Business & Careers, Global Conference 2016, Hybrid SharePoint

[VIDEO] – Everything you need to know about Office 365 Groups, and more…

Share 0
Tweet 0
Share 0
Featured image full width Video post
Drew Madelung

Office 365 Groups enable teams to work together by establishing a single identity in Office 365. Office 365 Groups are a new and modern solution for collaboration in Office 365. There is a lot of confusion on what Groups can do and should be used for. This session will be a deep dive into all things Office 365 Groups.

We will spend a large amount of this session demoing how to manage administer Office 365 Groups. This session will include demos of:

  • How to create, access, and navigate Office 365 Groups?
  • What are the core things to do?
  • How are Office 365 Groups technically structured?
  • What administration is available and how to do it?
  • What extensibility options are there?

I will also walk through the pros and cons of using Groups vs other collaboration options in Office 365. Office 365 Groups are also one of the fastest changing solutions in Office 365, so this session will bring everyone up to speed on the most recent updates that Microsoft has rolled out and what innovations are next. By the end of the session you should have a better understanding of what Groups can do and if they are right for your enterprise!

In this session you will learn:

  • Why you should use Groups
  • What are Groups
  • How do Groups work
  • How can you perform basic administration
  • How do you perform advanced administration
  • What Powershell scripts can you use

[00:00:03] Hello everyone and welcome to Office 365 groups, from the ground up at the Collab 365 global conference. To get started, my name is Drew Madelung I am a senior consultant in a company called “Concurrency” were a Microsoft partner, and I specialize in everything from SharePoint and Office 365. A little bit about me I am, I am located out in Milwaukee Wisconsin Osama quite a Wisconsin sports fan. Between the Packers Badgers Brewers blocks everything around there. And I’m also a pretty big golfer so if you follow me on Twitter you’ll see some of my pictures, and what I do around golf not just around Wisconsin but I do golf quite a bit around the U.S. And I’m here to talk to you today about Office 365 groups. So, we’re going to start with what they are, then We’re going to then talk about what can you really do with them and how do they work technically. So, this is going to be much a very pro-oriented conversation here. There are some other very good sessions at this conference out there around kind of working around the groups what you can do with groups how you should be using groups. What I’m going to be talking a lot about here is a demonstration I’m going through a lot of demos for the administration.

[00:01:25] We’re going to be going through a lot of power, I’m going to be having a lot of that up and at the end what I really want you guys to get out of this is to take the tools that we’re providing throughout this and be able to go help your administration figure out how you can continue to work with groups. You need to know the boundaries of where groups can be used and should be used and hopefully you’ll start taking advantage of this technology, due to some of the things that you’ll find out in a session like this.

[00:01:56] So I wanted to start out talking initially about Office 365 as a whole, and you have talking about the cloud and collaboration to kind of set the stage for why we’re using office 365 groups. It all starts with Office 365, Office 365 is the cloud platform for Microsoft scaling across many different workloads, and a big thing to note is that Office 365 is huge. There are millions and millions of people using Office 365 all over the globe. If you need to access any cloud services from SharePoint Exchange planner, these are going to exist in Office 365. So as the future is moving as we’re moving forward and Microsoft moving forward with our cloud first Bulba first technology. When you think about what’s going to happen with SharePoint next what’s going to happen Exchange next. You’re probably going to see that an Office 365 first, if you haven’t been looking at it yet now’s the time to start looking, and how does this affect collaboration? Well people have been saying that the way we work is different, then that we should probably evolve the way that collaboration is going and that collaboration is changing with the people coming to the workplace. But in my opinion collaboration has evolved. People need to work anywhere they need to work any time, they need to work across all platforms. And we need to provide the tools to our end users to be able to do that. We need to, if we don’t provide it to say the end user will go find the way to get it done.

[00:03:33] And you’re going to have more shadow I.T. if you allow different capabilities or you deny different capabilities and allow them to go out and do what they want. So, security compliance is becoming more vital end users have more power to break security. We need to allow innovation to occur, because of the way that collaboration change finding people finding documents is necessary in a very fast paced world today the world of siloed file shares should be gone. We don’t need to live in that case anymore because the real world of collaboration is very different. And if you read ignite last week or that it was great conference Benge Niland and Tony Redmond did a great session on Office 365 groups in the field guide if you don’t have it should definitely go watch it. And as I was trying to put together this presentation I was trying to figure out how was a great way to show how the end there’s a gap between ITN end users that the I.T. pro sees things in a very static way. If we give this to them they’re going to do it. That’s not the case as an end user, end users are going to do what they need to do out there today. If you go back to SharePoint 2010 there wasn’t the same capabilities of Dropbox. It wasn’t the same capabilities of slack; those things are coming out into the coming out here now.

[00:05:01] And if we don’t provide the proper tools end users are going to figure out what they need to do because there is not one size fits all for collaboration, and that really were Office 365 groups can come in to help are not a technology they’re not a single technology I should say groups are a collection of technologies in their experience. Their solution. They make people the priority and not the tools. So, to ease the confusion of groups, groups is just a collection of people. That’s it. Now all of us have workloads around it helps support the group but at its core groups are a collection of people, and people are in the middle of it because that’s how you bring people together to start to bring content together to bring apps together. It starts with the people at the front side of it to figure out how we could help people work better every single day. So, they’re not a team site, they’re not in the room, they’re not a Yemal group, they’re not a single technology to combine these technologies together and bring people together. So there’s some core visions behind groups that I want to kind of start with. And the first one is that there’s a single definition to try to ease the confusion of who was a member of a group, who part of a group what is a group? A group is an object a group is an object of people that’s it, if you want to be able to create a group it’s actually very simple. Microsoft is moving towards empowering the end user because that is what we are. Our expectation is shifted to end users should be able to control what they want to do because that will help encourage adoption that frees people to come and do work. And then the tools that you provide if you make it challenging you make it a little bit of push-back there.

[00:06:53] So self-service is one of the goals that I need to be aware of that groups are very self-service across many platforms. Also I.T. prose degree where that they are open by default. And in my opinion coming from the SharePoint side I think this is this is a valuable piece because I believe that security advanced security which is an exception at this point if security is very essential, you need security but you should say OK this is going to be open. Do we need to secure it instead of the latter which is this is OK restart secured. Should we open it accordingly. The more your secure things the harder it is to collaborate. So, by opening things up you get easier collaboration, and run history and context. You want to a very close comparison to groups right now.

[00:07:42] Is its distribution list so if you’re an example if you’re a new employee to a company and you get added to an I.T. distribution list you have no ability to see what existed behind before you were enrolled in that distribution list. If that was a group, you could actually come in and see all of the history in the context of what was going on in that group before you joined.

[00:08:04] Very helpful to know for anyone that joins.

[00:08:08] In the future as far as sharing and administration both those things come very easy to the end user from the I.T. pro. We need to be a little more cautious and the way these are rolled out is that they become end user centric first. So, Microsoft’s going to release different ways and different tools to do this, but it’s going to be end user started and then the administration is going to be available for the I.T Pros for the governance security which we know is very important, but they’re making the end user experience much better. As far as what makes up a group a very important thing to note again is that after directory’s there a collection of people and their collection of people an active directory and what it is occurs, is there a solution that spans across all of Office 365 and it takes the strengths from these different pillars and combines them into a single collaboration solution. Because one of the thoughts here is you don’t need to know about what solution you’re going to get your work done. I don’t need to know if I’m in X product. I just want to be able to do X I want you all to share this wherever the file is I want to be able to access this wherever I’m at, Nestler spanning, spanning across all of these solutions with the Microsoft graph becoming behind it to support it all, for any of that sensibility out there. Now when should you use group why should you use Groups? Groups are a great solution for smaller teams right now.

[00:09:41] So they are very driven around teams that would use e-mail and very commentary that has projects that are a collection of people that span different or different teams in your organization and you bring them together to do a certain agenda, to have to provide something to give something to customers.

[00:10:00] When you bring those used to get bring those people together. Groups is a great tool to provide all of these different abilities from email to a one-note document to one notebook to exchange calendar to a planner to manage your tasks for files and SharePoint. All of this comes together for that team with a hiving to spread across different workloads. It’s really not good for though is things like an all company group that they’re not really intended to be used in a very large scale collaboration scenario that’s where you can still go back and look at something like Yammer or look something back look at something like ishfall on SharePoint site or multiple SharePoint sites in that example to be able to do it other comments. So, if you’re looking at it whether it’s a project site an organization like I’m part of a smaller I.T. team or maybe a Sehbai team we can have on things like interest groups so again a small collection of people maybe it’s a classified maybe it’s a company classifieds ad group or a book club.

[00:11:02] All of those can be put together for people to work on things a much easier fashion. When talking about groups. One of the first things that come up too is well isn’t it just a SharePoint site and snap. Or what does it have to be a SharePoint site and a one draft site and a group. The confusion around that should be slowly starting to clear up. Announced recently is that all existing Office 365 groups will get a full team site. So, if you ever had any if you go back a couple of months what actually occurred is after a group was created a SharePoint site was built but the only thing that was visible was the document library and you couldn’t really touch the document library. You can add any content types you can do management around it slowly but surely you can now do more. You could slowly do more and now moving forward. Every group that exists today is going to get the full power of a SharePoint team site to do things like workflows and content types and ECM the things that were challenge in the past. And then after that the confusion should be even less because a group as a group would be a team site and a team that will be a group. So as you create a group you’re going to get a team say and as you created a team say it’s going to be a group. The confusion is here and the group is a collection of people and shirtfront is where they go to get the work done.

[00:12:33] Now a few things to know before you get started with groups for things to know. As you’re about to move down the world of groups and some of the things that were just released so one of the great things that just came out at Ignite was that the next generation of Sinclair it is now possible for your group document libraries. So, if you want it if you are using Grip’s today and you wanted to sync the content down the newest client can do that. You don’t have to use the old groove file anymore.

[00:13:06] Very important note for governance is that once you’re in office receipt when you’re in office 365 and you create a brand-new tenant or the way it exists by default it’s that anyone can create a group and that they’re available in the global address list by default. So in the session I’ll be going through a lot of the administration of how you can change that and manage that as your company needs as far as scale. A group can have more than 10 owners and you really can’t. You don’t want to have the same user create a ton of groups because they’re limited to that. So if you have an I.T. service creating groups you want to kind of control that and monitor how many they’re creating and you really don’t want to have groups that have a thousand members.

[00:13:45] I mean if you have a thousand members working on something that’s that shouldn’t be a group that’s a large project or whatever you’re doing so you want to limit groups to a little bit less than it would work. But Microsoft says it’s going to decrease performance a little bit. An important thing to note about compliance again is that when a group owner leaves the content stays there. So you don’t have any issues you might have a challenge to get into it you must to reset an owner but the content doesn’t leave. Even if an owner leaves a very cool note is that since groups are an object and a D you can actually use those groups across SharePoint and use an office video yet. But that’s changing the stream anyways. You don’t know where that’s going but you can use those as a group object if you want it to manage security inside of SharePoint and also important as groups are created they are created under the site’s minge path. So if you let’s say an example you have a rule in our Internet and you have a site called you build a site CLECs called H.R. or a group called H.R. for your portals build and you call it H.R. you are Ellaby slash sites slash H.R.. And if you then go out and try to create your site collection for your new age our portal and you call H.R. will be taken by your group. So an administration of this you need to be a little careful around who were the groups are being created. What are the names of the groups out there?

[00:15:16] So how do you access these what what are the ways you can get to it. As I said they’re there across platform. So there is new group landing page. There’s not a group title. You can’t get to it in one spot. But you can get to it from many different spots. When you’re in the browser you can get to it from your webmail outlook is kind of the heat source that most people go to. One drive is becoming more prevalent and your files are becoming tools to get to it. You can access it from all across the web experience. Also, access it across many client experiences. So, whether you’re in if you’re in 2016 you can actually have a group section in there a lot demolition a minute around doing group scene content of your groups. There’s a groups app out there today that if you want to see your group’s content you could see it there too. You want to see your calendar in the groups. It’s all there. So, there are many starting points to get going in this process of accessing group content so that user experience is different by the client you’re on. And let’s take a look at navigate around a group and get into a group and so forth. So, let me pull up first pull up because this is one of the first things that people will be going to is accessing groups through outlook. So, what you can see when you’re in Outlook is you’re going to see this group step on the left.

[00:16:42] This is going to be one of your central location to see all of the groups that you’re a member of as I click into this or you’re going to see that the ribband access all but different content within a group within that group today you’re also going to see the connectors tab over here which is shifted to you’ll act to be able to add a connection to your group so that you can start bringing in external external content into your group. Now people that’s separate but actual content your group can be added via connectors ministration of a group. It’s done via this little wheel up here. This is where you can edit your group you can view details of grouping at numbers. All of this is done up in this little wheel and this all coming in through the Outlook Web experience. You’ll see. These are some of the workloads that start the file. The files tab which is your link to your SharePoint site the calendars you exchange calendar. Nope because the linked right to the group one note notebook and planner is linked to the task prompt task solution from Microsoft called planner. So, I was clicking through some of these things on Sculpin a planner here you’re going to see that in planner group.

[00:17:54] A group is a plan and a plan is a group. So, if you create a plan as a direct correlation to a group so you go into a plan or you’re going to see the same correlation of groups that I had access to at that point. If I jumped back into my files piece you get that keep these new tabs as it is you click through these because it’s much it’s still isn’t workload but you’re jumping between them all you should have a consistent look and feel of this group section on the left over here. One thing you’re going to see now with the new group is right now with the new group experiences that is using the motard document library UI at some point the files tab move forward actually is going to list all your files not just in SharePoint but things that are shared with the group as an example will show up on your new files tab.

[00:18:51] That’s something that’s coming once you’re in a group document library. This is where you can do all of your simple document Schmit if you wanted to expand on that you can some of the cool things you can do with the new modern UI is probably my favorite as you can expand and collapse these columns It’s been something that has been so needed and it’s so awesome. I just do this. It’s great. The other great thing I’ve seen is that you can now PIN information up to the top. So, if you have people access in a group document library you’ll be able to see this you will see that simple document very simple document experience being able to pin up and down. And now as the full team site is slowly added onto the this is where you’re going to be able to come in and add a custom list as an example. You can be able to add a custom publishing page that you’re going be able to use a full SharePoint team site to what it needs to be to what its capabilities I say not limited just this document library. We can start doing things like grouping. We start doing things like views which are doing things like metadata. So as an example, I added embedded in column called final version. I can simply group by that very quickly in the final document. You also have the new information pane over here. You can simply quickly it information around that doc. You don’t need to go to that data screen anymore do it.

[00:20:29] Very helpful as far as being able to get to this content out here. But this will be expanding to the full SharePoint team site experience ask them something that is going to be quite awesome. If I wanted to see the thing to note that this group is private so there is a collection of there’s a classification of a group as either a private or public and a private group is something that is not discoverable by people by default. While public group is and we can join it in a private group is not.

[00:21:06] People need to be added specifically.

[00:21:11] Jumped back over into my conversations as too serious. A quick e-mail what it looks like. Main I do want to talk about is some of the administration of all this so I could send a quick conversation and say they have 365 and what’s actually happening here is this an exchange mailbox people that subscribe to it will get this e-mail when I send it out people can reply to it and it stays within the context of this group out here and very helpful. And working with this under the group settings thing I want to show you is now when I added a group couple new things. First of all, we have usage guidelines. So, this is something that allows you to configure a link to some information around what people should be doing with groups. And I think it’s very important for the management of it. This is all set for a power show which I’ll show you. But these links can be valuable to provide you with the proper governance for when people should be creating groups and when they shouldn’t. We have the ability to change the privacy of a group.

[00:22:24] We also have the ability forward set a classification of a group so you can see that I can simply change these classifications to what I need and I could say that I want that too. But we’re going to keep it internal for this demonstration. Discarded my changes. I don’t need any of these.

[00:22:42] And what I want to get back to is how what’s going on behind the scenes here.

[00:22:54] Behind the scenes what you’re going to get what you’re going to find out right away is that everything starts natur active directory. Once the group is there an active directory combines the services like Exchange and SharePoint and sync actually occurs between these services. Important thing to know though is even though Active Directory is what holds the identity and it holds that single source of truth for who’s in it. Things like the exchange mailbox or the mailbox a current existing exchange just like it exists in SharePoint. All of these things occur in those subsidiary workloads and there’s a coupling between them all through the sync tool. So, if the creation happens it happens and the tools all communicate back with each other. So, that’s how you are able to combine these workloads from Exchange and SharePoint with ASH after Active Directory being the identity provider.

[00:23:47] All of this.

[00:23:50] Now important note as management we need to know how to do it. And I like to separate management into two kind of categories. The UI of it and PowerShares So you start out with you for a second. They were to go heavily into our show now where if you remember I talked a lot about administration from the end user is very easy saying this is possible for the end user again, through these applications. These are also very available for the Ebro but only certain workloads and only certain activities can be performed in each of these applications they really don’t give you a central source for administration kind of challenging but it’s good it’s because of the separation of workloads out there the first place to kind of start in my opinion is you’re an IP I.T. pro is the admin setting up an office 365 be able to do many group administration things like create delete edit all that is there. If you’re on a mobile device, you can do through the app if you want to manage specific things and you can use the azure admin portal if you want it. Minnes specific things change you do it in the exchange Ebner con. And you can also do it do things like create I didn’t delete groups in the groups app which is also now available for iPad. You can also do get indescretion and clients. So, if you’re in something like planner or something like your outlook client and your machine you can actually do administration of a group there as well.

[00:25:17] Scripting though is really where the power of management Office 365 group exists and just start what you’re looking at here is a unified group Commandments.

[00:25:32] These are the commandments that were built under the exchange on line.

[00:25:38] Council to allow you to manage groups. So, you’re going to have all of your all of your tools or all your command lists available under the unified group piece. If you want to change what happens in a group or what your name is you’d be using the unified group command list if you want to change people in a group or change add people to a group or remove you’d actually use the unified group links commandment. And again, you’ll be using these through the exchange online powerful command tools. And as I start going through a lot of these scripts I think to notice they are all going to be available at the end for revellant to review. I’m going to be kind of stepping through some of the more common ones that I feel are helpful to manage groups.

[00:26:26] As far as like a Getting Started Guide.

[00:26:27] Here are some of the very basic ones to show you how to create a group how to rename a group so you could actually use these unified group command links to be able to do this. And you’d start here if you wanted to do very basic communication a lot of these can actually be done through the GUI as well. One nice fall down there is that detailed information for all groups. So you’d actually be able to see all the groups out there who’s a member of it and who is an owner of it and be able to print all of those out and that could give you some good reporting. If you want to see who’s doing what and what groups. And again, there’s multiple ways to Menasha this though. One of the first things when you talk about group administration not after getting served with Power Shell is that managing group creation is very important. I think this is something that is a little newer but you now have the ability to manage who can create groups and and where they can Creake physically. So, the way that it was originally started was that exchange there was an O.W. a policy available to disable group creation for all users or a subset of users. But in O.W. a policy only disables group creation when you’re creating them through Outlook or exchange. This does not create Cleopus.

[00:27:47] If you remember that slide with the reclose this would not stop you from creating groups of something like power be-I are planning so suddenly O.W. policy is still valid depending on where you’re working and you’d actually set this to disable group creation through OWI.

[00:28:09] The new way to move through this is now actually through as your Active Directory. So you’re now you no longer have the dependency on exchange but if an O.W. policy exists and an Active Directory policy is enabled the O.W. a policy will actually be ignored in the Active Directory policy will take over. So, if you look at Slide and you know abject victories the key behind the workloads. This is where we’re going to want to put our limits and group creations here are group creation studies I should say. Now you can do two things you can. First of all, disable group creation for everyone. Or you can point you can limit group creation to actually a specific group and that but say like let’s say I only want to have I.T. pros be able to create groups and no one else can. This also must be a group of individual users and it really won’t apply it won’t apply at all if you are a higher tenant that as an example of global admin will always be able to create groups even if they’re not a part of the Active Directory group that’s limited to it.

[00:29:10] So to get started with that what you actually need to do and I’ll be going through a demo of this is that we’re going to use power show to update and Azure aty policy to restrict group creation. And what we’re actually going to do is we’re going to create a policy that only allows a specific set of users to be able to create groups when looking at this on the sly which you’re going to see is we’re asking you to connect to the service.

[00:29:35] We’re then going to grab the template of the unified group across Office 365 So this is static across all tenons. We’re going to grab that template and we’re going to create a setting’s object for it. Once we create that Sudden object there is a collection of parameters in that object which allow us to change these at the settings level and once for group creation or enable group creation and group creation allowed group ID. So, when we say enable group creation said it’s a false that’s going to allow that’s going to turn off group creation. And we’re also going to then pass in the group id of which group we want to be able to still allow have the ability to create groups. So, that’s how that works for group creation. And what we’ll be going through that Demel here shortly.

[00:30:26] Another new feature that has been released is now you actually can allow external users to groups. This is something you want to review though because external access to groups is available and integrates. But there are some gotchas as far as what a guest user can do as an example a guest user can join the group by invitation but they cannot create remove the cat they can’t remove members they can’t delete a group they can work with conversations they cannot favorite to group they can’t like messages they cannot actually view the calendar at this point.

[00:30:59] But they can actually view in group file group files which is actually a separate setting. When you share with the external access if you wanted to if you have a whitelist or blacklist set up in your Tennent’s the actual for free group does not comply with it by default. Once it has been turned on every year every group is unable to share with groups to be able to share ex-general users by default. That has now turned on the overall group access is actually managed at the full level. So, if you can if you want to be able to share users and change the settings that set up at the time that you can set it at the level that’s all through power shall I guess need to go to the browser they don’t have any other way in. I guess cannot be an owner. They can’t view the cow. They can’t access plana right now. And one thing I guess we can actually block specific guests like that we don’t want to say hey Bob can’t be average get access. We can’t do that it’s going to be yes or no guest. So very important to note if you’re going to start allowing guest access as far as how you can administer it and these guests are all managed in an active directory and sinked back to exchange and SharePoint applied similar to the other aspects that exist.

[00:32:16] So what it looks like from the email side is that a user will get an email once shared with them. It will give them a link to the group that actually give them the ability to leave the group there. They will be getting all of that information through their email as far as the conversation is peace groups actually. And the way it would work from the owner side is that an owner can actually invite an external user. But if you’re a member it will actually request an invitation for that external person to become invited. From the administration controls of it to get started. There’s a couple areas and you to actually work confirm are done first and that is actually done through the exit office 365 admin portals. So, there are some separate options here to configure them. First need to be enabled that guest users in the organization need to be set up under the settings and privacy teme the addition of guests to any group can be set up.

[00:33:14] Also through the services and add ins tab This also gives the ability. That’s also where you can do it in power so we’ll talk about. But you can also do this thing and through the Officer of 65 groups resources to allow guest access. See those images on the right and the first one on top with the organization that needs to be turned on to be able to allow any sharing of group. So that’s a requirement to be able to share this content.

[00:33:46] To do it via power control via Power Shell very similar commands that you’d be using as far as what you did for the group creation. So first of all they need to make sure sharing is enabled through you through the admin center. You would then use power Scheldt updated via Azure a D. So instead of undoing the naval group creation commands for actually two moral ones called allow to add guests and allow guest access groups so allow to add guests is the overall setting of should guest users be able to be added if that’s set to false. You would not be able to share with any groups and they get the subtenant level. But if any guests are already part of the group they could still access it. Now the allow guests to access groups parameter is actually like a switch basically to say if you turn that to false. No groups no extra users will be able to get into your group so no guest can get in and all that we’re sharing. Even if they had a share they would no longer have access. So that is a one switch to control all of the ability to have guests access while allowed to add guests give the ability to grant that permissions. You can also do it for a specific group so if you wanted to control which groups have the ability to allow guests you can do it by setting instead of getting the tenants group the tenant settings object. You’d actually go to the group setting an object and still set that allow to add guest to false and that you would pass through.

[00:35:29] So you would no longer have to. Or so that group by itself cannot allow gas but other groups could.

[00:35:39] Another handy thing available to you is the multiday main support piece. So this is very popular scene as far as students are colleges and universities is that you have multiple domains in your tenant and you want groups to be built under certain domains like students under a certain domain or teach under certain domain.

[00:35:58] These are all can be set through your exchange access policies so if you create an email address falce if you create the new email address policy you can set that for all groups to be put under one or you have the option to control subdomains for Officer sixty 65 groups and you actually do it by attribute. So as an example, if you have a set of users and their department of such students you could say anytime a student creates a group we want to put it under the student’s domain as example where you create an email address policy to set the just set who should be creating the group under what policy you would create a secondary policy for everyone else. So, in this example of students being created first under the student’s domain all other groups would be created under the groups to make Now Andrew policies are evaluated in the order of priority. So, a value of 1 means is the highest priority. Once a week and once Adjt. policy is hit no other address policies are evaluated they get stamped so if no EAP is match then the then the group will get provisioned with organizational default accepted domain and old admins can perform. This isn’t something that an end user could do and you can only have 100 ageist policies.

[00:37:27] I haven’t seen that yet but the ability to control what domain groups are created under is a very helpful tool as your organization gets larger and you’re working to scale and speaking of scale one of the big nodes is hybrid.

[00:37:42] What happens in a hybrid solution because this is very important as we move forward in office 365 because many things are going in there so you can have hybrid support. But it does have its limitations.

[00:37:58] The groups are still created in them and it managed an extra directory and they are written back to exchange is the way it would work. So the group would still always be mastered in the cloud. Groups don’t appear for mailboxes that are moved to office 65 so mailboxes in the cloud need to be sure you have proper configuration there. As director of direct your premium is required for the situation.

 

[00:38:27] There is still some challenges with these configurations so it’s a lot of it is in preview mode here so a lot of you need to work towards it but the ability to have hybrid groups is semi-desert where it’s getting there and there’s a lot of resources available to you. Again the office 365th the pro book is a good resource and then Microsoft is beginning to put out some good resources as far as what you can do and can’t do as far as group rate back to on premises. So when you talk about governance because we got to control the sprawl we have to in my opinion have to control sprawl that’s what administrators we have to review. We don’t necessarily have to control it but we have to know can we control it. What are the things that we can do from the governance side. Because we still need to empower the end user but control where we can. First of all there is security compliance applied to it. So the officer sixty five security and compliance administration center has the ability to have things like data loss prevention preservation policies the audit and constant searches all available across the workloads and Office 365 groups. A key note here is the retention policy and exchange that actually doesn’t work for your exchange mailbox. Yet for a group but this is an area where things like classification are coming as well like heavy classification as far as controlling that that’s all come in.

[00:39:55] But the security appliance center is valuable to see what you can and can’t do within an office 365 group workloads.

[00:40:06] So my little notes for managing these things is that I would definitely establish a governance plan for groups who want to know who’s going to be doing what who can create groups and that should all be outlined in McGovern’s plan actually put into usage guidelines that can be seen. Now on the group creation and group options you want to monitor your story depending on how much storage you own you might want to monitor some of that because every SharePoint every group has a SharePoint site which could start ticking up your storage you want to control that if you have a limited amount of storage processing for creating groups you don’t need that. But if you want to have if you need control of that you want to run your creation policy to do that. There are reporting coming and for us for groups to know who is doing what and who has access and what because we don’t want to try to avoid orphan groups if we can.

[00:41:04] And going forward there’s also Microsoft kind of moving away from distribution list as a tool and pushing towards groups as becoming a distribution list replacement.

[00:41:17] It doesn’t fit every idea for a distribution list but you do have the ability to actually migrated distribution list. To a group via Google Now that’s pretty helpful. Some of the technical options you can do for group management. The first one is access type so if you want to do it through power schedule this is again what you can do. You could you just had to give me now. But if you wanted to manage multiple groups through power cells set multiple things as private you can do that through the unified group commandments again. Want to see all the subscribers you can do that through our unified group links command list a very helpful one is actually setting quotas for the group sites. So this is actually done through the SharePoint Online management Chelsee you’ll see again this is actually the third management shall be going through between Exchange as your and SharePoint. So, this would actually that set up a site command that can be used to set your quota for how big a group site can get. Some people may want to control being able to send as a group.

[00:42:28] So knowing who can send from the group you can actually past alias’s into the into the recipient type details or to be able to declare who can who who can send the officer sixty 65 group. You can do Nevian policies in exchange so if you have a concern about who or how the names of groups can be created the exchange Neeman policy works.

[00:42:56] There is also a challenge with the exchange Neeman policy is that it actually applies to distribution groups as well. So, if let’s say you put DL or D.G. or group dash and someone created a distribution list it would actually go out and apply that to it as well so and the name Pallis it doesn’t actually exist. If you as an example create it through a ID so you can do it through exchange but it only applies through that workload. So, there are a large extensive audit reports available. So, you know who shared something with a group who created it. You can actually see those in the azure aty portal. So you’re not just limited to the active or the audit log search in office 365. You can still go into the azure Aidy portal and see some more of the membership side of it of who’s done what.

[00:43:54] A very common scenario. I stated that when a group is created it is automatically part of the global address list. You cannot turn that off unless you go through power shell so you actually use the unified group and that there and the hidden from address list enabled you pass that in and they object or the group would no longer be available on the go. Hopefully that comes to the QB at some point soon.

[00:44:20] You can also do things like except to reject users from sending email so if you don’t want people to actually come send e-mails to the group you can deny that you might want to do that for let’s say a CEO site or a board member site kind of black people be able send to it and you can also hide members hide group members externally. So, if you wanted to not allow people to see or actions x certainly you can hide your membership for other members of the private group. So, if you wanted to have a private group not know who else has access you can do that through the group membership enabled parameter. Last one you’d also as I stated prior is a group is removed. Or if a group for group exists and an owner is removed the content there is actually not removed but a new owner will need to be applied. So, if you ever want to come and see who does not have owners you can run a script out there to go out and find all of the groups who have a on or applied and then go and apply them. Actually, this is again from the office 360 T pro book something that I would highly recommend for anyone doing an office 365 administration.

[00:45:35] So I’m going to walk through some demos of what we can do through this fun power show. So, I actually already have a prompt open able to start working with some of the objects that you’re some are detected to exchange and actually already connected to Azure. So, the first thing that went around is a quick unified command that you’re going to see that we are connected and have a lot of groups out there. The one I’m actually going to be working with is something called the Drew test 365 which is really original. If I run that I’m going to command that to see information about the groups you’re going to see. This is a lot of information that’s actually stored with the group you’re going to see here’s a link to the link to the SharePoint site that’s connected to where you see a lot of stuff about it if you wanted to see the members of a group. You can do that actually through again through the unified group links commandments. You’ll see here as example of one of our teams that has all the members of a group. So, all the people that I ran the command members to see who’s there. One thing I can do is I actually set the access type of a group. So actually, if I wanted to run. Right now, my true test or 365 group is set to private so if I pull that up here you’ll see I am set to private I come back out and actually run this option out here. This is going to convert this group to public. This actually can be done through the GUI.

[00:47:13] But that’s something I can do it through power shall come back out here. I refresh my page. You will see that the group is now set to public. Yes. And it’s refreshing to very fresh quick. Still private’s refresh.

[00:47:40] All right. Still says private I promise you it will be set at some points over to public.

[00:47:53] The other thing we can do is we can actually. One thing I wonder how it has been able to add and restrict the people that can create a group. So, this is one of the more common things. So what I want to actually do is say only scenario going to go through is only groups. When the users in a certain group and concurrency can create a group right now if I have I have a site open under my test account. Right now, I have the permission set up that anyone can create a group to actually see that you can run a get MSO all settings option. If I run this this is kind of what was referred to before with all the different printers enabled are available to you. You’ll see the guest access stuff is in here. We go through that now. But it’s similar configuration here. What you’re going to see though is enable group creation is set to True and the group creation allowed group ID is also Plank’s. We’re going to want to set those to be the group that we want to create group that we want the ability to create groups and the group creation set to false for everyone else. So, we’re going to want to pass in the proper group ID in here and set this to false. So, what I’m going to do is put this in. What this is doing is it’s going to look for the group called concurrency and it’s going to get the object ID for that.

[00:49:25] With that object ID it’s going to pass that in there because that’s actually what you need to do to set this as using the object ID and you can actually get that through Azure Aidy if you wanted to as well. And then we’re going to in a able group creation to false for everyone except for this group number going to run this command to see that it worked successfully. So, if I run that setting you’re going to see by the time I’m done an able group creation set to false. And now that group of concurrency is the only group that has access to be able to come in and make changes to create a group that’s going to let that marinate for a little bit because they want to run through that. And while that is it going I want to give you a quick look into what it looks like to see that group I.D. an active directory and the advent portal. So, I’m actually in my group here much testing 365 group. And what you’re going to see is this object ID. So, that’s the obdurately that we pass through. If I wanted to show you the concurrency you wanted to come up here type in concurrency I could spell. You’ll see our security group in here. If I go into it and I go into properties you’re going to see the ambiguity that I passed in to go say that this is the group that can create its snow. Right now, no service a country created.

[00:50:58] Only people in this group and administrators the other cool thing that you can do out here in the admin portal if you have an 80 premium is that you do have the ability to go out and actually set dynamic membership is something that’s very cool to say like if a user is part of X group that’s actually add them specifically and an e-book membership is set under the configure tab in the adulating Portlaoise of the egg and the only place you can actually do it once you enable dynamic membership. As I understand it will to only match what I can figure I may say OK but you can do things where I only want to say we’re to perm equals 80 if it pulls back in an active directory you could also say something like I want to only pull something where. State is Wisconsin. So, these are actually active directory attributes that you can run a comparison to show you which becomes part of that member you can also run an advanced rule if you knew how to write it. If I want to say only I wanted specific people in the group, you could actually do something like this using the dash. To say these users, display names will become part of the group. So, this is something that is very cool. If you wanted to manage dynamic membership very cosmetic and it does require Azure 80 premium discard those changes. And now I’m going to come back to my test account and do a quick refresh and I’m going to try to create a plan and they’re going to plan as a group group has a plan you need to have a group be able to support the plan. So, if I say create new plan you will see that it has been disabled.

[00:52:49] So this is something that by default is not enabled if I signed in with an account such as my concurrency account and I went to open over here I went into planner. To go create a group. I still would have the ability to do it through planner so this would not stop me when I go to say you plan this test rate.

[00:53:20] So I didn’t get blocked because I am part of the concurrency group. So this is something that is very cool very helpful and all the scripts are out there. Now we we’re getting close and time times I wanted to get through kind of what’s new and what’s coming. So the new stuff is external access. That’s a big one. The addition of groups and SharePoint are combining a little bit more we can do classification. If an iPad app can see Discovery litigation is a little more available in here. We have the azure Adey creation. This is all something that I showed you. You can upgrade a deal to a group actually through the exchange console now as a cool new stuff come in or what actually is available to us today. Now to come in is some interesting things out there. So this is actually pulled off from the roadmap a very popular place that you’re going want. If you want to track to see what’s coming with Office 365. The ones I want to highlight are that are coming are the ability for expiring groups and the AMA integration with groups to expand groups means that right now when you delete a group it’s gone for good. You get no recovery there’s going to be the ability to have something called the softly so as groups expire. We’re going to know that if the groups come in years and we can expire. It’s soft delete and then it fully goes away after that. So something to be very helpful for long term management is also becoming part of groups.

[00:54:49] It is deeply integrated this upcoming story. It’ll be interesting to see how the outlook conversation piece ties in with the hammer but that is what’s coming. As far as staying connected there is a user voice out there for groups. There’s a new tech community out there. It’s all the roadmap the blogs are good. The admin center will tell you kind of what’s coming and if it’s been released to tenants and some other great scripting is available for you out there in the office 365 righty book a lot of good stuff. I’m active in either voice tech community out there so there’s a lot of good folks ready to help us figure out how we can use groups and what’s coming. Do you have any questions you can e-mail me directly hit me up on Twitter on the slides for this are available under that link Treo 365 group slides and the scripts for all of this are under the 365 group scripts. And with that I want to thank everyone for joining me for the session and I hope you attend some other great sessions here through Collab 365

This session was delivered at the Collab365 Global Conference 2016 and was presented by Drew Madelung.

Summit Bundle

Get 200+ hours of Microsoft 365 Training for 7$!

Master Office 365, Power Platform & SharePoint & Teams With 200+ Hours Of Training Videos in the Collab365 Academy. This offer is insane and is only available for a limited period. 

Get 200+ hours training for 7$