In my organization we have been using Microsoft Teams for a quite a long time and our employees are loving it! Our IT department have been challenged to find a easy way to communicate, share files and videos for the entire organization. We decided to give organizational wide team a try.
We first created a “Private” team so that we could designing shortcuts, channels and channel settings, connection to Microsoft Stream, help pages in Sharepoint and so on.
When we finally were happy with the design and had agreed on ground rules for answering questions and how to operate the team we converted the team to “Organizational wide”.
Within an hour all employees were added to the team. And newly created users was also added. Lovely! It is dynamic!
But at the end of the day we noticed that the amount of team members did not match with the number of employees.
We then realized the following:
- All users in your tenant who have a role will be added to the team (Sharepoint admin, Global admin etc)
- All licensed accounts had been added to the Team. This included Exchange Online P1 users, Azure AD users with Dynamics 365 licenses and so on.
- Temporary employees and consultants with an Office 365 licenses were also added
This was not our intention, and employees started questioning who “svc_Xerox1” was when they browsed through the member list of the team.
When you create a organizational wide team it does not uses any dynamic rules. It just adds all (licensed) users in your tenant.
“Did you try to change it to a “Private” team and base membership on a dynamic rule?” Yes. And it does not work. I even had a discussion with Microsoft Premier support about it.
Org-wide team add all users users. This is a setting which is set on the Team when changing or creating it, and cannot be changed later.
“So what do you recommend us to do, Håvard?”
First create a “Private” Team and add necessary users to set rules, design and so on.
Then you should convert the Azure AD group membership type to “Dynamic” and base membership on a supported attribute. https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule
All of our users have our company name in the attribute called “CompanyName”:
And that is it. Much more flexible.
In this way we can make sure that only permanent employees are joined to the team. And it works dynamically. It is a super way to when boarding new users to the organization since it is based on a dynamic rule. If you need to add more expressions it can easily be added.