Compliance Tip - Dynamic Membership and Microsoft Teams

Date:Sunday, Dec 8, 2019
Author: Paul Maggs
Reading Time: 4 minutes
Tags: Security and Compliance
Categories: Compliance Tips

Defining membership of a Microsoft Teams team

The default behaviour of how membership is populated for a Microsoft Teams team is determined by the security permissions assigned to the team. The permissions may be assigned as either public, where people within an organisation have the ability to add themselves as a member, or private, where people within an organisation can request to join or an owner may add them on their behalf. Public and private teams have their use cases and is determined by the team creator. What if you want membership automated?

Dynamic membership?

There is another method to assign members to a team whereby they are automatically assigned membership to a team based on the attributes of their Active Directory user account. In this instance, an Azure Active Directory Office 365 group configured for dynamic membership underpins the team which assigns membership based on a query run against user accounts (dynamic membership is also valid for devices, however, is not applicable to O365 groups). When the query returns a positive match, the account is automatically added to the Office 365 group, the underlying mechanism for applying teams membership.

Working with teams using dynamic membership

There are several ways to create a team utilising dynamic membership. Unlike a standard team, teams using dynamic membership require additional administrative overhead during the creation or configuration phase, however, team owners will not need to update membership from this time forward due to automatic updates.

There are multiple ways to establish a team with dynamic membership:

Additionally, keep the following in mind when using dynamic groups:

How do dynamic groups assist with compliance?

Organisations that diligently have their directory services data up to date can take advantage of dynamic membership for Office 365 groups to control who is or who is not a member of a team. For example, the finance department have deployed a team to contain conversations, files, and data that should only be accessible by those who are members of the finance department, and to block access to anyone outside the finance department. Dynamic membership also has the added advantage of controlling who can be promoted as a team owner.

Additional information

Dynamic Membership Examples

The below examples highlight some of the behaviours exhibited by a team using dynamic membership. Click each image for a more detailed view.