Lepide Blog: A Guide to IT Security, Compliance and IT Operations

What Are Office 365 Groups?

What Are Office 365 Groups?

Office 365 Groups are similar to the security groups we see in Active Directory, however, they come with some additional benefits, which we will explore.

Firstly, let’s clarify what a “group” actually is.

What are Office 365 Groups?

A group is a bit like a container in which users are placed. Each group will have a set of permissions assigned to it, which determine how the users in the group can access your data, applications, and any other relevant parts of your network.

Office 365 Groups are a method of providing a membership service that covers multiple Microsoft products, such as SharePoint, Planner, Outlook, OneNote, Power BI, Teams, and so on. This means that the policies we assign to those groups have a broader scope. For example, they can be applied to both projects and teams, as opposed to just single products. Office 365 Groups are stored in Azure Active Directory, and a group can consist of up to 10 owners and 1000+ members. Due to the extensive scope and versatility of Office 365 Groups, Azure AD is quickly replacing Windows Active Directory as the default directory service for Microsoft products.

Why are Office 365 Groups Useful?

It’s not just the cross-application membership service that Office 365 Groups provide that are making them popular with organizations, it’s also because of the way the groups integrate and communicate with the different Microsoft products. When you create an Office 365 Group, a working space dedicated to that group is automatically created and associated with the relevant Microsoft application. For example, if a group is created which has access to Planner, a new plan is created. If a group is created which has access to SharePoint, Outlook, Power BI and Teams, new site collections, groups, workspaces and teams are created respectively. The same is true in reverse, as in, groups are automatically created for each registered Microsoft product.

How to Create an Office 365 Group

There are many different ways to create an Office 365 group, however, since employees tend to spend a lot of their time composing, reading and responding to emails, creating groups from within Outlook (both Online and Desktop) are probably the most common.

You can create groups from within SharePoint Home, where the user has a choice to either create an Office 365 Group or a Communication Site, or from within OneDrive, Planner, Power BI, Teams and many more.

When you create a group from any of these applications the following spaces are also created: Outlook email distribution List, Outlook group calendar, SharePoint site collection, and Planner. However, when you create a Group from Teams, a new Team is also created.

By default, anyone in your organization can create an Office 365 Group, assuming they are a member of an existing group. As mentioned previously, a group can have as many as 10 owners and over 1000 members. External Members (not to be confused with External Users in SharePoint) are referred to as Guests. A Group can be set as either public or private, however, private groups are still visible to other users. Finally, it is possible to classify groups, including the products which they are connected to, in order to apply security policies to these groups automatically.

How to Manage Office 365 Groups

To manage Office 365 groups, you need to be an administrator with Global Admin Rights. Then you can simply manage Office 365 groups from the Office 365 Admin Center.

According to Microsoft themselves, there are three primary models of provisioning Office 365 groups: Open, IT-led, and controlled.

  • Open: This is the default model. It allows users to create their own groups without needing approval from IT.
  • IT-led: This requires users to request permission from IT before creating groups. IT can then somewhat control the process and ensure that the right collaboration tool is used.
  • Controlled: Group creation is restricted to certain individuals, teams or services.

The naming policies for Office 365 groups can also be managed to enable you to implement standards that simplify management; such as prefixes or suffixes and also banning the use of particular names.

Office 365 groups have owners, and these owners can manage the groups themselves by adding or removing members, as well as doing some of the more basic curations of content. Normally, this would be done through Outlook. If the group owner leaves the organization, the administrator can ensure that the group owner is changed. If you have Exchange Online, you can also manage the group from within the Office 365 Admin Center or PowerShell

Group expiration can also be automated using expiration policies, and members of the group can be notified a certain period of time before a group is about to expire.

For more information on how to manage Office 365 groups, click here.

If you would like to see how Lepide can help to audit Office 365 and enhance Office 365 security, schedule a demo with one of our engineers.