Overcoming Limitations of SharePoint Sites Associated with Teams Private and Shared Channels: Tips and Hacks
Introduction
Microsoft Teams offers private and shared channels as specialized collaboration spaces to cater to different organizational needs. While these channels provide enhanced security and collaboration features, they come with specific limitations and management challenges, particularly around the associated SharePoint sites.
This post covers some limitations, and management tips for SharePoint sites associated with private and shared channels, including PowerShell hacks and governance practices to overcome these challenges.
Managing SharePoint Sites for Private and Shared Channels
SharePoint sites associated with private and shared channels are special types of sites with the limitations as identified by Gregory in his blog post Why you should never mess with Private and Shared Channel SharePoint Sites related to the inability to attach to a hub directly, being accessible from the Teams interface mainly, and inability to manage permissions at the site level, and with constrained external sharing.
Searchability : contents not searchable at hub and parent team
Even the parent team is associated with a SharePoint hub, the contents within private/shared channel are not searchable from the Hub Site or Parent Team site. This is not ideal if some contents of private/shared channels need to be searched at the hub level.
The contents of the private/shared channel are searchable at the channel site or home site or within Teams.
The solution proposed by Gregory is to convert a Team into a hub, and it will connect the channel sites to the Hub to enable search from associated private/shared channels from the parent team site.
Hub associations should be limited to 3 levels to ensure viewers can search for content on associated sites.
From an information architecture point of view the Team Site hub can’t be more than 3 levels down to allow search to work through the associated private/shared channels from the first level hub.
After converting the Parent Team to a hub and waiting for a couple of hours, the search experience changed to search across sites and brought the contents from the associated sites.
A maximum of 2,000 hub sites can be created for an organization including hub-to-hub associations.
The approach of converting a Teams site into a hub site may not always work if there are many Teams sites with private/shared channels data that need to be surfaced up to the Parent Team.
Permissions management
Private and shared channel permissions can’t be managed at the site level from the user interface.
However, permissions can be managed at the SharePoint Admin Centre, for example, I have added a group to the Site Visitors.
Permissions inheritance can also be broken at the library level, for example, I added the claims ‘Everyone except external users’.
Some site settings are not allowed on channel sites
As per SharePoint site template and site script overview the following can not be done on channel sites:
- Applying a theme
- Adding links to quick launch or hub navigation
- Setting regional settings for the site
- Adding principals (users and groups) to SharePoint roles
- Setting external sharing capability for the site
Support for metadata
- Content types can be synced from the enterprise content type hub
- Additional libraries/lists can be created at the channel level
- Additional columns can be created
SharePoint Site URL rename
The site URL of private and shared channels follow a naming convention with a dash as shown in the table below.
| Channel Type | URL Format Example |
|---|---|
| Private Channel | <ParentSharePointSiteUrl>/<ChannelRelativeUrl> |
| Shared Channel | <ParentM365GroupName>/<ChannelRelativeUrl> |
The SharePoint site URL of private and shared channels can’t be updated from the user interface.
If changes are done to the Parent Name/URL or Channels’ names it will result in a mismatch of the associated channel URL.
However, using PowerShell, it is possible to rename the site URL for the shared channel and private channel.
#Parameters
$AdminSiteURL="https://reshmeeauckloo-admin.sharepoint.com"
$OldSiteURL = "https://reshmeeauckloo.sharepoint.com/sites/TestClone2-Private"
$NewSiteUrl = "https://reshmeeauckloo.sharepoint.com/sites/TestChannel-Private"
#Connect to SharePoint Online
Connect-SPOService -Url $AdminSiteURL
#Change SharePoint Online site URL
Start-SPOSiteRename -Identity $OldSiteURL -NewSiteUrl $NewSiteURL -Confirm:$false
Navigating to the old url https://reshmeeauckloo.sharepoint.com/sites/TestClone2-Private redirects to the new Url https://reshmeeauckloo.sharepoint.com/sites/TestChannel-Private
The redirect urls created as the result of the rename can be deleted without affecting access to the private/shared channels within Teams.
Naming convention can be enforced through provisioning process. However due to organisation or team restructuring Teams or channels name may need to be updated.
Taxonomy feature and Managed Metadata
Taxonomy feature is not enabled by default with managed metadata columns disabled within the private/shared channel associated sites. To allow the use of managed metadata columns, the taxonomy feature can be enabled.
Enable-PnPFeature-Identity 73EF14B1-13A9-416b-A9B5-ECECA2B0604C -ScopeSite -Force
Check this guide Ensure Taxonomy Feature in SharePoint Sites Connected to Private/Shared Teams Channels for more details.
Ownership Management and Potential Risks
Channel permissions are synched to SharePoint permissions in the backend. While the parent team is backed by a M365 group which is easier to manage and apply some additional controls like M365 ownerless policy, refer to Microsoft 365 ownerless group policy, channel permissions are a bit more complex to manage.
Potential ownerless channel issue
Automatic promotion of a member to the owner role for both private and shared channels when the last channel owner leaves the organization or is removed from the M365 group associated with the team. The channel becomes ownerless if there are no members left to promote. Always consider assigning at least 2 owners for the channel to avoid this situation.
Retention policy not inherited from Parent Team
When a Retention Policy is published to a Microsoft Teams SharePoint site, it does not apply to private, and shared channel files within the Team.
From Purview Retention Policy Questions from the Field
Multiple SharePoint sites (each for the channel it relates to) needs to be specified for the retention policy:
- The main SharePoint site backing the Microsoft Teams to include all standard channel content stored in SharePoint.
- The SharePoint site URL for EACH private channel’s site collection to include each private channel’s content stored in SharePoint.
- The SharePoint site URL for EACH shared channel’s site collection to include each shared channel’s content stored in SharePoint.
Key differences between private and shared channels
| Feature | Private Channels | Shared Channels |
|---|---|---|
| Purpose | For confidential conversations within a team. | For collaboration with people inside and outside the team. |
| Membership | Only specific members of the team can be added. | Can include members from different teams and external users. |
| External Collaboration | Limited to team members and guests. | Allows collaboration with external users without adding them to the entire team. |
| Use Cases | Sensitive projects, confidential discussions. | Cross-functional projects, external partnerships. |
| Maximum Channels per Team | Up to 30 private channels per team. | Up to 1000 shared channels per team (maximum number of channels for a Teams). |
| Maximum Members per Channel | Up to 250 members per private channel. | Up to 25,000 members per shared channel. |
| Meeting within Channel | Channel meetings can’t be scheduled. | Channel meetings can be scheduled. |
| Channel Creation | Any Team member or owner can create by default. These can be changed using policies. | Only a Team owner can create by default. These can be changed using policies. |
In addition to the differences highlighted above which might guide which type of channels to select, additional points to consider are:
External collaboration
Using a shared channel can help with oversharing, overcoming the need to add a person at the Teams level before granting permissions at the private channel. Shared channels do not allow a non Microsoft Entra account like a Gmail account to be added.
Private Channels allow non-Microsoft accounts, e.g., Gmail accounts, to be added as long as the user is added at the Teams level as a guest user, allowing the user access to all contents within the Teams.
Shared channels would be the preferred option for secure collaboration with external users. It requires the setup of B2B establishing trust between domains.
Meetings: Private Channel meetings can’t be scheduled.
Limitations for both Shared and Private Channels
- Channel Flexibility:
Channels cannot be converted between private and shared types.
- Features and Apps:
Limited support for some apps (e.g., Planner, Bots, Connectors).
- Template and Copy Restrictions:
Teams templates cannot include private/shared channels. Private/shared channels are not copied when duplicating a team.
A provisioning tool can be considered for private and shared channels.
- Notifications:
Activity from private/shared channels does not appear in missed activity emails.
- Permissions and Read-Only Access:
Lacks a read-only access model like the Visitors group in SharePoint.
- Limited tabs
Lack support for some tabs like Planner.
Conclusion
The purpose of Private and shared channels is for collaboration but come with specific governance and management challenges around the associated SharePoint site.
As Gregory mentioned in his post Why you should never mess with Private and Shared Channel SharePoint Sites, private and shared channels are create-and-forget types. They are meant to be accessible from Teams and are for secure collaboration on files. However, due to the architecture of spinning a separate SharePoint site, they have the limitations mentioned above. There are some hacks around permissions management outside of Teams, renaming of Site URLs associated with private and shared channels through PowerShell, and enabling search of contents from private and shared channels from the Parent Team SharePoint site.
It is advisable to keep a flat structure and simple. SharePoint is the backbone of the document management system in Microsoft Teams. For every team, function, or project that requires different permissions, try to have its own SharePoint site to make it easier to manage permissions at the top level, i.e., M365 Group or SharePoint groups without any broken permission inheritance and use private or shared channels judiciously.
Feel free to reach out if you have any tips, tricks, or limitations with shared or private channels associated SharePoint site.
References
sharepoint-hubs-or-teams-with-private-and-shared-channels
Why you should never mess with Private and Shared Channel SharePoint Sites
Collaborate with external participants in a shared channel (IT Admins)
create a hub for all the teams channel sites
Purview Retention Policy Questions from the Field