azure AD users with Dynamics 365 licenses and so on.
  • Temporary employees and consultants with an Office 365 licenses were also added

This was not our intention, and employees started questioning who “svc_Xerox1” was when they browsed through the member list of the team.

When you create a organizational wide team it does not uses any dynamic rules. It just adds all (licensed) users in your tenant.

“Did you try to change it to a “Private” team and base membership on a dynamic rule?” Yes. And it does not work. I even had a discussion with Microsoft Premier support about it.

Org-wide team add all users users. This is a setting which is set on the Team when changing or creating it, and cannot be changed later.

“So what do you recommend us to do, Håvard?”
First create a “Private” Team and add necessary users to set rules, design and so on.

Then you should convert the Azure AD group membership type to “Dynamic” and base membership on a supported attribute. https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule


All of our users have our company name in the attribute called “CompanyName”:

And that is it. Much more flexible.

In this way we can make sure that only permanent employees are joined to the team. And it works dynamically. It is a super way to when boarding new users to the organization since it is based on a dynamic rule. If you need to add more expressions it can easily be added.

Extending Onedrive for business to 5TB

Looking through the different Office 365 Enterprise plans the other day I noticed the following at the bottom:

4. Unlimited personal cloud storage for qualifying plans for subscriptions of five or more users, otherwise 1 TB/user. Microsoft will initially provide 1 TB/user of OneDrive for Business storage, which admins can increase to 5 TB/user. Request additional storage by contacting Microsoft support. Storage up to 25 TB/user is provisioned in OneDrive for Business. Beyond 25 TB, storage is provisioned as 25 TB SharePoint team sites to individual users.

https://www.microsoft.com/en-us/microsoft-365/business/compare-more-office-365-for-business-plans

You can choose to extend for particular users or the entire organization.

Changing for all users:

Go to https://admin.onedrive.com and choose “Storage”. Change “Standard storage in GB” to desired size – 5120 GB equal 5TB.

For a particular user:
If you do not want to go all the way to extend it to 5 TB right away that is not a problem. Remember that StorageQuota needs to be set in mb:

Storage quotaIn mb
1 TB1048576
2 TB2097152
3 TB3145728
4 TB4194304
5 TB5242880

Before you can set the desired size on the Onedrive you need to obtain the OneDrive url for the user.

The OneDrive URL can be located by looking at the user at https://admin.microsoft.com – Selecting OneDrive and then “Link to files”.

You then need to connect to Sharepoint Online in Powershell as a Global Admin and run the following command:

Set-SPOSite -Identity <user’s OneDrive URL> -StorageQuota <quota>

“Someone” deleted my OneDrive files

We are shifting to OneDrive for business at our company. But the OneDrive for business client is acting differently compared to the Windows sync client when copying files to a file server.

Using folder redirection or Windows synchronization you just add files to the synchronization folder – and that’s it. When connection is present it will start copying.

With OneDrive for business it’s different. When you want to synchronize files, you add it to the synchronization folder as normal. The client then creates a list of content to be copied to OneDrive for business, and the list is passed along to the backend system of OneDrive.

Having internet connection while adding a load of files to be synchronizing – and then removing the connection (or shutdown the computer) is dangerous.

Microsoft have backend timer jobs running to check if the files on the received list is uploaded properly. It also checks if the files is uploaded incorrectly or if there are files form the list that have not been synchronized.

Those files are removed by server, and this activity is shown as someone deleted the file. This is a part of the cleanup that is running as part of the OneDrive backend backup.

Since OneDrive is a bidirectional synchronization – a deletion on the web portal will also affect the computers folder when it is turned on.

And since the file was never copied to the destination area in OneDrive there is no backup.