Best practices for Teams file sharing

[Hammer, Erich F]

Hi, all.

We are trying to formulate some recommendations for our users in the use of Teams file sharing as compared to more traditional SMB shares (and OneDrive, I suppose). Being security minded, I'm especially curious how folks manage the principle of least privilege when any individual file/folder in a Team/Channel can be independently shared, and it seems nigh impossible to identify what files/folders have different permissions from others without going through them all one-by-one.

Best practices for SMB are to grant a security group modify rights to a folder and set inheritance for the child files/folders. Owners/Managers of the folder can grant access to the contents of the folder as a whole, and (assuming no funny business) the security group membership is all that needs to be observed to know who has access to the entire structure. Even if something breaks down (like moving a file from a folder on the same drive with different access rights) and the permissions of a file are different, a sysadmin can reset the access to all child files/folders with a variety of tools.

Do Teams/Channel files/folders have any kind of equivalent? I know that owners can go into SharePoint and set the Team/Channel so that only they can share child items, but that still leaves quite a gap it seems to me. Should one owner decide to share something without informing the others or there is owner turnover or whatever, how do team members or sysadmins track those exceptions down within a massive folder structure?

Any suggestions, comments or references to experts' thoughts about this or best practices or management tools are welcome.

Also, is it me, or does file browsing/navigation/management via web(/Teams) interface (as opposed to Explorer or third-party replacements) just suck?

Thanks,
Erich


--
Erich Hammer Head of Library Systems
er...@albany.edu University Libraries
518-442-3891 University @ Albany

"Passionate hatred can give meaning and purpose
to an empty life." -- Eric Hoffer

[Michael B. Smith]

Avoid it. Use OneDrive instead. IMO, it's a better map to more traditional file/folder permission-based access.

Thanks.

Regards,
Michael B. Smith
Managing Consultant
Smith Consulting, LLC

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM8PR04MB7893464232D1C03D0CD6009CCC17A%40DM8PR04MB7893.namprd04.prod.outlook.com.

[Philip Elder]

Question: It's been a while since we've had to work with O365 and the SharePoint/ODfB setup.

Is the legacy console still available to set up check out/in, versioning, and reviews among other things we had to use the legacy console for? Or, is there a flashy new frontend to do that?

Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Skype: MPECSInc.
 
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/f9f12fa583bb4c83b6a17f83c52a60cc%40smithcons.com.

[Michael B. Smith]

There is still a SharePoint console, yes. It's changed, but it's still quite functional.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/06d8c1cc4adc46b8bcde66085ba7002f%40MPECSInc.Ca.

[Hammer, Erich F]

The problem with OneDrive is that it is personal. It's fine for an individual's files, and while they can share them with whomever they wish, when the owner leaves, the files disappear. Depending on who is using the files (potentially years later), that can happen without warning in a big organization where other people may not be privy to someone leaving. Team files are owned by the team, so even if everyone on the team leaves, the file remain and whenever a new team member comes along, they can access those files.

We have people who want to use Teams file storage for departmental and/or committee work. The big advantage over SMB shares is that users can simultaneously collaborate on documents.

Thanks,
Erich


On Monday, August 14, 2023 at 16:38, Michael Smith eloquently inscribed:

[Melvin Backus]

So for clarification and my education ( our environment is getting ready to migrate ) how would that differ from using a Sharepoint resource instead? I know all the personal OneDrive stuff is actually a Sharepoint folder anyway, but just with limited access.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

¯\_(ツ)_/¯

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Hammer, Erich F

Sent: Tuesday, August 15, 2023 8:49 AM
To: ntsys...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM8PR04MB78939DEAA5F1916D7F86A24ACC14A%40DM8PR04MB7893.namprd04.prod.outlook.com.

[Mayo, Bill]

I don't have any personal experience to offer, but I have been a bit surprised by this thread. Just a couple of days ago there was a thread on reddit where the majority opinion seems to be to not use OneDrive or Sharepoint as a replacement for a file server. The thread if anyone is interested: https://www.reddit.com/r/sysadmin/comments/15q6hq4/psa_do_not_host_autocad_files_in_sharepoint/

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Melvin Backus
Sent: Tuesday, August 15, 2023 9:01 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Best practices for Teams file sharing

EXTERNAL EMAIL: This email originated from outside of Pitt County Government. Do not click any links or open any attachments unless you trust the sender and know the content is safe.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/1ADD796D2529E94DB4552E7C1F12A21A01E003D7A1%40ATLEXCH04.byers.local.

[Michael B. Smith]

Everything is "it depends". OneDrive is just fine, in my experience, if you stay in the MSFT stack and are sharing Office documents and only have a few tens-of-thousands of files.

If your application doesn't speak what protocol MSFT uses for file-sharing these days, it'll be a disaster.

To Mr. Hammer's point - most companies have an off-boarding protocol that also tracks when licenses are removed. OneDrive becomes inaccessible 30 days after the user's license is removed. Before that point, a manager or co-worker can move files/folders around as appropriate.

I'm not a huge fan of Teams for file shares, because like public folders before them, they can become an administrative and compliance nightmare.

YMMV.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/9b5c1b2974ae4bd9b484783371a8eee2%40pittcountync.gov.

[Melvin Backus]

Based on that scenario the problem isn't surprising. Any application that isn't specifically coded to deal with it and is expecting a standard file share would have the same issue. The question I suppose really comes down to the use case.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/9b5c1b2974ae4bd9b484783371a8eee2%40pittcountync.gov.

[Hammer, Erich F]

On Tuesday, August 15, 2023 at 09:16, Michael Smith eloquently inscribed:

> To Mr. Hammer's point - most companies have an off-boarding protocol that

Mr. Hammer was my father. Despite getting older, I'm not sure I've earned that honorific yet. ☺

Erich

[Michael B. Smith]

Now OT. 😊

 

I've said that most of my adult life, whenever I was called "Mr. Smith."

 

However, when my younger son hit 15, he went through so many trials and tribulations in the span of a year or two, that _I_ went grey haired dealing with them.

 

Now I just accept the "Mr. Smith" as my due for living through that. 😊

 

Thanks.

 

Regards,

Michael B. Smith

Managing Consultant

Smith Consulting, LLC

 

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Hammer, Erich F
Sent: Tuesday, August 15, 2023 9:30 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Best practices for Teams file sharing

 

On Tuesday, August 15, 2023 at 09:16, Michael Smith eloquently inscribed:

--

You received this message because you are subscribed to the Google Groups "ntsysadmin" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM8PR04MB7893768C3D5417B4ABFC06BACC14A%40DM8PR04MB7893.namprd04.prod.outlook.com.

[Melvin Backus]

I wonder how many generations have used that logic to avoid the OMG moment you get when someone calls you that?

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

¯\_(ツ)_/¯

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Hammer, Erich F
Sent: Tuesday, August 15, 2023 9:30 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Best practices for Teams file sharing

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/DM8PR04MB7893768C3D5417B4ABFC06BACC14A%40DM8PR04MB7893.namprd04.prod.outlook.com.

[Hammer, Erich F]

Bill,

Thank you for sharing that. My gut feeling is in alignment with the majority opinion, but I have administrators pushing to consider using Teams instead of our SMB file server. I can see the advantage for short-term, collaborative stuff, but I'm struggling to give them an argument better than, "It doesn't feel right." They can see my hesitation and are at least willing to accept "best practices"; hence my question.

Your link gives me good ammunition to say that best practice is to not use Teams/Sharepoint as a replacement for file storage.

Erich


On Tuesday, August 15, 2023 at 09:06, Bill Mayo eloquently inscribed:

[Kuskie, Troy]

Yes, 100% Agree and thanks for saying it!

We have been using MyWorkDrive to bridge this modern "collaborative" push while maintaining the weighed and measured "File Server". Check it out... It has a Teams Add-on so users can get to that old school file share using the new must have fav Teams App. Pretty slick! It can also tie into Sharepoint and Onedrive to give end users a one stop shop for all things file sharing. This has helped us and we are a 100 man consulting engineering group using many flavors of AutoCAD, Revit, BIM360, AGI32, SKM, Bentley etc. etc.

Troy Kuskie
MIS
The RMH Group, Inc.

-----Original Message-----
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Hammer, Erich F
Sent: Tuesday, August 15, 2023 8:06 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Best practices for Teams file sharing

Bill,

Thank you for sharing that. My gut feeling is in alignment with the majority opinion, but I have administrators pushing to consider using Teams instead of our SMB file server. I can see the advantage for short-term, collaborative stuff, but I'm struggling to give them an argument better than, "It doesn't feel right." They can see my hesitation and are at least willing to accept "best practices"; hence my question.

Your link gives me good ammunition to say that best practice is to not use Teams/Sharepoint as a replacement for file storage.

Erich


On Tuesday, August 15, 2023 at 09:06, Bill Mayo eloquently inscribed:

> I don't have any personal experience to offer, but I have been a bit
> surprised by this thread. Just a couple of days ago there was a thread
> on reddit where the majority opinion seems to be to not use OneDrive
> or Sharepoint as a replacement for a file server. The thread if anyone
> is
> interested:

> https://link.edgepilot.com/s/1b475a7f/RYap8VWNMUKekzWMKHT99A?u=https:/

> /www.reddit.com/r/sysadmin/comments/15q6hq4/psa_do_not_host
> _autocad_files_in_sharepoint/
>
> -----Original Message-----
> From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On
> Behalf Of Melvin Backus
> Sent: Tuesday, August 15, 2023 9:01 AM
> To: ntsys...@googlegroups.com
> Subject: [ntsysadmin] RE: Best practices for Teams file sharing
>
> EXTERNAL EMAIL: This email originated from outside of Pitt County
> Government. Do not click any links or open any attachments unless you
> trust the sender and know the content is safe.
>
> So for clarification and my education ( our environment is getting
> ready to migrate ) how would that differ from using a Sharepoint
> resource instead? I know all the personal OneDrive stuff is actually a
> Sharepoint folder anyway, but just with limited access.
>

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://link.edgepilot.com/s/e3347fa5/1-nr4PsAakywk0veaTZH9Q?u=https://groups.google.com/d/msgid/ntsysadmin/DM8PR04MB7893C80D5E5652B2C9E90A0FCC14A%2540DM8PR04MB7893.namprd04.prod.outlook.com.


Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.


*** This message may contain confidential and proprietary rmhgroup.com // technologyplus.com information and is intended only for the sole use of the recipient(s). If you are not the named recipient you should not read, distribute or copy this e-mail. Please notify the sender and destroy this e-mail and any attachments and all copies. ***

[Philip Elder]

I always respond with, “Not necessarily wiser.” ;0)

 

Philip Elder MCTS

Senior Technical Architect

Microsoft High Availability MVP

E-mail: Phili...@mpecsinc.ca

Phone: +1 (780) 458-2028

Web: www.mpecsinc.com

Blog: blog.mpecsinc.com

Twitter: Twitter.com/MPECSInc

Skype: MPECSInc.

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

 

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/763500d065b34b9d85db1636b8ae771b%40smithcons.com.

[Aakash Shah]

We considered SharePoint and the OneDrive sync client but have reconsidered that due to the limitations and problems with the OneDrive sync client of 300,000 items across all libraries (including partially synced ones). For larger organizations with lots of files, especially if users may need access to multiple libraries, this will exceed the MS recommended limits.

We are currently trialing MyWorkDrive.

MyWorkDrive does not recommend opening AutoCAD files using the MyWorkDrive software:
https://www.myworkdrive.com/support/why-arent-some-file-types-suitable-to-open-via-myworkdrive/

They have a great support team. However in our environment, we have noticed the user experience is slow when using it with a SharePoint target (about 43 mb/min on average). Also creating new files takes about 3-15 seconds. We are working with their support team to troubleshoot this in our environment.

By default it is not syncing all of your data, but simply mounting/presenting it, which helps limit sync related issues and may account for why it is able to work with files sets of 300,000.

The other benefit is that it allows a user to continue to access/use SharePoint Online in parallel. So for users who may need to work from a web browser, they can also continue to access the files via M365 Online, and no separate permissions are needed. They do also have a web UI but it is much more basic when compared to OneDrive/SharePoint.

-Aakash Shah

> https://urldefense.com/v3/__https://link.edgepilot.com/s/1b475a7f/RYap8VWNMUKekzWMKHT99A?u=https:*__;Lw!!CzAuKJ42GuquVTTmVmPViYEvSg!LUQoGkNZre4_4_o8ZCuIr9I7Z20JbHnkC6lpT_ux5j9QKfm4GzSjoXOEihqr5927A8rOaBxvB97DnDA$
> /https://urldefense.com/v3/__http://www.reddit.com/r/sysadmin/comments/15q6hq4/psa_do_not_host__;!!CzAuKJ42GuquVTTmVmPViYEvSg!LUQoGkNZre4_4_o8ZCuIr9I7Z20JbHnkC6lpT_ux5j9QKfm4GzSjoXOEihqr5927A8rOaBxvajL00bE$

> _autocad_files_in_sharepoint/
>
> -----Original Message-----
> From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On
> Behalf Of Melvin Backus
> Sent: Tuesday, August 15, 2023 9:01 AM
> To: ntsys...@googlegroups.com
> Subject: [ntsysadmin] RE: Best practices for Teams file sharing
>
> EXTERNAL EMAIL: This email originated from outside of Pitt County
> Government. Do not click any links or open any attachments unless you
> trust the sender and know the content is safe.
>
> So for clarification and my education ( our environment is getting
> ready to migrate ) how would that differ from using a Sharepoint
> resource instead? I know all the personal OneDrive stuff is actually a
> Sharepoint folder anyway, but just with limited access.
>


--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://urldefense.com/v3/__https://link.edgepilot.com/s/e3347fa5/1-nr4PsAakywk0veaTZH9Q?u=https:**Agroups.google.com*d*msgid*ntsysadmin*DM8PR04MB7893C80D5E5652B2C9E90A0FCC14A*2540DM8PR04MB7893.namprd04.prod.outlook.com__;Ly8vLy8vJQ!!CzAuKJ42GuquVTTmVmPViYEvSg!LUQoGkNZre4_4_o8ZCuIr9I7Z20JbHnkC6lpT_ux5j9QKfm4GzSjoXOEihqr5927A8rOaBxvXylLErw$ .

Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.


*** This message may contain confidential and proprietary rmhgroup.com // technologyplus.com information and is intended only for the sole use of the recipient(s). If you are not the named recipient you should not read, distribute or copy this e-mail. Please notify the sender and destroy this e-mail and any attachments and all copies. ***

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://urldefense.com/v3/__https://groups.google.com/d/msgid/ntsysadmin/PH7PR06MB9123D563B92B1E6921D63AC0C314A*40PH7PR06MB9123.namprd06.prod.outlook.com__;JQ!!CzAuKJ42GuquVTTmVmPViYEvSg!LUQoGkNZre4_4_o8ZCuIr9I7Z20JbHnkC6lpT_ux5j9QKfm4GzSjoXOEihqr5927A8rOaBxvxPbUoIE$ .