Office 365 Groups are a critical element of any Microsoft cloud environment. But what is an Office 365 group? What is the difference between a group and a team? How are groups created and what are the best strategies for managing them? We will try to answer all these questions in the article.

Office 365 Groups

To understand Office 365 groups, it's helpful to first look at the purpose of groups. Even before the advent of the cloud, there were two types of groups in Active Directory:

  • Security groups, which help protect items such as file shares and SharePoint lists. By making a user a member of a security group, you grant that user all the permissions assigned to that group, such as the ability to read or edit certain files or run certain applications. Active Directory includes several built-in security groups, such as Company Admins and Domain Admins, but you can also create your own.
  • Distribution groups, which give people a convenient way to send email to a set set of recipients, such as everyone in a company or just the marketing department, without having to enter each individual email address each time.

When the Microsoft cloud was created, there was still a need for this functionality, so Azure Active Directory also has both security groups and distribution groups. But Microsoft also introduced a new type of group: an Office 365 group, which was renamed Microsoft 365 Group. Both of these names are now used.

What is an Office 365 group?

At its core, an Office 365 group is an object in Azure Active Directory. What makes it special is its versatility: it can protect items like a security group does, and it can function as a distribution list like a distribution group does, and it can also act as a data store for SharePoint, shared mailboxes, and Microsoft Teams .

For example, as you probably know, Microsoft Teams is a platform that provides a collaborative workspace with features such as chat, meetings, and notes. What you may not know is that when you create a team, the Teams app automatically creates a Microsoft 365 group for you behind the scenes and populates that group with all team members. Team membership allows team members to access team SharePoint content, participate in team chats, receive team emails, and more.

How do I create an Office 365 group and add members to it?

Some Microsoft 365 groups are automatically created by Microsoft Teams. Other apps also create groups; for example, a new group is created whenever someone creates any of the following:

  • New SharePoint site collection
  • New Group in Outlook
  • New plan in Planner
  • New Power BI workspace

In these cases, you don't manage or use the Microsoft 365 group directly; instead, the app uses the group on your behalf, as shown in the Teams example above.

Other Microsoft 365 groups are created directly by users and administrators. By default, any employee in an organization can create up to 250 such groups. End users typically use Outlook or Outlook Mobile. For example, in Outlook 2016, you simply select Home > New Group and then provide a name, description, and other requested information. Once you create a group, you can add members to it.

Administrators can use the Office 365 admin center and the Exchange admin center to create and populate groups. Alternatively, they can use PowerShell, which provides certain additional options not available in admin portals.

What types of members can there be in a group?

Group members can have any of the following roles:

Owner — by default, the owner of the group is the person who created the group. But other users can be added as additional (or replacement) owners; in fact, a group can have up to 100 group owners. Here are some actions that group owners can take:

  • Add and remove members and guests
  • Promote team members to owner roles
  • Rename group
  • Change the group description or image, and change various group settings
  • Delete conversations from a shared inbox
  • Delete group

Participant - Members can access all group resources, such as email and SharePoint content, but they cannot change group settings. They can also nominate guests, but only the group owner can add guests.

Guest. A guest is someone outside the organization, such as a partner, supplier, or consultant. Guests can access conversations, files, calendar invitations, and the group notebook. Guests cannot directly access the group's mailbox, but they can send messages to it, and any messages sent to the group by other members will appear in each guest's mailbox. Likewise, guests cannot directly access the group calendar, but they do receive invitations to any events created in the group calendar that they add to their own calendars.

Who can manage and delete an Office 365 group?

Management of the group is the responsibility of its owners. Basic group management capabilities are initially provided by the application used to create the group. For example, owners can use Outlook to add and remove members, change the group name, and change group settings. Apps that create and use hidden groups, such as Teams, provide similar management features.

It's important to note that when you delete an Office 365 group, all the resources associated with that group—emails, files, OneNote and SharePoint documents, Planner tasks, and so on—are deleted along with it. Additionally, Azure AD groups and group memberships are not moved to the Azure AD Recycle Bin when they are deleted, so they cannot be restored using tools. So delete with caution and consider investing in a comprehensive backup and recovery solution.

General management of Office 365 groups

All types of groups require careful management. Without a consistent group naming policy, you can easily create multiple groups that serve similar needs, which can lead to confusion and workflow issues. When group owners change roles or leave the organization, group membership can spiral out of control. Group sprawl is also extremely common when no one pays enough attention to creating groups and ensuring that groups are deleted when they are no longer needed. These issues can lead to everything from minor annoyances to major security, compliance, and business continuity problems, from an Exchange global address list (GAL) that is so full of non-existent entries that it is difficult to use, to over-provisioned users with unauthorized access to critical data.

Responsibility for how Microsoft 365 Groups are used in an organization rests with administrators rather than individual group owners. For example, groups can have guest members by default, but admins can disable this feature for all groups or for a specific group. Administrators can also limit who can create groups. However, completely prohibiting group creation will seriously limit the usefulness of the Microsoft 365 platform for your organization. A better option may be to provide training on your business standards and only allow users who have completed it to create groups.

One way to reduce the administrative overhead associated with adding and removing group members is to create attribute-based rules that make group membership dynamic. When any user attribute changes, the system automatically reviews the dynamic group rules and adjusts group membership accordingly. Please note that this feature requires you to purchase as many Azure AD Premium P1 licenses as you have unique users who are members of one or more dynamic groups.

However, native tools give administrators limited visibility into which Microsoft 365 groups exist and who their members are. There are two options: GUI methods (Office 365 admin portal or Exchange admin center) and PowerShell.

Still have questions?

We at Fanetech at 100% are focused on Microsoft technologies and solutions. Contact usto get advice from our specialists.

en_GBEnglish (UK)