Do not miss new blog posts! Subscribe to new posts, news, and updates.

Thank you for joining our Blog subscription!

How to best manage access in Microsoft 365

Updated: Aug 15, 2021

To enable an effective digital workplace, access needs to be set correctly. Non-sensitive information should be accessible to enable knowledge sharing and reuse, while sensitive information should be restricted and protected. In Microsoft 365 (M365), search results will only show information that you have access to. If access is set wrong, users will not know that relevant information may exist and will be of value to them.


Some clients wants to manage access based on roles, region/country, and security classification (e.g. open, internal, confidential, top-secret). This may look like this:

  • Open: Accessible by all staff and contractors

  • Internal: Accessible by all staff - and contractors by request

  • Confidential: Accessible for some roles within a region/country - and others by request

  • Top-Secret: Membership managed by owner

Asking Microsoft Team and SharePoint owners to invite all relevant users will not work in medium and large organizations. Team and site owners will not know all the users that should have access, and they will not be able to remove access when required. If access is managed with security groups, then this will only help you manage access to SharePoint sites, but not Microsoft Teams and other Microsoft 365 Group resources. Since work happens increasingly in Microsoft Teams, it is then key to manage the Microsoft 365 Group memberships to ensure users have access to what they should have access to in M365.


How to best manage access in Microsoft 365?


Azure Active Directory (Azure AD) entitlement management is an