Managing membership and permissions in Teams


OVERVIEW

Target audience: Students, faculty and staff members who are owners of a Microsoft Teams Team

You can manage Team membership in several ways: by adding individual members, using Active Directory groups to add multiple members at once, or sending out a generic invitation with a Team code, so that people can join by themselves. You can also give non-Team members permission to view or edit Team content through the Team's SharePoint site.

In this article:

Adding and removing Team members

You can add students, faculty and staff members within McGill, as well as guests from outside McGill.

  1. From your Team, click the three dots and select Manage team.

    manage team

  2. On the Members tab, you see the Team owner(s) and existing members. Click Add member.

    Click Add member

  3. Start typing the name or email address of the member you want to add; if they are in the McGill directory, their name and email address will appear in a selection list. If needed, you can add multiple members. When you've added all the members, click Add.

    add members individually

The individual(s) you added will receive an email notification with a link to the Team.

note

NOTE:

You can enter the name of an Active Directory (AD) group to add all members at once; however, see the section below to understand how AD groups work with Teams.

You can also manage the membership of individual channels within your Team by making them "private", if needed.

Removing Team members

To remove a Team member:

  1. Follow the steps above to access the Members tab for the Team you manage.
  2. Search for the member you want to remove.
  3. Once you have located that member, click the X to remove them.

    remove a member

    You cannot remove an entire Active Directory group at once. See below for further explanation.
note

NOTE:

If you need to remove a member who has the role of Owner, you must first change their role to Member.

Adding Team members with Active Directory groups

Active Directory (AD) groups are used to assign roles and permissions in various systems at McGill. However, there are limitations on how they can be used to manage membership in Teams.

As the owner of a Team, you can select and add an AD group to your Team. However, each member of the AD group is added one by one; there is no further association between the Team and the AD group.

When the group membership is updated in Active Directory, new members are not automatically added to (or removed from) the Team.

If you want to remove members from the Team, you have to remove each member one at a time. You cannot remove the entire AD group.

Granting permissions to files or folders through SharePoint

Behind every Team is a SharePoint site containing all the Team's content. The SharePoint site is similar to OneDrive but is accessible to all Team members.

To grant permissions to files or folders in SharePoint starting from Microsoft Teams:

  1. Open Microsoft Teams and navigate to the Team and channel where the file or folder is located.
  2. Go to the Files tab at the top of the channel.
  3. Locate the file or folder you want to share and click on the three dots (More options) next to it.
  4. Select Open in SharePoint. This will take you to the SharePoint site associated with the Team.

 

Granting permissions to all Team content from SharePoint

In SharePoint, you can add or remove permissions for individuals or Active Directory groups from the site permissions window.

To change permissions:

  1. Click the settings icon (gear) at the top right of the SharePoint site and select Site permissions.

    Site permissions

  2. Click Advanced permissions settings

    Advanced permissions settings

  3. Select the group that ends with "_Group Members"

    Select team members

  4. Click New > Add users to this group

    add new users


  5. Enter the name of an individual or AD group; wait till the name appears in the list and select it. You may add multiple users at the same time.

    Enter a customized message so the recipients know what to expect and will not confuse the sharing notification with a phishing email.

    Enter names of users or AD groups to add
note

NOTE:

If you don’t want to notify a user about permissions granted, click on Show options below the customized message field and unclick the Send an email notification checkbox.

  1. Click Share.

The users you have added to the group will now have access to the content of your SharePoint site; however, they will not have access to the Team from the Teams interface.

From the SharePoint site you can also remove permissions for all members of the AD group.

Granting permission for a specific folder or file from SharePoint

To grant permission to a specific folder or file:

  1. Open the SharePoint site.
  2. Navigate through the folder structure to find the file or folder you want to share. Click on the arrow next to the filename, or click the three dots and select Share.

    click arrow to share

  3. Enter the name of an individual or AD group; the name will pop up in a selection list.

    Send link

  4. Enter a customized message for the recipients and click Send.
note

Relationship of SharePoint to Teams:

All members of your Team can access your Team's content through the SharePoint interface. However, if you add or remove permissions directly from the SharePoint site (using the instructions above) those permissions are not synced with the Team membership. This can be beneficial because you can grant permissions for people outside your Team to access specific files within the SharePoint site, without giving them access to the Team itself.

Creating a code that allows members to join on their own

You can generate a Team code so that anyone who has the link will be able to join the Team without requesting permission from the Team owner.

How to create a code that allows members to join on their own

references

ADDITIONAL REFERENCES: