Microsoft Teams is the latest application to be released on the Office 365 platform. Teams is Microsoft’s answer to the latest generation of persistent chat products currently available on the market. With further updates and expanded integration with other O365 products it could see considerable uptake.
I decided to take a look at what happens when a team is created to better understand the moving parts underneath the hood and if this could assist when administering individual teams such as modifying membership and owners. If Teams become popular and begin to proliferate then finding a way to automate or simplify the administrative tasks involved would be beneficial.
Whilst no powershell module created specifically for Teams is currently available there are portions of the solution that can be administered by powershell such as Office 365 groups however I found this brings a mixed bag of results.
To be fair to Teams is a very new application and I wouldn’t hesitate to believe Microsoft will be focusing a lot of energy to deliver a compete solution to reach its full potential.
What happens when you create a team
When creating a team within Microsoft Teams using either the desktop app or web client a number of things occur behind the scenes
- Office 365 Group is created. Group members are granted access to the team and content. Group owners have additional administrative rights. By default Teams belong to private groups.
- Sharepoint site created to host content
Microsoft Teams makes use of Office 365 groups as they grant access to resources and reference sharepoint for additional functionality such as shared workspace for conversations, files, and calendar events.
The first thing I did was to create a couple of groups. Below you can see teams as seen from the desktop app, the related Office 365 groups, and sharepoint site.
Example Teams after cretion
When a team is created a corresponding Office 365 group is created
Some of the Office 365 group attributes utilised by Teams
Sharepoint site automatically created for a team
Modifying Teams using Powershell
Because Teams groups rely on Office 365 groups I decided to see if it was possible to add Team members via powershell using the following command
add-unifiedGroupLunks testteam2 –linkType Members –link email@example.com
A few moments after adding the account to the Office 365 group Test Team 2 appreaed in the application.
Test Team 2 is now available
The next step was to test removing members via powershell using the following command
Remove-UnifiedGroupLinks testteam2 -LinkType Members -Links firstname.lastname@example.org
The group then disappeared from Teams
Access to Test Team 2 has been removed
So far this looks to be a viable method of adding and removing team members. However once an account has been removed from a teams corresponding Office 365 group using powershell there was an issue if the account was re-added. Whilst the account is now a member of the Office 365 group the team would never show to the user within the application.
Account for Paul Maggs re-added to Office 365 group as a member
Team does not update to reflect this change
Re-adding accounts to the team was still possible when an owner granted access from the application.
Unlike re-adding accounts via powershell which was unsuccessful it was possible to continually remove accounts from an Office 365 group to revoke access.
Another scenario was adding team owners via powershell using the following command
Add-UnifiedGroupLinks testteam2 -LinkType Owners -Links email@example.com
Account for Paul Maggs now has owner rights
The same occurs if an account is re-added to the Office 365 group as an owner. The account will display as an owner when querying the Office 365 group however will not have owner administrative rights available from within the application.
Paul Maggs account is listed as an Owner
Owner controls not granted in Teams web app when account added to Office 365 group using powershell.
It’s quite clear adding Team members and owners works best using either Teams web or desktop app. There may be additional steps available to correctly assign permissions using powershell however I am unaware of them at this point in time.
A few other things I learn’t from this process –
Team display names do not need to be unique and this is also reflected with Office 365 groups –
Duplicate team names
Duplicate Office 365 Group name. Note smtp address is unique
Even though the group names are the same a number of unique attributes exist. Here’s an example of a few –
If you’re planning on deleting any Teams then I suggest you do so using the Teams web or desktop app and by doing so the deleted team is no longer viewable. The office 365 group is also removed however the sharepoint site seems to remain. I’m not overly familiar with Sharepoint so there could be additional tasks that need to occur.
Another thing that seemed rather strange was if a Teams Office 365 group is deleted then the Team is still remains in the Teams web or desktop app and I could continue to view and add to persistent chat however files and notes were no longer available.