Changing Default Permissions in Office 365 Group Sites

CloudLockChanging the permissions assigned to the default Owners, Members, and Visitors groups in a SharePoint site is easy.  You just navigate to Site Settings > Site Permissions.  Then select the group whose permissions you want to change and assign them a new permission level using the Edit User Permissions button in the Ribbon.  But that won’t work in the Site created behind an Office 365 Group.  When you try to use the same procedure you find that the Edit User Permissions button is greyed out if you select any of the built in administrative groups.  (See the Screenshot below.


The problem is that Office groups are created when you create a Security Group in Office 365. By default that security group is added to the built-in Members group of the Site Collection.  To make sure that you don’t inadvertently lock users out of the site Microsoft disables your ability to change the permission on the default Administrative groups when using an Office Group based site. 

But there is still a way to modify the permissions for the users in the groups.  If you navigate to the home page of the site and select Site Permissions from the Settings menu (the gear) you will see a panel open on the right hand side of the browser window.  Under Site Members you will see the security group that provides the basis for the Office group you created. If you select Edit under that group you can change the permissions for the members of the group to either Read or Full Control. However, instead of changing the permission level for the group it will actually move the security group to either the Site Visitors or Site Owners groups respectively.

O365Change Group permissions

But what if I want to change the default group’s permissions to Contribute instead of Edit? To do that you’ll need to use two different SharePoint groups. 

  • First, use the Site permissions panel to move the underlying security group from the Site Members group to the Site Visitors group.  This will give all your users Read permissions to the site.
  • Second, click on the Advanced permissions settings link at the bottom of the panel.  This will take you to the regular site permissions page that you are used to.  Now you can create a new SharePoint group and assign it whatever permission level you want.  After you create the group add the same security group you moved above as a member of the new SharePoint group.  Since SharePoint permissions are additive this will give all your users both Read permission and whatever new permission level you assigned, for example Contribute.

I hope that clarifies how to manage Permissions in the new Office 365 group sites.  Since Team sites are based on Office Groups, the same procedure applies to any Team sites you’ve created.

SharePoint Fest – DC Wrap-up and Slides

SPFDC17PortalBadgev2I continue to feel honored that SharePoint Fest invites me to present at their conferences.  The most recent even was in DC a couple weeks ago.  The attendees were great and both of my talks were well received. As always I really enjoyed the conference and the discussions I had with attendees and the other presenters. This is one of the few times each year that I get to see a lot of my friends who live all over the world.  The next conference is in Denver in June.  I hope to see you there.

I had lots of attendees at both sessions who asked for the slides so I’ve uploaded them here.  They are also available on the SharePoint Fest DC site.  If you have any follow-up questions please email me at  You can download a copy of the slides from each talk using the links below:

BV 202 – SharePoint 2016: What’s New and Why should I Upgrade?

ECM 104 – Protecting your Content: Demystifying Data Loss Prevention (DLP) in SharePoint 2016