You may be unknowingly sharing confidential data with the whole organisation if your Microsoft Teams/Microsoft 365 Group permission settings are set to public.
Please note, by default the permission settings for a new Microsoft 365 Group or Team is Private, therefore if the settings are Public, this would have been selected manually.
There are private and public teams in Teams and Groups in Microsoft 365.
- Private Teams/Microsoft 365 Groups – Data of any kind (including Teams Meeting recordings) shared in these Private spaces are accessible only by members of these Teams/groups, unless permissions for the individual documents and meeting recordings are deliberately set to be shared more widely with others or the whole organisation.
- Public Teams/Microsoft 365 Groups – Data of any kind shared in these spaces (including Teams meeting recordings) is accessible by the whole organisation including staff and students. This leaves the University open to a data breach. Owners of public Teams/Groups should make sure all members are aware the settings are public.
When your Team or Group is set to Public in the permission settings, data of any kind, created or shared in this group, including meeting recordings, is going to be discoverable by all users inside the University, including staff and students. If confidential information is shared in these public teams/groups, this could be a potential General Data Protection Regulation (GDPR) breach.
How to change your privacy settings from Public to Private:
Change your Team in Microsoft Teams from Public to Private.
Change your Microsoft 365 Group from Public to Private.
How to check:
Teams
Not sure if your Microsoft Team is public or Private? You can check these settings in Microsoft Teams by following these instructions:
- Go into Microsoft Teams
- Select the ‘More Options’ cog icon that you will find next to the ‘Join or create a team’ button
- Select ‘Manage Teams’
- This window will give you a list of all your teams. Under the ‘type’ column, you can see a ‘Padlock’ icon symbolising that the team is private, or if it has a little ‘globe’ icon, it means that team is public*
*Class Teams – Class Teams are always private, and cannot be made public, so the content in a Class Team is only ever available to Teachers and Students (NB some older Class teams may be labelled as public in your list, but if they are a Class team, they will be private by default).
If you are unsure if your team is a class team or not, you can identify a class team as these groups have a Class notebook and Grades tab at the top of the screen where you find the files tab on your general channel.
Microsoft 365 Groups
To check if your Microsoft 365 Group is public or private, follow this guide to check and change these settings.