Prevent members from deleting files in MS-Teams

Prevent members from deleting files in MS-Teams

Recently a customer asked me if it’s possible to disallow Members from deleting files in an “MS-Teams Team” (The “Files” Tab in MS-Teams). My answer: Technically it’s possible to configure that, but (at the time of writing) there is no out-of-the-box setting you can use to achieve that in MS-Teams or the MS-Teams Admin-Center. But what we can do, is to change the permissions of the corresponding Document Library in SharePoint Online. Let me show you how to do that.

#How to configure it As a quick reminder, the files you share in Teams channels are stored in your team’s SharePoint folder. If you want to protect a file from deletion, you need to change the permissions in SharePoint and make that file read-only. But first, you need to create a custom permission role in the respective Document Library you want to restrict users from deleting files.

Go to the right settings page

Step 1: Reach the Document Library

Open the “Files” Tab in SharePoint Online in order to reach the Document Library of your MS-Teams Team.

image.png

Step 2: Open Site Permissions

Go to SharePoint’s Home page, and navigate to Settings → Site permissions.

image.png

Step 3: Open "advanced permission settings"

Select “Advanced permissions settings” get into the right Admin Panel.

image.png

Create a new custom permission level

Step 1: Open "Permission-Level"-Settings

In order to be able to disallow the deletion of files for members, we have to create a new “Permission Level”. This can be done in the “Permission Level”-Settings.

image.png

Step 2: Select a Permission Level as starting point

I like to use the “Contribute” Permission Level as a reference and remove the delete permission there. So I select it and scroll to the very bottom.

image.png

Step 3: Copy permission level

At the very bottom right, you can find the button “Copy Permission Level”. Click on that in order to create a new Permission Level based on the “Contribute” Permission Level.

image.png

Step 4: Provide a name to the new permission level

At this point, we provide a clear name and description to the new Permission Level. For Example

  • Name: Contribute - no delete
  • Description: Can view, add, update list-items and documents but cannot delete any

image.png

Assign the new permission level

Step 1: Reach the document library

Now we need to assign the new created Permission Level to the Document Library. In order to do so, yo have to open the Document Library of your MS-Teams Team again.

image.png

Step 2: Change the permission level for team-members

Go to “Library settings” in order to change the permission level for the Team-Members.

image.png

<Important You will have to “Stop Inheriting Permissions” in order to be able to change the Permission Level for Team Members.

Step 3: Change settings for all Members of the Team

We want to change the settings for “Department Zero Members” (Department Zero = Team-Site used in this example) so we select it and click on “Edit User Permissions”

image.png

In this screen you can see the three Permission Groups which are inherited from the M365 Group Settings. Members and Owners should be pretty obvious. The Visitors Group is usually used for guests.

Step 4 Ensure you selected the right permission level

. We ensure, we only have the Permission Level selected we created previously (“Contribute – no Delete”). Confirm with “OK” and we’re done!

image.png

Nice one! You did it! 💡

From now on, only Owners of the MS-Teams Team will be able to delete files. Team Members will only be able to create new files and edit existing files.

image.png

Please don’t forget to inform your Team-Members about the change and who to contact in case of questions before applying this configuration.

Last but not least

It’s important to remember the following:

  • The Steps described in this guide can be done by any MS-Teams Team Owner (no IT-Admin required).
  • The Permission Level does only apply within this MS-Teams Team. You will have to do these steps for each MS-Teams team (or create a Template from an existing MS-Teams Team you applied this how-to).
  • Keep track of the Teams where you applied this how-to in order to be able to cope with any future changes on the Microsoft 365 Platform.
  • If you decided to create an MS-Teams Template, consider using a Pre- or Suffix for the MS-Teams-Teams which have applied custom configuration like the one described in this how-to.

Conclusion

Personally, I was surprised the first time I had a customer requesting this setting. The versioning and access control functionalities in MS-Teams/SharePoint are actually pretty good for me. In case someone deleted a file, I could simply restore a previous version of the folder.
However, the versioning function in SharePoint Online/MS-Teams does not seem to have (yet) gathered enough popularity. Therefore I think some organisations which may find it more challenging to change their way of working from traditional- to modern, may benefit from this how-to.
In any case… it’s important to keep a clean inventory of the MS-Teams teams which have custom configuration. Even if currently we can restrict the deletion of Files for Team Members through the SharePoint Online settings, things may change in the future and you want to know which MS-Teams teams have a custom configuration.
I am considering to create a script in order to apply this change to multiple MS-Teams teams. I think it’s gonna be an an easy thing to do since you have to create a new Permission Level and so on. What do you think? Is this a configuration which could be beneficiary to you or your organisation? Would you use a script to change the settings on multiple MS-Teams Teams? Let me know in the comments. I’d love to get your opinion!

Did you find this article valuable?

Support Mirco Ingenito by becoming a sponsor. Any amount is appreciated!