Messages posting on moderated org-wide Team – how to resolve

This post is more a re-telling of a series of events I observed recently, which at first led me to believe I was going mad until I found a conclusion which I was somewhat happy with!

The situation

In my organisation we have created an org-wide Team in which the General channel is moderated, as described in my post on how to restrict posts in org-wide teams. Owners of the org-wide Team are also limited to global admins and members of the internal communications team, so only a very small number of people are able to post messages within the Team.

So imagine my surprise when one evening when a new message had been posted in the general channel by a standard user!

Example of the ‘Scheduled a meeting’ message as appeared within moderated channel in org-wide Team.

Just delete the post…not so fast

Naturally the internal communications team were asking questions as to how this happened also. Whilst I was working that part out they also wanted to delete the post from the org-wide team’s general channel. Easy enough if you’re the Teams Owner and a Teams Admin to boot right? Wrong!

The ability for Teams Owners to delete sent messages is switched off by default and is a relatively recent feature. If you want to enable Teams Owners to be able to delete sent messages you will need to be a Teams Admin and do the following:

  • Teams admin center > Messaging policies
  • Either create a new or configure the org-wide default policy
  • Enable Teams Owners to be able to delete sent messages
  • Wait up to 24 hours
Turn on ‘owners can delete sent messages’ via messaging policies in the Teams Admin Center.

However, even if you do this any replies to the message post won’t be deleted as part of this, nor will the message post completely disappear. I’ve wrote a separate post about deleting message posts and chats in Teams that goes into much more detail about this plus more.

Link: Deleting posts in Microsoft Teams


Meet Now and Schedule a Meeting

At first I believed that the user in question must have had some sort of elevated permissions for the org-wide team that enabled them to post. After reviewing the post above and testing differences between what org-wide team owners and members can see I noticed that the Meet Now and Schedule a Meeting buttons were only available to Team Owners.

The ‘Meet’ and ‘schedule meeting’ option becomes available for Teams Owners in org-wide Teams.

After reviewing the audit logs for the user, checking the owners of the org-wide team through the Teams Admin center and Azure AD groups it became clear that wasn’t the issue.

Trying to schedule a meeting with the org-wide team email address

Other ideas I had around what might be the cause of this was that maybe the user had the email address for either the Team or the group behind and had managed to schedule a meeting and include that address. Firstly, if you’re a member and you try to “get email address” for the channel you get an error message.

Also, I noted that you are unable to search the global address list in Outlook for the org-wide team email address, nor are you able to search Groups within Outlook and find it.

Add the org-wide team’s email address as a shared mailbox

One final area I looked into was based on the audit events I’d seen earlier. What was interesting was there was an activity event in the logs called “Sent message using Send On Behalf permissions”, which led me to test adding the org-wide team’s email address as a shared mailbox to see if that might be it.

Audit log details including the ‘Sent message using Send On Behalf Permissions message’.

Again, only an owner is able to do this, but interestingly enough as an owner I was able to see the emails surrounding the scheduled meeting in the mailbox for the org-wide team.

Conclusion/ Resolution

After ruling out all of the above lines of enquiry we did notice within the Teams app, under + New Meeting there is an ability to create a live event.

When you create your live event and press next, you get a “live event permissions” screen. The default is set to org-wide, which is the exact same wording as the org-wide team we’ve set up. I haven’t tested this myself as of yet, but based on the audit information I was able to get around the event that was created, I think there is a high probability that this is how the meeting was created and posted to the org-wide team.

Creating a live event, by default sets the permissions to Org-wide.

As another aside, if you select people and groups, you are able to add the org-wide team as a participant in the meeting, which may also render the same results.

You can select the Org-wide Teams 365 Group from under People and Groups.

So, I want to throw this out to you, loyal reader! Should anyone be in this situation, or be able to test my theory please comment below and let me know what you find.

Q&A – other org-wide team issues

So since I wrote this post (only a week ago!) I’ve had a couple of new issues crop up related to org-wide teams that I wanted to document. So here goes:

#1 Can members can reply to posts in moderated channels?

So with the scenario described above, it was my belief that the org-wide team was pretty much locked down for comments, minus the ability for users to react to posts.

Recently I’d suggested to our communications team to start @ing the org-wide team in posts to send out notifications to all users, which proved successful as engagement on posts where we did this increased massively.

However, in doing this we also quickly noticed that all members of the org-wide have the ability to reply to posts in moderated channels! Needless to say this came as a bit of a surprise, especially since we had been using the org-wide team since April with zero comments on any post until now!

There are no settings within the Member permissions that control whether users can reply to posts or not either, so it cant be controlled at the team level.

Answer: encourage owners who author posts to set who can reply to their posts

So the way I tackled this problem was to encourage the org-wide team owners to consider who they want to be able to reply when they create new posts using the reply settings. You have two choices in the post formatting settings:

  • Everyone can reply
  • You and moderators can reply

#2 Can members can upload files in an org-wide team?

Short answer to this is again, yes. As members of the org-wide team users have the ability to upload files in the General channel that are visible to everyone in your organisation.

So how can you stop it?

Answer: Change the SharePoint site permissions

The answer to this for me was an easy one, change the permissions so that all members only have read permissions to the files tab. As everything files in Teams is ultimately SharePoint so for me it was a simple permissions change that did the trick.

There are two ways you can go about changing the permissions in this scenario:

  1. Move the users out of the Members SharePoint group with edit permissions, into a Visitors group with read
  2. Break inheritance on the General folder within the Shared Documents library, add all users to the Visitors group and remove the Members group

In essence, they both do the same thing but I tested both approaches and either work – I chose the first option as I don’t like to break folder inheritance if I can avoid it.

To change the SharePoint site permissions behind a Team, follow these steps:

  • Open your Team > select the relevant channel (i.e. General)
  • Press the Files tab > Open in SharePoint
  • In the SharePoint site > press the cog icon
  • Site permissions > Advanced site permissions
  • Open the Members group > make a note & select the objects listed in there (for me I had a members group again and everyone except external users)
  • Actions > remove users from group
  • Go back to the main permissions page. TIP: just add /_layouts/15/user.aspx after the name of your Team
  • Open the Visitors group
  • Pres New > enter the names of the groups that were previously in the Members group
  • Press Show Options > untick send an email invitation
  • Press Share

That’s it! Now when users navigate to the files tab of any channel within your org-wide Team they will no longer have the upload button visible.


Deleting messages and chats in Microsoft Teams

In this post we will look at what options are available to enable deletion of messages and chats in Teams, more specifically how you can enable owners to delete messages posted in the general channel.


Delete at the tenant level

At the tenant level, there are no permissions or special powers set by default to enable Teams Owners or Teams Admins to delete messages or chats.

However, there is a setting within a Messaging Policy in the Teams Admin Center that allows you to change this.

  • Navigate to
  • Under Messaging policies > either create a new custom policy or edit the Global (org-wide default)
  • Set Owners can delete sent messages to On
  • This can take up to 24 hours to take effect (it took 24 hours in my tenant)
Set owners can delete sent messages to yes to enable tenant-wide deleting of sent messages in Teams.

Things to note

Enabling this will only allow Teams Owners to delete the initial message, not the entire thread. There is a Teams UserVoice suggestion that relates to private chat threads, but does relate to public messages in threads too.

Even after the message has been deleted, any replies will still be visible.

Delete at the Team level

At the Team level, Teams owners have the ability to configure channel settings that will apply to all channels within the Team. As you would imagine, any settings configured by a tenant-wide policy will be hidden at the Team level.

Within Manage Team, you are able to switch on/ off member permissions which control their ability to delete or edit messages.

The settings to call out here specifically are:

  • Give members the option to delete their messages
  • Give members the option to edit their messages

Delete at the individual level

As an end user, you are able to delete in the following ways:

  • You can delete you own messages* and chats
  • You can hide threads in your own private chats
  • You are able to mute threads in your own private chats

* You can delete your own messages where moderation isn’t in place, or any Team level settings don’t stop you from doing so.

Example of how an individual has the ability to delete their own messages posted within channels in Teams.

Things to note

You can’t currently delete entire threads within your own private chats, as above this is on the backlog in the UserVoice community.

As suggested by Andrew Warland, if you have an Microsoft 365 retention policy set for Teams 1:1 or channel chats, deleted messages will not be deleted for the period specified in the policy, even if the option to delete chats is available. For more information on retention in Teams, I highly recommend his blog post understanding and applying retention policies to content in MS Teams.