1. How do I know if I’m an Owner?
In Microsoft 365, Owner is a built-in role with elevated permissions. The Owner role exists in:
- A Microsoft Teams workspace.
- A SharePoint Online site (including sites linked to Teams).
- A Microsoft 365 Group, which manages membership across Teams and SharePoint.
Not sure if you're an Owner?
- In Teams: Go to the team name > More options (…) > Manage team
- In SharePoint: Select Settings > Site permissions. If you can manage permissions, you're an Owner
- In Microsoft 365 Groups: Go to Outlook on the web > Groups > Settings, or open the group in Microsoft 365 Admin Center
- If you don’t have access to the Admin Center, contact your local IT Support to verify group ownership
2. What can Owners do in Teams, SharePoint, and Groups?
Microsoft Teams
- Roles: Owner, Member, Guest
- Owners manage team settings, members, permissions, and apps
- Members collaborate but cannot change permissions
- Guests have limited access and are managed by Owners
SharePoint Online
-
Roles: Owner, Member, Visitor
- Owners manage site settings, permissions, and sharing
- Members usually edit content
- Visitors have read-only access
Microsoft 365 Groups
- Groups manage the shared membership list for connected services like Teams and SharePoint
- Group Owners can add/remove members
- Group Members automatically get access to both the Team and SharePoint site
- Managing Group membership affects all connected tools
3. When should I check my security settings?
Review or update access when:
- A new Team, SharePoint site, or Group is created
- Members join or leave the team
- You receive alerts about sharing outside the organization
- Your team works with sensitive (HR, legal, finance) content
- It’s been more than 90 days since your last access check
4. Policy Requirements for Microsoft 365 Owners
If you're an Owner, you're responsible for enforcing your organization’s access and security policies.
Typical responsibilities include:
- Control access
Only give access to users who need it. Remove it when they no longer do.
- Manage external sharing
Share externally only with authorization. Use limited access links.
- Review access regularly
Aim for a review every 90 days.
- Protect sensitive content
Use sensitivity labels and secure locations for private data.
- Follow internal policy
Adhere to the Data Classification Standards for storing and sharing data.
5. Reviewing Roles and Membership
Regularly check who has access—and through what roles—to keep your Microsoft 365 environment secure.
Microsoft Teams
1. Review membership
2. Owners
- Full control of settings and permissions
- Limit to trusted users
- Have at least two Owners
3. Members and Guests
- Can share files, collaborate, and chat
- Assign only to active users
- Remove when no longer needed
4. Avoid broad access
- Don’t assign “Everyone” or “Everyone except external users” in sensitive Teams
SharePoint Online
1. Review site permissions
- Select Settings > Site permissions
- Review users and groups under Owners, Members, and Visitors
2. Site Owners
- Control site configuration and access
- Keep this group small and trusted
- Have at least two Site Owners
3. Members and Visitors
- Members edit, Visitors view
- Assign based on job need only
4. External and broad access
- Avoid giving broad access to sensitive content
- Review links and guest access often
Microsoft 365 Groups
What is a Group?
A Microsoft 365 Group is the shared membership list behind your Team and SharePoint site. When you add someone to the Group, they automatically gain access to both.
Why it matters:
- You may not see a user listed in Teams or SharePoint directly—but they still have access because they’re part of the Group
- Removing someone from the Group removes their access across connected services
Group Owners:
- Can manage membership from Outlook, Teams, or the Microsoft 365 Admin Center
- Should review membership regularly
Tip: Always check both direct user assignments and Group membership when reviewing access.