Microsoft is changing its default security settings, as it has before with Windows Server, for Outlook and SharePoint Online groups to make them private by default, instead of public. These changes will not change settings already in place, but will for those new site deployments.
After listening to your feedback, we are changing the privacy setting in forms for creating new groups in Outlook and in SharePoint Online group-connected team sites from public to private ……… If you would like to revert to public-by-default for your Outlook apps, you will be able to do so with a PowerShell cmdlet (How to change the default setting of Office 365 Groups for Outlook, to public or private) …….. This update was announced on Message center on April 19, 2018 via the following MC134487. –
The switch roll out over the next few months, starting with Outlook on the Web, then effecting Outlook apps on PC and Mac, Outlook Mobile, plus the Outlook 2016 desktop client. This will also affect SharePoint Online team sites connected with groups at the end of this month for organizations getting “targeted release” updates (that is, test releases). It’ll get finalized and released to all Office 365 subscribers “over the following months,” Microsoft’s announcement indicated. – Microsoft Tightens Outlook Groups Security in Policy Switch, By Kurt Mackie, April 25, 2018
What do you feel about this change in default security? I feel it would be simpler to default to private with it requiring intentional moves to make something public. I personally dislike hidden nuggets of exposure, but maybe that is because I have not been a security or network engineer for a long time. So many concerns and exposures in releases we trust are appropriate, don’t feel I need to go through a lock down mode. Although, as I type, as long as I build a list of what needs to be locked down, there is that sense of security of enabling each lock? What is your preference? Thoughts?