Purpose

As an Owner of a Microsoft SharePoint site or Teams space, you play a critical role in protecting institutional data and ensuring compliance with security and governance policies.  This guideline outlines your responsibilities to secure data, manage access, and periodically review permissions.

Data Security Responsibilities

1. Ensure that your Teams space is Private unless the data has been authorized for public sharing.
   1. Open your Teams space in the app or in the web portal at https://portal.office.com.
   2. Click ... to open the Settings menu and select Manage team.
   3. Click Settings on the menu bar.
   4. Review your Team details and look for icon.  This icon indicates your Teams space is Private.  If you do not see this icon, click Edit and adjust the Privacy level to "Private - Only team owners can add members".  
2. Ensure your SharePoint Site Permissions are managed.
   1. Click the settings (gear icon) in the top-right corner.
   2. Click Site Permissions.
   3. Review:
      1. Site Owners, Members, and Visitors (internal users).
      2. External Users listed under "Guest" or "Advanced permissions".
   4. Adjust or remove permissions as needed.
   5. Click Change how members can share.

Access Management

1. Review your Teams space membership.
   1. Click Members on the menu bar.
   2. Owners have full control of the Teams space.  Ensure only authorized users are granted the Owner role.  We also recommend having at least 2 individuals in the Owners group.
   3. Members and guests can upload and share files, post chat messages, and more.  Ensure only authorized users are granted the Member or Guest roles.
   4. Ensure that users are removed when they no longer require access.
   5. Avoid granting "Everyone" or "Everyone except for external users" access to sensitive data.

Periodic Access Reviews

When you create a Microsoft Teams space, an associated SharePoint site is automatically generated in the background.  This site serves as the central document storage location for the Teams space, ensuring that all shared files, meeting recordings, and collaborative content are securely stored and accessible to team members.  Each channel in Teams has a corresponding folder within the SharePoint document library, and when files are uploaded in Teams, they are actually stored in these SharePoint folders.

As a Teams Owner, you are responsible for managing access to files stored in the associated SharePoint site.  To conduct a sharing review, follow these steps to locate the site:

1. Open Teams and navigate to the desired Team.
2. Select the Files tab within any channel.
3. Click ... and select Open in SharePoint.
4. This will direct you to the underlying SharePoint document library for that specific Teams channel.
5. Click the settings (gear icon) in the top-right corner.
6. Click Site Usage.
7. In the section named Shared with external users click Run report.
8. Choose a folder in an existing document library to store the report.
9. You will receive an email notification once your report has run.
10. You can find files with Organizational or Anonymous links by reviewing Column H of the report.  Look for files that show a SharingLink, Everyone OU, or an individual who should not have access.
11. Remove external access where it is no longer needed.

• Browse to the files with links and click the … more options button.
• Select Manage Access. 
• Review the People tab.  If an individual has been granted access via a company-shared link, Click on a person’s name to edit/remove permissions.

• Review the Groups tab.  Click on a Group name to update their access.

​​​​​​​

• Review the Links tab.  Look for links shared externally (e.g., “Anyone with the link can view/edit” or “People in University of Oklahoma with the link can edit”).  Use the delete button to remove links granting access

​​​​​​​