New Test Lab Guide for an isolated SharePoint Online team site

  • Article

SharePoint Online team sites in Office 365 allow you to quickly and easily create new sites for public (organization-wide) or private (confined to group membership) collaboration.

To create one, you fill out two panes of information about the new site. The Let’s create a team site and group pane collects the team site name (which becomes the name of an associated Office 365 group), its privacy setting (either Public or Private), and a description.

The Who do you want to add? pane collects additional Office 365 group owners and members.

For both public and private team sites, here are the resulting Office 365 group properties:

  • Office 365 group name: Group email name from the Let’s create a team site and group pane
  • Office 365 group owners: the site creator account and those specified in Add additional owners from the Who do you want to add? pane
  • Office 365 group members: the site creator account and those specified in Add members  from the Who do you want to add? pane

For a public team site, here are the default permissions for the SharePoint Online site:

  • Site Collection Administrators: Group email name
  • [site name] Members SharePoint group: Group email name and “Everyone except external users”
  • [site name] Owners SharePoint group: None
  • [site name] Visitors SharePoint group: None
  • Access request settings:
    • Allow members to share the site: Enabled
    • Allow access requests: Enabled

Results:

  • All members of the Office 365 group associated with the site (Group email name) are Site Collection Administrators and have the Full control permission level
  • Everyone except external users can access the site with the Edit permission level
  • Members can share the site with others and others can request access

For a private team site, here are the default permissions for the SharePoint Online site:

  • Site Collection Administrators: Group email name
  • [site name] Members SharePoint group: Group email name
  • [site name] Owners SharePoint group: None
  • [site name] Visitors SharePoint group: None
  • Access request settings:
    • Allow members to share the site: Enabled
    • Allow access requests: Enabled

Results:

  • All members of the Office 365 group are Site Collection Administrators and have the Full control permission level
  • The only accounts that can access the site are the members of the Office 365 group
  • Members can share the site with others and others can request access

These set of defaults for both public and private team sites work well for many types of public and private collaboration.

However, what if you wanted to lock down a site dedicated to a secret project in your organization? Essentially, a site that is isolated from the rest of your organization and whose membership and permissions are tightly controlled by designated Office 365 and SharePoint administrators.

To create an example of this type of team site in Office 365, see the new Isolated SharePoint Online team site in your Office 365 dev/test environment Test Lab Guide (TLG).

This article steps you through creating a new site for ProjectX and assigning permissions so that only the members of the project—a lead researcher, a lead designer, a development Vice President, and a SharePoint administrator—have access to the site. Members cannot share any part of the site with other users in the organization and access is controlled by membership in Azure AD security groups that have been added to the default SharePoint groups for the site.

Here is the resulting group and permissions configuration:

You can combine this article with Sensitive file protection in the Office 365 dev/test environment and add Information Rights Management (IRM) to protect files created in the ProjectX site, even when they are downloaded and posted to another site.

 

To join the CAAB, become a member of the CAAB space in the Microsoft Tech Community and send a quick email to CAAB@microsoft.com to introduce yourself. Please feel free to include any information about your experience in creating cloud-based solutions with Microsoft products or areas of interest. Join now and add your voice to the cloud adoption discussion that is happening across Microsoft and the industry.