Office 365 Groups enable teams to work together by establishing a single identity in Office 365. Office 365 Groups are a new and modern solution for collaboration in Office 365. There is a lot of confusion on what Groups can do and should be used for. This session will be a deep dive into all things Office 365 Groups focusing on the technical aspects..
We will spend a large amount of this session demoing Office 365 Groups. This session will include demos of:
How to create, access, and navigate
What are the core things to do
How are they technically structured
What administration is available and how to do it
What extensibility options are there
I will also walk through the pros and cons of using Groups vs other collaboration options in Office 365. Groups are also one of the fastest changing solutions in Office 365, so this session will bring everyone up to speed on the most recent updates that Microsoft has rolled out and what innovations are next. By the end of the session you should have a better understanding of what Groups can do and if they are right for your enterprise right now or in the future!
3. What are Office 365 Groups?
How do I work with them?
How do they work technically?
How can I administer?
Demos, Demos & more Demos
What’s new & What’s Next?
Office 365 Groups
From the ground up
SPTechCon
San Francisco 2016
7. Office 365
Designed for the unique workstyle of every group
SharePoint
Teams
Office 365 ProPlus
Yammer
Outlook
Skype
Intranets, Team Sites & Apps
Chat-based Workspace
Co-Authoring Content
Enterprise Social
Mail & Calendar
Voice, Video & Meetings
Complete Collaboration Solution
Office 365 addresses the breadth of collaboration
needs across your company
Integrated Experiences
Office 365 Groups and Graph enable integrated
experiences that facilitate effective collaboration
Security and Compliance
Office 365 delivers the security, compliance and
manageability required in today’s workplace
Office 365 Groups
10. All new Team Sites will get an Office
365 Group and all new Office 365
Groups will get a Team Site.
Groups & SharePoint
“Groups, Graph, and Governance” – Jeff Teper
Existing Office 365 Groups will get a full
SharePoint Team Site.
16. I found a SharePoint site
A full SharePoint team
site is connected to the
Group.
17. Groups in Outlook 2016
Participate in
conversations, schedule
meetings, share files &
notes and even initiate a
Skype for Business voice
and video call for urgent
real-time decisions.
18. Office 365 Planner
Create new plans, organize &
assign tasks, share files, talk
about what you’re working on,
and get updates on progress.
Integrated with Office 365 Groups, so
all of the conversations in Planner are
available in Outlook 2016, Outlook on
the web and the Outlook Groups
mobile app.
19. Power BI
Create a workspace to collaborate
with your team.
Leverage the Groups collaboration &
communication capabilities to create
and review insights.
20. Dynamics CRM
Create Office 365 Groups for
opportunities, cases, accounts
and all other entities.
.
Groups experiences are surfaced in-
context within CRM
21. Outlook Groups app
Available on iOS,
Android & Windows
Phone. Continue
conversations, view files,
@mention colleagues
and even discover other
relevant groups.
23. Office 365 Groups things to know
Eligible to use the NGSC for sync as of Sept release
Anyone can create a group and available in the Global Address List by default
A group can’t have more than 10 owners and a user can’t create more than 250 groups
Currently not supported in Outlook 2016 on the Mac
Groups with more than 1000 members are supported but will decrease performance
When a group owner leaves, all content is saved but new admin must be set at high level
Office 365 Groups can be used as security groups in SharePoint (but not O365 Video)
Group site collections exist under “/sites” managed path but cannot be seen via SP Admin Center
24. Joining vs Subscribing
On creation, the option is available to
subscribe all new members automatically
• Joined = only appear in group mailbox
• Subscribed = receives in private inbox
and group
27. Office 365 plans that include Groups
Any O365 plan that includes Exchange and SharePoint
• Enterprise E1-E5
• Academic A2-A4
• Government G1-G4
• Business Essentials
• Business Premium
• Enterprise K1 (kiosk)
*Exchange-only license can only access Inbox & Calendar
28. One group system across Office 365
One identity
Federated resources
Loose coupling
SharePoint
Documents
OneNote
Additional workloads
Workload
scenarios
Exchange
Conversations
Calendar
Identity
Resource URLs
Owners
Members
AAD
29. Office 365 Admin Center
Management Options – User Interface
Office 365 Admin App
Azure AD Admin Portal
Exchange Admin Console
Outlook Groups App
Clients – (Outlook, Planner, PowerBI)
31. Management Options – Scripting
Powershell
Manipulating groups Manipulating group membership
Owners | Members | Subscribers
$creds = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri `
https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session
Establish a remote session to Exchange Online
32. Useful Scripts for Groups to Get Started
Create group
New-UnifiedGroup –DisplayName “Legal” –Alias “Legal” –EmailAddresses legal@domain.com
Rename group
Set-UnifiedGroup -Identity “Legal” -Alias “Legal” -DisplayName “New Legal” -PrimarySmtpAddress legal@domain.com
View all subscribers, members or owners for a group
Get-UnifiedGroupLinks -Identity “Legal” -LinkType Subscribers
Show detailed info for all groups
Get-UnifiedGroup |
select Id,Alias, AccessType, Language,Notes, PrimarySmtpAddress, `
HiddenFromAddressListsEnabled, WhenCreated, WhenChanged, `
@{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; `
Label='Members'}, `
@{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count }; `
Label='Owners'} |
Format-Table Alias, Members, Owners
33. Managing Group Creation
The old way but still can be used for OWA and Outlook 2016
Use an OWA Mailbox Policy to disable group creation for ALL users or a SUBSET of users
This does NOT disable group creation EXCEPT when trying to create through Outlook/Exchange
Creating groups in other clients/admin areas (PowerBI, Planner, etc…) would NOT disable
Set-OwaMailboxPolicy -Identity test.comOwaMailboxPolicy-Default -GroupCreationEnabled $false
34. Managing Group Creation through Azure AD
The new way uses Azure AD
No longer dependency on Exchange so it passes throughout Office 365
If OWA policy exists and AAD policy is enabled, OWA policy will be ignored
You can do 2 things:
Disable the default ability of everyone to create a new Office 365 Group
Point to an AAD group (Office 365 Group or Distribution Group) that contains a list of people who are
allowed to create groups
This group cannot have a group in it, must be individual users
Users with higher tenant roles already have access (company admin, mailbox admin, etc…)
Prerequisites
Azure AD Version 1.1.117.0 or later (currently preview)
35. Managing Group Creation through Azure AD
Steps to setup
1. Retrieve the Object ID for the group that contains the authorized users
Use Azure AD portal to get Object ID
Get-MsolGroup cmdlet to discover GUID via PowerShell
2. Use PowerShell to update the Azure AD policy
Pass the GUID of your authorized user group to GroupCreationAllowedGroupId
Connect-MsolService
$template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateSettingsObject()
$setting[“EnableGroupCreation”] = “false”
$setting[“GroupCreationAllowedGroupId”] = “7edd1d0b-557d-43e6-b583-4f3e0198c167”
New-MsolSettings –SettingsObject $setting
3. Confirm using PowerShell and test creating a group
Get-MsolAllSettings | ForEach Values
36. Group Guest Access
You can now grant external users access to Office
365 Groups
Does not comply with tenant
blacklist/whitelist
Enabled by default
Overall Group guest access is managed at
the tenant level
Guests cannot view IRM protected files
Guests needs to access via browser
Guests cannot:
Be an owner
View the GAL
View Group members or contact cards
Access Planner
Be blocked by specific user
Feature Guest user allowed?
Create a group No
Add/remove group members No
Delete a group No
Join a group Yes, by invitation
Start a conversation Yes
Reply to a conversation Yes
Search for a conversation Yes
@mention a person in the group No
Pin/Favorite a group No
Delete a conversation Yes
"Like" messages No
Manage meetings No
View group calendar No
Modify calendar events No
Add a group calendar to a personal calendar No
View and edit group files Yes, if enabled by tenant admin
Access the group OneNote notebook Yes, via link from group member
Browse groups No
37. Group Guest Access
Group owners can invite external
people to be guest users
Group members can request an
invitation for an external person
38. Group Guest Access Admin Controls
Guest addition to organization
• Allow invitation to guests users in the organization
• Office 365 Portal – Settings & Privacy > Sharing
Guest addition to groups
• Allow adding of guests to any group within the
organization.
• Office 365 Portal – Services & Add-Ins > Office 365 groups
• Allow adding of guests to a specific group in the
organization (only available in Power Shell)
Guest access to group resources
• Allow guests to access to any Office 365 group resources
• Office 365 Portal – Services & Add-Ins > Office 365 groups
39. Group Guest Access Powershell
Steps to block for tenant
1. Ensure that sharing is allowed in the SharePoint Admin Center / O365 Admin Center
2. Use PowerShell to update the Azure AD policy (if settings object exists)
$template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$settings = Get-MsolSettings -SettingId $settings.ObjectId
$Value = $GroupSettings.GetSettingsValue()
$Value["AllowToAddGuests"] = "False"
$Value["AllowGuestsToAccessGroups"] = "True"
Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $Value
3. Set AllowGuestsToAccessGroups to False to instantly disable all external users from
accessing groups
40. Group Guest Access Powershell
Steps to block external access for a specific group
1. Ensure that sharing is allowed in the SharePoint Admin Center / O365 Admin Center
2. Use PowerShell to update the Azure AD policy for the group (if no group settings exist)
$group = Get-MsolGroup -All | Where-Object {$_.DisplayName -eq “GROUP DISPLAY NAME”}
$groupsettings = Get-MsolAllSettings -TargetObjectId $group.ObjectId
$template = Get-MsolSettingTemplate -TemplateId 08d542b9-071f-4e16-94b0-74abb372e3d9
$setting = $template.CreateSettingsObject()
$settingsnew = New-MsolSettings -SettingsObject $setting -TargetObjectId $group.ObjectId
$settings = Get-MsolAllSettings -TargetObjectId $group.ObjectId
$value = $GroupSettings.GetSettingsValue()
$value["AllowToAddGuests"] = "False"
Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $value -TargetObjectId $group.ObjectId
3. Run a check to see if it worked
(Get-MsolAllSettings -TargetObjectId $group.ObjectId).GetSettingsValue() | foreach values
41. Configuring multi-domain support
Example
Main domain is contoso.com
Default accepted domain is service.contoso.com (where groups get created by default)
You have a sub-domain called students.contoso.com and groups.contoso.com
Configured with Exchange Address Policy (EAP) via Exchange Powershell
Option 1:
All Office 365 Groups built under groups.contoso.com domain
New-EmailAddressPolicy -Name Groups -IncludeUnifiedGroupRecipients `
-EnabledEmailAddressTemplates "SMTP:@groups.contoso.com" -Priority 1
42. Configuring multi-domain support - Continued
Option 2:
Control what sub-domains Office 365 groups are created in by attribute
Set users which have their Department attribute set to Students to create groups by default in the
students.contoso.com domain
New-EmailAddressPolicy -Name StudentsGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates `
"SMTP:@students.contoso.com” ManagedByFilter {Department -eq 'Students'} -Priority 1
All other users will create groups in the groups.contoso.com domain
New-EmailAddressPolicy -Name OtherGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates `
"SMTP:@groups.contoso.com” -Priority 2
Only admins can perform this
Use the –RecipientFilter for available properties to filter on (company, city, office, etc…)
If you remove domain you need to update EAPs
Max limit of 100 EAPs per organization
44. Security and Compliance
eDiscovery through Exchange and SharePoint
Data loss prevention
Preservation policies
Audit log and Content search
45. Management tidbits
Establish governance plan for groups
Establish AAD group creation policies
Monitor SharePoint Online Storage to ensure group sites not overtaking total storage
Establish a process to have groups admin support easily available for users
Run reports to try to track groups sprawl
Use UsageGuidelinesUrl and ClassificationList
Migrate multiple distribution lists to Office 365 groups – Link – (also via GUI)
46. A few technical options
Remove groups email from GAL (global address list)
Accept/Reject certain users from sending emails to groups
Set-UnifiedGroup –Identity $groupAlias –HiddenFromAddressListsEnabled $true
$groupAlias = “TestGAL”
–RejectMessagesFromSendersOrMembers or -AcceptMessagesOnlyFromSendersOrMembers
Set-UnifiedGroup –Identity $groupAlias –RejectMesssagesFromSendersOrMembers dmadelung@concurrency.com
$groupAlias = “TestHide”
Hide group members unless you are a member of the private group
$groupAlias = “TestSend”
Set-unifiedgroup –Identity $groupAlias –HiddenGroupMembershipEnabled:$true
48. External access
Groups SharePoint sites expanding
Group classification
Group usage guidelines URL
Groups iPad app
Privacy type conversion
Dynamic membership (requires Azure AD premium)
eDiscovery and Litigation available
Ability to change privacy type of created Group
Azure AD creation restriction
Upgrade a DL to a Group via GUI
Groups usage reporting As of 12/5/2016
What’s new in Office 365 Groups
50. • xxxx
Help Contribute &
Stay Informed!
O365 Groups UserVoice
https://office365.uservoice.com/forums/286611-office-365-groups
Microsoft Tech Community
https://techcommunity.microsoft.com
Office 365 Roadmap
https://fasttrack.microsoft.com/roadmap
Office Blogs
https://blogs.office.com/
Office 365 Admin Center – Message Center
https://portal.office.com/AdminPortal
Office 365 for IT Pros
http://exchangeserverpro.com/ebooks/office-365-for-it-pros