A group of people in a large team wants a focused space to collaborate without having to create a separate team. It reduces the number of teams created and slice them into channels. Also private channels is not visible to anyone unless you are a member of it or you own it.
Firstly we wanted to limit the users who can create teams. So we created a security group and only members of the specified group can create Teams. Before getting into Private channels lets see how to create dynamic membership to Teams. See how you can create Office 365 Groups with Dynamic membership now Create a similar Office 365 Group with Dynamic Membership (Requires Azure Premium P1). Microsoft 365 Business Premium customers have Azure Premium P1 in the package now as well.
If you don’t have Azure Premium P1 license or any equivalent license , you can see membership type is greyed out like below.
Once the Group is Created . if you have P1 license you can create Dynamic Membership rules based on department in my case.
Now you use teams client to create from Office 365 Group.
Choose Create from
Choose Office 365 Group
Choose Information Technology (The Office 365 group we created earlier) and click on create
Now the membership of the teams is dynamic using Department Attribute and new members are added automatically and members who are changing departments will be removed from the Team instantly as the department attribute changes. “This Team has membership settings that prevent you from adding or removing members” which shows membership is managed on the azure active directory which gives greater control when you manager large teams.
- The Advantages of this is One or Many Owners of the Department can create as many channels they want but they have to reach out if they wish to create a team across departments as we have limited teams creators based on my previous post.
- Owners of the Teams and Teams Creators (Based on a Group) can be managed by Azure Active Directory Admin Center. https://aad.portal.azure.com/
Owners of the Teams can be managed from Teams Admin Center as well https://admin.teams.microsoft.com/ As you can see below you can add a owner or promote a member to be a owner anytime where he gets access to create channels within teams. (As we have limited members to create unlimited channels)
- Channel owner cannot add members out of his team (In my case user cannot add out of information technology team) because membership is limited to based on department.
Now in the Channel updates like below , Team can receive updates instantly when users change departments in my case or any new joiners. (When department attribute changes in On-premises – Azure AD Connect Synchronizes to the cloud – Office 365 Groups takes care of the seamless dynamic membership. ) As this moment teams cannot hide these notifications.
As per the requirement from teams admin center.
Turned off – Adding New Channels and editing existing ones
Turned off – Adding,Editing and removing tabs
Turned off – Adding,Editing and removing Connectors
Turned off – Adding,editing and removing apps
Now
Disabled – Allow members to create and update channels.
Disabled – Allow members to delete and restore channels.
Now Added Channels as per the Structure
Good Part of Private channels is it shows only when you are member or owner of the channel.So instead of creating multiple teams we can use channels which is a perfect replacements of whats app groups
when infrastructure team member logs in it shows like below
For Application Team member
I couldn’t think of using teams without private channels. its serves a lot of use cases . We are limiting few things so that we don’t end up 100’s of office 365 groups in the backend. Freedom of creating teams and channels in a controlled manner it will help us govern on what’s happening. Group expiration and naming policy is the next level of optimization. For small business I don’t think of limiting anything if you are 200 user base. if you are 2000 userbase or above. Controlling these things definitely helps you on the audit day. As office 365 groups used provide permissions for documents and so on.
Few organizations have went on full fledge without group naming policy or group expiration . now they ended up with 100’s of groups with no clue where they are mapped to. if you are green field environment take some time to plan it. Every environment is different. So plan accordingly.
Hi Satheshwaran,
Great article works well, quick question. On my dynamically created teams people can’t see members.
Is there a way to make these visible?
It should appear soon. Takes some time at times . Make sure dynamic rule worked and it shows members in. Azure Portal
Have you ever had the problem that when you add an existing member as owner in a dynamic group and later remove the owner role again, the access as a member in the Teams application (web and client) doesn’t work anymore and this although it is correctly defined as a member in Azure (Dynamic Group) and in the Teams Administration?
We saw this issue in a private channel. where owner didn’t get the permission he was supposed to get. We remove him from the private channel and readded him to the channel and it worked.
The members are dynamically added to the dynamic group based on a rule. As a test, we have excluded and re-inserted the user via rule adjustment, unfortunately without success. As soon as a user is moved from member to owner and back as a member, this user has no access to this team site anymore, although correctly in O365.
Looks like you are hitting some strange issue . Reach out to Microsoft Support . Let me try on my tenant as well.
it took over 4 days, but now the members were synchronized. nerve-racking 😉 thanks anyway!
Thank you for the update . Nice to know .
Hi, are you able to add additional Dynamic groups to channels so that the owner doesn’t have to manually add users to each channel?
Private Channels doesn’t create a office 365 group in the backend. So, we cannot make it dynamic at this point. But we can script it using PowerShell if required.
You can also create a M365 or O365 group under Microsoft admin center without going to AAD. This reduces the teams manual step creation. but to make the group dynamic, you’ll need to got to AAD.
Hello Satheshwaran. Great article and really useful write-up! We have an existing team which we want to switch to dynamic membership. Is this possible without creating a new one? We tried adding an Azure AD group (not necessarily of dynamic type) as member of the team but its members are evaluated only one – upon making it a member of the team.
Properties of the group in Azure Active Directory. You can convert membership type from Assigned to Dynamic User anytime if you have P1 license.
HI, is there a way to make private channels to work also with dynamics groups? and not to add all members one by one.
Not possible at the moment natively.