Wednesday , August 12 2020

Designing Dynamic Teams with Private Channels

A group of people in a large team wants a focused space to collaborate without having to create a separate team. It reduces the number of teams created and slice them into channels. Also private channels is not visible to anyone unless you are a member of it or you own it.

Firstly we wanted to limit the users who can create teams. So we created a security group and only members of the specified group can create Teams.  Before getting into Private channels lets see how to create dynamic membership to Teams. See how you can create Office 365 Groups with Dynamic membership now Create a similar Office 365 Group with Dynamic Membership (Requires Azure Premium P1). Microsoft 365 Business Premium customers have Azure Premium P1 in the package now as well.

https://aad.portal.azure.com/

 

image

If you don’t have Azure Premium P1 license or any equivalent license , you can see membership type is greyed out like below.

image

Once the Group is Created . if you have P1 license you can create Dynamic Membership rules based on department in my case.

image

Now you use teams client to create from Office 365 Group.

Choose Create from

image

Choose Office 365 Group

image

Choose Information Technology (The Office 365 group we created earlier) and click on create

image

Now the membership of the teams is dynamic using Department Attribute and new members are added automatically and members who are changing departments will be removed from the Team instantly as the department attribute changes. “This Team has membership settings that prevent you from adding or removing members” which shows membership is managed on the azure active directory which gives greater control when you manager large teams.

image

  • The Advantages of this is One or Many Owners of the Department can create as many channels they want but they have to reach out if they wish to create a team across departments as we have limited teams creators based on my previous post.
  • Owners of the Teams and Teams Creators (Based on a Group) can be managed by Azure Active Directory Admin Center. https://aad.portal.azure.com/

image

Owners of the Teams can be managed from Teams Admin Center as well  https://admin.teams.microsoft.com/ As you can see below you can add a owner or promote a member to be a owner anytime where he gets access to create channels within teams. (As we have limited members to create unlimited channels)

image

  • Channel owner cannot add members out of his team (In my case user cannot add out of information technology team) because membership is limited to based on department.

Now in the Channel updates like below , Team can receive updates instantly when users change departments in my case or any new joiners. (When department attribute changes in On-premises – Azure AD Connect Synchronizes to the cloud – Office 365 Groups takes care of the seamless dynamic membership. ) As this moment teams cannot hide these notifications.

image

As per the requirement from teams admin center.

Turned off – Adding New Channels and editing existing ones

Turned off – Adding,Editing and removing tabs

Turned off – Adding,Editing and removing Connectors

Turned off – Adding,editing and removing apps

image

Now

Disabled – Allow members to create and update channels.

Disabled – Allow members to delete and restore channels.

image

Now Added Channels as per the Structure

image

Good Part of Private channels is it shows only when you are member or owner of the channel.So instead of creating multiple teams we can use channels which is a perfect replacements of whats app groups

when infrastructure team member logs in it shows like below

image

For Application Team member

image

I couldn’t think of using teams without private channels. its serves a lot of use cases . We are limiting few things so that we don’t end up 100’s of office 365 groups in the backend. Freedom of creating teams and channels in a controlled manner it will help us govern on what’s happening. Group expiration and naming policy is the next level of optimization. For small business I don’t think of limiting anything if you are 200 user base. if you are 2000 userbase or above. Controlling these things definitely helps you on the audit day.  As office 365 groups used provide permissions for documents and so on.

Few organizations have went on full fledge without group naming policy or group expiration . now they ended up with 100’s of groups with no clue where they are mapped to. if you are green field environment take some time to plan it. Every environment is different. So plan accordingly.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

OAuth and Microsoft Graph on Exchange on-premises with Hybrid Modern Authentication

Hybrid Modern Authentication (HMA) for Exchange On-Premises is being there for while which has a …

10 comments

  1. Hi Satheshwaran,

    Great article works well, quick question. On my dynamically created teams people can’t see members.

    Is there a way to make these visible?

  2. Have you ever had the problem that when you add an existing member as owner in a dynamic group and later remove the owner role again, the access as a member in the Teams application (web and client) doesn’t work anymore and this although it is correctly defined as a member in Azure (Dynamic Group) and in the Teams Administration?

  3. Hi, are you able to add additional Dynamic groups to channels so that the owner doesn’t have to manually add users to each channel?

Leave a Reply

Your email address will not be published.