SharePoint Online is a powerful collaboration platform, enabling organizations to share and manage content, resources, and applications. Managing access to SharePoint online involves understanding how to effectively use the permissions and access control features.
Permissions at Various Levels:
SharePoint Online provides permissions at various levels. These include site permissions, list permissions, folder permissions, and item permissions. These levels of permissions allow administrators to control access depending on the needs of the group and individual users.
Role Assignments:
Users must have roles assigned to them for performing certain tasks. SharePoint Online includes several predefined permission levels (Full control, Edit, Read, etc.) that you can assign to users and SharePoint groups. For instance, you can assign ‘View Only’ permission level to a group of users who only need to see content but not have the rights to edit or download it.
External Sharing:
SharePoint Online allows administrators to share content with external users. Administrators can control this feature at the organization level, the site collection level, or the site level. For instance, to enhance security, an organization might choose to disable external sharing completely or allow it specifically for certain sites or site collections.
Microsoft Teams Access Management
Microsoft Teams, part of the Microsoft 365 suite, is a collaboration tool that merges chat, video meetings, file storage, and collaboration. Access control in Microsoft Teams are primarily based around Teams and Channels within the application.
Team Membership:
Access to a Team is handled through Team memberships. Users can be added to a Team as either an owner, member, or guest. Each role is associated with specific permissions, such as the ability to add new members, delete channels, or edit team settings.
Channel Access:
Each Team can be further divided into Channels, improving organization and collaboration. Public channels are accessible by all members of the Team; however, private channels can be created where access is restricted to certain users.
External Access and Guest Access:
External access (federation) and guest access are features in Microsoft Teams that allow Teams in your organization to collaborate with people outside your organization. While external access lets your Teams and users communicate with users in other domains, guest access allows you to add individuals to your teams, as guests, using their email address.
Sensitivity Labels:
Sensitivity labels in Teams let you protect sensitive content in your organization by applying a set of policies to a team that restricts the data sharing capabilities both within and outside the organization.
Teams Policies:
Teams Policies can be applied at the user or group level, and can control what features are available to users. These include calling, meeting, messaging, and live event policies.
By properly understanding and utilizing the access control features within SharePoint and Teams, you can ensure your organization’s sensitive data remains protected, while promoting efficient collaboration and communication. Studying these features is also key to achieving proficiency in the MS-100 exam, which tests your ability to efficiently manage Microsoft 365 Identity and Services.
Practice Test
True or False? User Access to SharePoint Online and Microsoft Teams can be managed separately.
- True
- False
Answer: True.
Explanation: As they are two different services within the Microsoft 365 ecosystem, they have separate configuration settings for user access.
In SharePoint Online, you can specify which users have what level of access to a site. Is this statement true or false?
- True
- False
Answer: True.
Explanation: You can set permissions for users, which will dictate what they can do on a given SharePoint Online site.
Which permission role in Microsoft Teams allows you to manage team-wide settings, including the ability to delete the team, change team settings, and add or remove members?
- A. Owner
- B. Member
- C. Guest
- D. Visitor
Answer: A. Owner.
Explanation: Within Microsoft Teams, the ‘Owner’ role gives access to manage team settings, add or remove members, and the ability to delete teams.
True or False? It is not possible to provide external access to SharePoint Online sites.
- True
- False
Answer: False.
Explanation: SharePoint Online allows for external sharing, giving access to users outside of your organization.
Microsoft Teams has built-in roles with preassigned permissions. Is this statement true or false?
- True
- False
Answer: True.
Explanation: Microsoft Teams provides pre-defined roles including “Owner”, “Member”, and “Guest,” each with different levels of permissions.
Which feature in Microsoft Teams grants the ability to create private channels?
- A. Teams
- B. Education
- C. Channels
- D. Meetings
Answer: C. Channels.
Explanation: Private channels can be created within teams to give a secure discussion platform for certain team members.
SharePoint Online allows for advance access control based on location IP. Is this statement true or false?
- True
- False
Answer: True.
Explanation: IP-based access control is possible in SharePoint Online with the use of Conditional Access Policies.
Who in Microsoft Teams can change team settings?
- A. Guests
- B. Members
- C. Owners
- D. All of the above
Answer: C. Owners.
Explanation: Only the ‘Owner’ role has the ability to change team settings in Microsoft Teams.
True or false? Default sharing links in SharePoint Online can be configured such that they may only be used by people in your organization.
- True
- False
Answer: True.
Explanation: SharePoint Online allows you to configure default sharing links to only be used within your organization for added security.
What is the primary management tool that IT administrators use to manage user access to Microsoft Teams?
- A. Microsoft 365 admin center
- B. Microsoft Teams admin center
- C. SharePoint admin center
- D. All of the above
Answer: B. Microsoft Teams admin center.
Explanation: While both Microsoft 365 and SharePoint admin centers provide certain capabilities, the Microsoft Teams admin center is specifically designed to manage Teams, including user access.
True or False? A SharePoint Online administrator can restrict the creation of new teams in Microsoft Teams.
- True
- False
Answer: True.
Explanation: The creation of new teams in Microsoft Teams can be restricted or regulated by an administrator via different settings and policies in the Microsoft Teams admin center.
How many owners can a Microsoft Teams team have?
- A. One
- B. Up to five
- C. Up to 10
- D. Up to 100
Answer: D. Up to
Explanation: A team can have up to 100 owners in Microsoft Teams.
True or False? External users can see the content of a private channel in Microsoft Teams to which they have not been invited.
- True
- False
Answer: False.
Explanation: Private channels can only be accessed by team members who have been specifically added to the channel.
True or False? It is not possible to set up multi-factor authentication (MFA) for Microsoft Teams.
- True
- False
Answer: False.
Explanation: MFA is a feature of Microsoft 365 that can be applied across all its services, including Microsoft Teams for enhanced account security.
Who can delete a SharePoint Online site?
- A. Site owner
- B. SharePoint admin
- C. Both A and B
- D. None of the above
Answer: C. Both A and B.
Explanation: Both site owners and SharePoint admins can delete a SharePoint Online site as part of their permissions.
Interview Questions
What is the primary purpose of managing access configurations for SharePoint Online and Microsoft Teams?
The primary purpose is to control who has access to the resources and information within these platforms, ensuring only authorized users have access to confidential and sensitive company data.
How can you restrict access to SharePoint Online and Microsoft Teams from unmanaged devices?
By implementing Conditional Access policies. For example, you can allow limited, web-only access that doesn’t allow files to be downloaded, printed, or synchronized with a local computer.
What is a OneDrive for Business in Sharepoint Online and how is it used in managing access configurations?
OneDrive for Business is the Microsoft online service that provides resources for file storage, collaboration, and communication within the organization. Its access can be managed to control who has access to what information.
What is the use of Azure AD conditional Access in Microsoft Teams?
Azure AD Conditional Access in Microsoft Teams helps to secure and control how your organization’s resources are accessed, by applying conditions and access controls for users.
How can you limit access to content in SharePoint Online?
You can limit access by setting permissions at the site collection level, site level, list level, and item level. You can also use security groups to manage a set of users as a single entity.
How can a guest user be added in Microsoft Teams?
Guest users can be added to Microsoft Teams through our Teams client by entering their email address in the ‘Add Members’ field. The added guest will then receive a welcome email with instructions on how to access the team.
What is Sensitivity Label in Teams and how can it be utilized?
Sensitivity labels in Teams define the level of secure access necessary for the associated team’s content. After determining the sensitivity levels needed, you can associate settings with them such as privacy, external user access, or unmanaged device access.
How can you restrict certain users from creating teams in Microsoft Teams?
You can restrict team creation by using Azure Active Directory PowerShell to manage who can create Office 365 Groups. Only those individuals or security groups specified will have the ability to create Microsoft Teams.
How can you secure SharePoint Online data while allowing external sharing?
SharePoint Online can be secured while still allowing external sharing by using features such as sharing links that can be set to expire after a certain time, limiting the permissions of the shared file or folder, or by requiring a guest account in Azure AD for external sharing.
What is Multi-Factor Authentication (MFA) and how does it play a role in managing access configurations?
MFA is a method of authentication that requires the use of more than one verification method and adds a critical second layer of security to user sign-ins and transactions. It plays a pivotal role in protecting the security of your Microsoft 365 environment.
Can you manage SharePoint Online and Microsoft Teams access configurations on a mobile device?
Yes, Microsoft provides a mobile app for administrators named ‘Microsoft 365 admin center’ that helps manage and monitor access configurations for Microsoft 365 services including SharePoint Online and Microsoft Teams from any location.
How can you manage the access configurations for those who leave the organization?
By using Azure Active Directory, you can delete the user’s account which would in turn delete their Microsoft Teams data and revoke access to SharePoint.
How can you restrict guests from accessing certain files in Microsoft Teams?
For guest access, Teams comes with guest permission settings. You manage a guest’s capabilities by applying a set of Teams policies to the guest user account.
How is SharePoint Online beneficial in managing access configurations?
SharePoint Online allows administrators to deploy, manage, and control access to content across their organization, set up rules and restrictions about who can access certain information, and even allows control of access on a site-by-site basis.
Who can configure settings for SharePoint Online and Microsoft Teams?
Typically recommended personnel include network administrators and IT professionals who manage the IT infrastructure in an organization. This helps in maintaining the security and integrity of the companies’ data.