Many organisations start using Microsoft 365 gradually. A few Teams are created, files are uploaded, folders are copied from old systems, staff start sharing links, and before long nobody is completely sure where important documents live.
This is especially common in charities, care providers, CICs and growing SMEs. The problem is rarely that Microsoft 365 is unsuitable. More often, the organisation has grown into Microsoft 365 without a clear structure, permissions model or governance routine.
The result can feel familiar:
- People are unsure whether to save documents in Teams, SharePoint or OneDrive.
- Several versions of the same file exist in different places.
- Staff create new Teams because they cannot find the right one.
- Old trustees, staff, volunteers or external partners may still have access.
- Confidential folders become mixed with general working documents.
- Managers cannot easily see who has access to what.
This creates operational risk, but it also creates day-to-day frustration. Staff waste time searching for documents. Managers lose confidence in the system. Sensitive information may be shared more widely than intended.
Why Teams, SharePoint and OneDrive become confusing
Microsoft Teams, SharePoint and OneDrive are closely connected, but they are not the same thing. A useful way to explain it is this:
- Teams is where people communicate and collaborate.
- SharePoint is where shared team and organisational files are usually stored.
- OneDrive is mainly for individual work files, drafts and personal working storage.
In Microsoft Teams, files uploaded to a standard channel are stored in the connected SharePoint site. Channel files are stored in SharePoint, while files shared in chats are stored in OneDrive for Business. The Files tab in a standard Teams channel connects to a folder in the parent SharePoint site's document library.
The common pattern: Microsoft 365 grows organically
Messy Microsoft 365 environments usually develop for understandable reasons.
- A project needs a place to store files, so someone creates a Team.
- A manager wants to share documents quickly, so they send a link.
- A folder structure is copied from an old server without reviewing whether it still makes sense.
- A confidential matter is handled in a general Team because it is convenient.
- A staff member leaves, but their access and ownership are not fully reviewed.
None of these decisions may seem serious at the time. The problem comes from the accumulation of small, unstructured decisions. Eventually, the organisation has too many Teams, too many folders, unclear permissions and little confidence that the right people can access the right information.
What can go wrong
The main risks are usually practical rather than dramatic.
1. Oversharing
Files may be available to more people than intended. This can happen through broad group membership, shared links, inherited permissions or old access that was never removed. SharePoint files and folders can have unique permissions rather than simply inheriting access from the parent location — that flexibility is useful, but it can also create hidden complexity if it is not managed carefully.
2. Lost accountability
When nobody owns the structure, nobody is responsible for keeping it tidy. Teams and folders multiply, but there is no routine review.
3. Duplicate documents
Different versions of policies, forms, reports or client documents may sit in several places. Staff then rely on memory, habit or guesswork.
4. Weak leaver processes
Former staff, trustees, volunteers, contractors or external partners may retain access longer than they should.
5. Poor evidence for governance
For regulated or accountable organisations, file chaos makes it harder to demonstrate control. Trustees, managers, commissioners, funders or inspectors may expect clear evidence of how documents, decisions and risks are managed.
Fixing the problem does not always mean starting again
Most organisations do not need to rebuild everything from scratch. A sensible improvement project usually starts with understanding what already exists. The aim is not to create a perfect technical design on paper — the aim is to make the environment safer, clearer and easier to manage.
A practical review should usually look at:
- Who uses Microsoft 365 and what roles they have
- Which Teams and SharePoint sites exist
- Which sites are active, inactive or duplicated
- Where confidential information is stored
- How external sharing is configured
- Who has access to sensitive areas
- Whether old users, guests or groups need removing
- Which folders or libraries are causing confusion
- Whether staff understand where documents should be saved
- What governance guidance is missing
A practical clean-up approach
A realistic clean-up can be done in stages.
Step 1: Identify the important working areas
Start with the areas that matter most: governance, finance, HR, safeguarding, service delivery, care records, compliance evidence, projects and management documents. Not every folder needs immediate attention — focus first on the areas where poor access control or missing information would cause the most harm.
Step 2: Agree what belongs where
Create a simple rule set that staff can understand. For example: OneDrive is for individual drafts and personal working files; Teams is for active collaboration; SharePoint libraries are for structured organisational records; sensitive documents should be kept in clearly controlled areas. The wording does not need to be technical — it needs to be consistent.
Step 3: Review permissions
Permissions should be based on job role, responsibility and need-to-know access, not convenience. This includes checking owners of Teams and SharePoint sites, members of Microsoft 365 groups, guest users, shared links, folders with unique permissions, and access for former staff, trustees, volunteers or contractors.
Step 4: Reduce unnecessary duplication
Do not simply move everything around. First, decide which version is the current version, which documents are obsolete, and which locations should remain active. For policies, templates and core records, it is often useful to create a single approved location.
Step 5: Create simple governance rules
The organisation should agree basic rules for who can create new Teams, who owns each Team or SharePoint site, how confidential folders are requested, how external sharing is approved, what happens when staff or trustees leave, how often permissions are reviewed, and where final documents should be stored. A clear one-page guide is often more useful than a document nobody reads.
Step 6: Train people around real examples
Staff guidance should use examples from the organisation's actual work — for example: "Where should I save a trustee board paper?", "Where should a referral form go?", "Can I share this file with an external partner?", "What should I do if I cannot find the latest version?" This helps people use the system properly, rather than just being told that a new structure exists.
The link with AI readiness
There is also a newer reason to fix messy Microsoft 365 environments: AI readiness. Before adopting Microsoft Copilot or other AI tools, organisations need to understand where their data is, who can access it, and whether sensitive information is already overexposed.
What a better Microsoft 365 environment looks like
A better environment is not necessarily complicated. It usually has fewer, clearer Teams; SharePoint sites with named owners; document libraries that match real working practices; sensitive information separated from general collaboration; permissions based on role and responsibility; clear rules for external sharing; a leaver process that actually removes access; and staff guidance written in plain English.
Trustees and managers do not need every technical detail, but they do need confidence that the organisation's information is being managed properly.
When to ask for help
It may be time to ask for support if:
- Nobody is sure who has access to key files
- Staff regularly cannot find the latest document
- There are too many Teams with unclear purpose
- Sensitive information is mixed into general folders
- External sharing has never been reviewed
- Former staff, trustees or volunteers may still have access
- Your organisation is preparing for inspection, audit, funding, tendering or AI adoption
The aim should not be to over-engineer Microsoft 365. The aim should be to make it safer, clearer and more manageable.
How Adjona Technology can help
Adjona Technology helps charities, care providers, CICs, non-profits and SMEs improve Microsoft 365 security, governance and operational resilience. For organisations struggling with messy Teams, SharePoint, OneDrive or file access, we can review the current setup, identify the main risks, and recommend practical improvements. Where needed, we can also help implement a clearer structure, improve permissions, create staff guidance and support better governance routines.
The starting point is usually a short introductory conversation to understand what is happening now and what the organisation needs Microsoft 365 to support.