Stopping New Employees Appearing in Org-Wide Teams

Posted on by Tony Redmond

Adding New Employees to Org-Wide Teams

If your Microsoft 365 tenant has fewer than 10,000 accounts, a few minutes after you create an Azure AD account for a new employee, the account is added to the membership of any org-wide teams in the tenant. If your company provisions Azure AD accounts for new employees in advance of their joining date as part of a HR onboarding process, you might not want this to happen because you don’t want other employees to know that someone is joining the company. In this case, you can either:

  • Wait for the employee to join the company and create their Azure AD account at that point.
  • Create the account for the new employee but assign dummy information for the display name and primary SMTP address. For example, you could assign “New Employee” or a similar term as the display name so that other employees see that “New Employee:” has joined. The reason why to assign a dummy SMTP address is that users can click on “New Employee” to see more information from their people card. The SMTP address usually contains the first and last name of a person, so you don’t want to expose that information in the people card. Figure 1 shows the general idea.

Masking details of a new employee when adding their Office 365 account
Figure 1: Masking details of a new employee when adding their Office 365 account

Soon afterwards, the new employee shows up in the information pane for the org-wide teams active in the organization (Figure 2). As you can see, no one can discover exactly who the new employee really is.

Disguising the name of a new employee in an org-wide team Org-wide teams
Figure 2: Disguising the name of a new employee in an org-wide team

Update Account After the Employee Joins

You then update the display name and SMTP address after the new employee is active within the company. We also update the mailbox name and alias to match the employee’s actual name. Finally, because Microsoft 365 creates the User Principal Name (UPN) for a new account based on its SMTP address, we need to update the UPN to allow the user to sign-in correctly. The update is easily done with PowerShell:

Set-Mailbox -Identity NewEmployee5July2019 -DisplayName "Jake Adams" -WindowsEmailAddress "Jake.Adams@Office365itpros.com" -Alias "Jake.Adams" -Name "Jake Adams"
Update-MgUser -UserId (Get-Mailbox -Identity Jake.Adams).ExternalDirectoryObjectId -UserPrincipalName Jake.Adams@office365itpros.com

There’s no need to retain the dummy SMTP address as it was never used to send outbound email. Any messages delivered to the mailbox before the employee became active will be waiting there for them.

The DIY Option

If this arrangement doesn’t work, consider using all-employee teams whose membership is updated manually. It is easy to script additions and removals of employees from membership as part of the HR onboarding or leaving processes.

Need to know more about managing Teams or Office 365 in general? Look no further than the Office 365 for IT Pros eBook, which is packed full of interesting and useful tips like this.

3 Replies to “Stopping New Employees Appearing in Org-Wide Teams”

  1. Pingback: Teams System Messages an Unwanted Feature for Many - Office 365 for IT Pros
  2. Pingback: Teams Removes System Messages from the General Channel - Office 365 for IT Pros

  3. All our new users are automatically added to the org-wide Team site which was created automatically when we started using Teams. We tried to prevent this by making this Teams site Private, but still all new users are added to this site. Does anybody have an idea why this happens?

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.