Is there a way to restrict access to a SharePoint folder to only internal Organization Members of a Microsoft Team

0
votes

I have created a Microsoft Team called Foobar inside my organization. In this team I have added the following members:

  • Alfie
  • Brenda
  • Charlie (Guest)
  • Dalton (Guest)

Alfie and Brenda are employees and have an organization account. Charlie and Dalton are clients and are invited as Guests to the Team.

Now within SharePoint I have the following User Groups for restricting access to libraries:

  • Everyone
  • Everyone except external users
  • Foobar Members
  • Foobar Owners
  • Foobar Visitors

The first two Everyone options are not viable as I also want to restrict access within the organization to only the current Team members and the Foobar Members option is not viable since Guests are seen as Members.

Is there a way to create a user group that meets the following access restriction?

  • Foobar Members that are not Guests (so only organization accounts)
1
sharepointmicrosoft-teams

1 Answers

0
votes

I have formulated the following solution for my issue.

  • The Foobar Team has a Sharepoint site on the following url https://myorganization.sharepoint.com/sites/foobar
  • When you add a private channel in this team, SharePoint will create a child site on the following url https://myorganization.sharepoint.com/sites/foobar-privatechannelname.
    • This child site is only accessable to the members of the private channel.
    • And a private channel can only contain members that are already in the team.

Using PowerShell Cmdlets with the Microsoft Teams module I have automated this solution to my problem.

  1. Retrieve all users from the Foobar team.
  2. Filter the users on organization members only using their UPN.
  3. Create a private channel.
  4. Add the organization members of the team to the private channel.
# Get the team 
$MyTeam = Get-Team -DisplayName "Foobar"

# Get the team users 
$MyTeamUsers = Get-TeamUsers -GroupId $MyTeam.GroupId

# Filter on organization users 
$MyOrganizationUsers = $MyTeamUsers | Where-Object { $_.User -match ".*@organization.com"

# Filter on team owner
$TeamOwner = $MyOrganizationUsers | Where-object { $_.Role -eq "Owner" } | Select-Object -first 1

# Create a private channel
$Channel = New-TeamChannel -GroupId $Team.GroupId -DisplayName $PrivateChannelName -MembershipType Private -Owner $TeamOwner.User

# Loop through team users and add them to the private channel
$MyOrganizationUsers | Foreach-Object -Process {
    Add-TeamChannelUser -GroupId $Team.GroupId -DisplayName $PrivateChannelName -user $_.User -role $_.Role
}