The default behaviour of how membership is populated for a Microsoft Teams team is determined by the security permissions assigned to the team. The permissions may be assigned as either public, where people within an organisation have the ability to add themselves as a member, or private, where people within an organisation can request to join or an owner may add them on their behalf. Public and private teams have their use cases and is determined by the team creator. What if you want membership automated?
There is another method to assign members to a team whereby they are automatically assigned membership to a team based on the attributes of their Active Directory user account. In this instance, an Azure Active Directory Office 365 group configured for dynamic membership underpins the team which assigns membership based on a query run against user accounts (dynamic membership is also valid for devices, however, is not applicable to O365 groups). When the query returns a positive match, the account is automatically added to the Office 365 group, the underlying mechanism for applying teams membership.
There are several ways to create a team utilising dynamic membership. Unlike a standard team, teams using dynamic membership require additional administrative overhead during the creation or configuration phase, however, team owners will not need to update membership from this time forward due to automatic updates.
There are multiple ways to establish a team with dynamic membership:
Additionally, keep the following in mind when using dynamic groups:
Organisations that diligently have their directory services data up to date can take advantage of dynamic membership for Office 365 groups to control who is or who is not a member of a team. For example, the finance department have deployed a team to contain conversations, files, and data that should only be accessible by those who are members of the finance department, and to block access to anyone outside the finance department. Dynamic membership also has the added advantage of controlling who can be promoted as a team owner.
The below examples highlight some of the behaviours exhibited by a team using dynamic membership. Click each image for a more detailed view.
A group displays Membership type of dynamic when configured for dynamic membership:
Dynamic group queries are configured via the Azure Active Directory portal and are assigned against account attributes:
The query underlying the group using dynamic membership automatically updates members within 0 - 2hrs
Members cannot be added or removed using the teams client when dynamic membership is configured
Owners and members do not have the ability to leave the team