I Have No Confidence in Our File Permissions! (Episode 64 Transcript)

Hey everyone! Glad you could make it!
This is the 1,001 Business Problems Solved with Microsoft Teams podcast and today I’m going to tell you how to avoid the embarrassing and potentially disastrous situation where confidential documents are unintentionally left accessible to those-who shouldn’t see them.
These couple of insider tips will also prevent employees having to seek access to files they should have access to all along.
I’m Annie Rynd and I tell you a new tip or trick to solve business problems every Monday, and I try to do it in under six minutes. Today, I think I can give you some killer tips in under four minutes. So, let’s get right to it.
You know we’re great fans of Teams and Microsoft 365 around here, but let’s face it. Permissions setting is sometimes confusing, even for your best IT gurus.
If you’re a business owner or manager, the second tip I’ll share with you is one you should require your Teams and SharePoint admins to do. And, if you’re one of those employees who manage permissions, I think these two tips will help you avoid the embarrassment that comes with accidentally leaving a folder or file open to those who shouldn’t see them.
So, tip number one is that unless you need to quickly give an individual permission to a folder or file due to an emergency, you should do your very best to only grant permissions to security groups. Microsoft 365 security groups are those groups automatically created every time you build a new Teams site. You can also build them as stand-alone groups, but most often, security groups are just groups of employees who are members of a Teams site.
Why do this? Well, first of all, it is way too much housekeeping to maintain permissions for individuals. If you grant permissions to Teams rather than individuals, that means that when a new employee is added to a Teams site, that person automatically gets access to everything the current members have across all of three-sixty-five. That saves so, so much time, and it prevents that new employee from having to ask for access every time they need to open a new folder or file.
To summarize that tip, always add Security Groups or Teams to your permissions rather than adding individuals.
Now, here’s that second trick that I believe you should require administrators to do whenever they work with permissions in Teams or SharePoint document libraries.
You should require them to run what we call, positive and negative tests on everything they set or change permissions on.
So here’s the scenario.
You just altered permissions on a confidential folder or file. Since even the most experienced Microsoft 365 genius may goof up on permissions setting, it is best practice to check permissions for employees who should have certain access, as well as for employees who should not have access.
Here’s how you do it.
From whatever context you are working on permissions, whether in Teams or SharePoint, you want to access the advanced settings when you are in the permissions dialog box. Now, it varies on how you get there, but you want to get there.
As you should always do when you don’t know how to do something in Microsoft, just ask Copilot how to do it. In this case, ask Copilot, how do I get to the advanced permissions settings page in Teams or SharePoint?
So, once you’re at the advanced settings page for the folder or file, you’ll see a “ Check Permissions ” button in the ribbon. Click that, and then enter the names of employees who should have access. You have to test them one at a time. You only need to check one member from each security group or team, but when you do that, it will tell you what permissions that person has.
Once you’ve determined the right people have the right access, now you want to test a couple of employees who should not have access.
I like to check employees who are as close to the security group’s role as possible, but who are not in it. Make sure it says those people don’t have access.
Then, test some employees who absolutely, under no circumstances, should have access.
Once you have determined your permissions are set correctly, you’re good to go, and I guarantee you won’t get embarrassed going forward. Well, at least not for permissions! It’s on you if you have spinach in your teeth at a business meeting!
So, this took a minute or two longer than I thought it would, but I hope it met your expectations.
I’m doing my best to help you do things in Teams yourself, but if you are sold on the value of strategically aligning Teams with your business but want it done ASAP, please let us know.
Our passion is helping clients become at least 30% more efficient within 30 days. If you go to countyquest.com, you can learn more about enlisting our help and how we do it.
Well, that wraps things up for today. I’ll see you this time next week. This is Annie, signing off!

NOTE: Did you notice the misspelling in the AI-generated image accompanying this article? Just another reminder that AI is powerful, but it is far from perfect. Always double-check AI results, especially when the product is of great consequence!