Understand Documents in Public Teams are really public!

There we are again after a serious blogging break. It has been a crazy period with so much nice new Office 365 developments and it is really time to start sharing a situation I encountered with you.

We have to realize that public Teams are really public even for non-members!

Following up on the very nice Storyals concept of explaining a Microsoft Team as a house with rooms, I would love you to understand that a PUBLIC TEAM is like a PUBLIC MEETING PLACE in the village. Everyone in your community HAS FREE ACCESS to the DOCUMENTS in this place and the CONTENT IS EVEN ADVERTISED within the community. And you even do not need to be known to visit here.

Let’s go back to Office 365 terms.

  • A user does not need to be an effective member of a Public Team to see the documents shared in this Team
  • Public Team Documents show up in applications like Delve and other locations where Office 365 Graphs engine loves to show you suggestions and “this might also be of interest to you”-documents.

To understand this further we have to look a the fundamentals of the file location of a Team and what happens when a Team is set to be public.

Files in Teams are stored in two locations:

  • Files shared in private chat are placed in a subfolder within OneDrive of each of the chat participants
  • Files shared via Team Channels, and found via the Files Tab, are stored in the default document library, under a subfolder for each channel, on the SharePoint Group site collection where the Office Group and the Team are relying on.

So looking at the SharePoint Document Library permissions this is what we see:


The Site Members group has, next to the “Ruled by Teams membership”-Team Members group, ALSO “Everyone except external users” added!

Meaning that whenever someone within the organization gets a link to a document, from Delve, suggestions feed or via other means, this user can access, READ AND EDIT, the document without even opening Teams or even having the corresponding Team added within Teams (and being a registered Team-member).

This all is not an issue in case you are aware of this and you make a clear choice to create or set a Team as Public.

My recommendation is to start always with Private Teams and ONLY go into PUBLIC mode if the data is really FOR ALL EYES TO SEE.

Inform your users about this and make them well aware of making the right choice to avoid data leakage and embarrassing situations.

Teams are great, just know what you are doing!

Read more on Microsoft’s instruction page: Default SharePoint groups, section on “everyone except external Users”

Be informed 🙂