Architecture
Microsoft Teams is a collaboration and communications tool as well as an application development platform built on several existing cloud services. While it may present a simple User Interface (UI) on the surface, Teams brings an enormous number of technologies to bear, all unified under a single experience. These diverse components and services make up the Microsoft Teams architecture.
The core object in Microsoft Teams is a team, which is based on a Microsoft 365 group. A Microsoft 365 group is comprised of an Exchange group mailbox, a SharePoint site collection, and a OneNote notebook. Microsoft Teams adds additional features, structures, and extensibility to that Microsoft 365 group.
From an implementation perspective, any Microsoft 365 group can be converted or extended into a Microsoft Teams object (some authors and articles may use the term teamify to communicate the idea of converting a standard Microsoft 365 group into a team).
You might think of a team as a sort of container object that can be used to group related conversations and resources. Inside the team, channels can be used to further organize content around topics, departments, projects, or other categories. Figure 1.1 shows the Microsoft Teams user interface and how these concepts of teams and channels are presented:
Different content types such as files and messages are stored and managed inside the team. While a Microsoft 365 group by itself is somewhat of a flat object, teamifying a group creates structures and linkages inside that object. Figure 1.1 shows both the team channels (such as subfolders). Each of those channels maps to a unique subfolder inside the Microsoft 365 group's corresponding SharePoint Online site, as shown in Figure 1.2:
The exception to this is a private channel. Private channels are used to restrict information to a smaller subset of users in the team. Private channels have their own membership list. In Figure 1.2, the Financials channel is identified as a private channel by the lock icon next to its name. Private channels show up in the team channel hierarchy, but the channel's file content is actually stored in a separate SharePoint site with a different set of permissions. This prevents users who are members of the team (but not the private channel) from gaining access to the data stored in that channel.
The following diagram shows a deeper look at the connection points between services, applications, and storage inside the Microsoft Teams ecosystem:
The following list highlights some of the core features and components:
- Identity
- Messaging
- Files
- Voicemail
- Recording
- Calendars and meetings
- Contacts
Let's expand further on some of these.
Identity
It should come as no surprise that identity is the core of everything in the Microsoft 365 ecosystem. Microsoft has emphasized the phrase "identity is the security boundary" as part of its zero trust design principles. Azure Active Directory (Azure AD or AAD) provides the identity storage and authentication functionality for all Microsoft 365-based workloads.
As we just noted, Azure AD stores a Microsoft 365 group, which is the directory object on which a team is built. Azure AD also holds other security principals (such as user and guest accounts), which can be added to Microsoft 365 group (and team) memberships. All of these identity components provide the infrastructure and security for all Microsoft workloads.
Messaging
As we discussed a few paragraphs ago, a Microsoft 365 group (and by extension, a team) also includes a group mailbox component. There is no corresponding Exchange on-premises "team" or "Microsoft 365 group" feature and no capability to move the mailbox component on-premises – it is Exchange Online only.
Each Microsoft team has a default channel named General, which can neither be deleted nor renamed. Figure 1.1 depicts a team and how channels are displayed. Channels are typically used for group-related content. The Posts tab on any channel contains text conversations (such as a bulletin or social media chat board). Chat content posted in a team's conversation is first processed by the Azure chat service and then stored in the team's corresponding Exchange Online group mailbox to enable compliance features (such as retention and eDiscovery). Chat or instant messaging content transmitted during a chat transaction is ingested into the participating users' mailboxes.
Files
Each team is connected to a SharePoint site. Files can be uploaded directly to the team's SharePoint site, to a particular channel's Files tab, or posted in a channel's Posts tab. Any file posted to a channel's Posts tab will automatically be uploaded to the team's SharePoint site, and a link to the actual file will be placed in the conversation.
Voicemail
If a user is configured for telephony features, any voicemails they receive are stored as audio files in the individual user's mailbox.
Recording
Call or meeting recordings were originally processed by Azure Media services and then encoded for long-term storage in Microsoft Stream. Microsoft has recently updated the architecture and individual user recordings are stored in the user's OneDrive, while recordings of channel meetings stay with the team in SharePoint.
Calendars and meetings
Scheduling objects rely on a user's Microsoft Exchange mailbox. The user's mailbox can be located in Exchange Online or on-premises (though using on-premises deployment will require an Exchange hybrid configuration to work successfully).
You can read more about configuring an Exchange hybrid for Microsoft Teams in Chapter 17, Integration with Exchange Server.
Contacts
Like calendars and meeting objects, contacts are also stored in an individual user's Exchange mailbox (online or on-premises). Connecting to an on-premises mailbox requires an Exchange hybrid, as detailed in Chapter 17, Integration with Exchange Server.
As you've seen, there are a lot of familiar components in Teams architecture. As a general rule of thumb, communications content is stored in a mailbox (either in the team's group mailbox or the user's mailbox) while file content is stored in SharePoint Online. Other services may interact with and process data streams, but they will typically store communications or file content in one of those locations. It's important to note that the primary Teams data and artifact storage locations are Exchange and SharePoint Online – both of which can be governed by Microsoft 365 data retention policies.
Other Microsoft 365 applications (such as Power BI, Power Automate, or Tasks by Planner and To Do) have their own primary data storage locations. While these applications and services store data elsewhere in the Microsoft 365 ecosystem, they have very tight API integration with Microsoft Teams.
Architecture deep dive
Now that you have a basic understanding of the components at a high level, let's go a little bit deeper into both the Microsoft 365 and Microsoft Teams architectures.
First, we'll look at the Microsoft 365 group architecture.
Microsoft 365 Groups
As we mentioned earlier in the chapter, the foundation of a team is a Microsoft 365 group. The Microsoft 365 group is an Azure AD object that has an Exchange group mailbox, a SharePoint site collection, and a OneNote notebook. Their relationships are shown in Figure 1.4:
A Microsoft 365 group can be provisioned in many ways, including the following:
- Microsoft 365 admin center
- Azure AD admin center
- Planner
- Yammer
- Exchange Online
- Outlook
- PowerShell
- Dynamics CRM
- Graph API
- SharePoint Online
- Client Side Object Model for SharePoint Online
Microsoft 365 groups provisioned through any of these applications, services, or interfaces will all have the same underlying components (a group mailbox, a site, and a notebook). The provisioning service or application will use the Microsoft 365 Groups membership for its administration and security.
A Microsoft 365 group has the concept of owners (those who can administer the membership or other aspects of the group) and members (those who participate in group messages but cannot control the membership or features of the group). Microsoft 365 group owners are mapped to the SharePoint site collection administrators and site owners groups while the members are mapped to the SharePoint site members group.
The OneNote notebook is stored inside the site assets document library. Files sent to the group are stored in the default document library.
Teams
Building on the Microsoft 365 group, Figure 1.5 shows where the Microsoft Teams components fit in:
As you can see, a Microsoft Teams team builds on the foundation of the Microsoft 365 group:
- The Wiki data for a team is stored in a new SharePoint list called Teams Wiki Data.
- Channel meeting recordings are stored in the Recordings subfolder of the corresponding channel's folder in the default document library.
- Conversations are stored in the mailbox's Conversation History folder.
- The Channel Calendar data is stored in the group mailbox calendar.
You'll also notice that data and permissions for a private channel are handled differently:
- The file storage location is a new site. The permissions of the site are mapped from the private channel owners and members lists.
- The chat on the conversation tab is stored in the Conversation History folder of the private channel team members (as opposed to the team's group mailbox Conversation History folder).
- Private channel SharePoint sites are linked to their parent site by storing the parent site's object GUID in the
RelatedGroupID
property of the private channel site.
You may want to bookmark this section so that you can refer to it as you progress throughout the book and move on to both Teams administration tasks and troubleshooting. There are a lot of moving pieces in the Teams architecture, and it's easy to forget where they fit in.
Next, we'll look deeper into navigating the Microsoft Teams user interface and some of its features.