Set Office 365 groups private by default
We're in a school environment and teachers are creating Office 365 groups and some of them shared information about students in them.
Although we've instructed them to change the accesstype to private, there are still groups being made which remain public.
Thank you all for your comments.
Based on your feedback, we are updating the default privacy setting for groups created across all five Outlook endpoints (web, PC, iOS, Android, and Mac) to be private by default where only approved members can see what’s inside the group. For customers that want to continue with the existing behavior of public by default (where anyone in your organization can see what’s inside) we are providing an Exchange Online PowerShell cmdlet to define the default value. This update will gradually rollout to all Outlook endpoints in the coming months starting with Outlook on the web.
Keep your feedback coming.
Jason Benway commented
Groups are created by many different o365 apps (email, teams, power bi, etc) Can you confirm this upcoming change will set all o365 groups to private by default?
Alex Vincent commented
Really pleased to see this change coming. Can you confirm if this will also apply when creating a Team site connected to an Office 365 Group from the SharePoint Home?
Jelle Vande Walle commented
Same here. We are part of an educational facility.
1) Everybody can create groups ==> how can we forbid our students from creating public groups? The teachers should be able to create public groups. Without giving the admin rights, that is!
2) The option should be set to private as a default.
Sam Vokes commented
Any ETA on this? I have customers crying out for this functionality!
Richard Egginton commented
What is the ETA on this functionality?
Lee Oliver commented
I strongly agree. Groups should be private by default. We have had serious data breaches because staff docs have been made available to students.
Tim Coates commented
This creates the need to constantly monitor new group creation. Especially in a school setting. Almost forces you to disable groups entirely.
Patrick Smalley commented
This needs to happen, we have many customers where default public permissions are not ideal, please address this.
Following a best practice of least required access, why would you create a group that is open to everyone, instead of forcing the user to expand access once the need is identified. This current model of making a group public upon creation goes against Microsoft's basic guidance on user access settings.
David Hoeft commented
Teachers are creating groups and are missing configuring as private. As a result "for teacher eyes only" emails are accessible by students.
Hugo Carvalho commented
Same issue to... a lot of groups created as Public what is a real security issue for my company. Please, make possible to set Private as default type or better to be able to remove Public type from list.
same here, lot of effort, we have to contact weekly all group owners with the request to change to private. We have weekly between 500 and 1000 new groups.
We have 95,000+ students and need Private as a default. Even when classes are synched via School Data Sync the groups are created as Private, because the information should be private.
Can you provide an update on this as a Priority please
Peter Stokes commented
Please set this to Private by default and maybe provide an setting for Public/private either in PowerShell or GUI. Have a customer that is involved in multiple sectors and ended up having high level groups that could have been accessed by staff at a lower level.
is there already a solution for this??
Default setting should be Private. Default settings should be controlled by an administrator
Vote for private by default.
Same here at our school. This already led to a huge shitstorm concerning privacy issues. Pleaser consider giving the global admin the opportunity to change this globally.
Ken H commented
Would love to have an Admin choice to set the default to Private versus Public. In a regulated environment, like drug development, groups need to be Private. Sure, a PowerShell command can be run to convert them, but that means the script needs to be run frequently, potentially several times a day. Microsoft can set the default to Public, but give me the option to change it for my environment.