Microsoft 365 Groups may not be as recognised a name as Microsoft Teams, but it is a key component how Teams operates.
The massive increase in Microsoft Teams usage because of organisations rapidly transitioning to remote working has meant that both Administrators and the Microsoft 365 platform have had to react to ensure operations run smoothly.
The Microsoft 365 Groups Roadmap highlights the future plans and features which are being released. This article aims to highlight the items which we think are worth your attention.
What are Microsoft 365 Groups?
Microsoft 365 Groups is the membership service for more than 22 collaboration apps and workloads within Microsoft 365. The most visible of these for users is typically Microsoft Teams, but it also includes Yammer, Stream and Planner.
Microsoft 365 Groups were previously called Office 365 Groups. This relabelling aligns the service with the wider ‘Microsoft 365’ branding across the platform. There is no change to the capabilities and the terms are basically interchangeable.
A Microsoft 365 Group does have a few similarities (but many differences) to a traditional Active Directory or Azure AD Security Group, which will be familiar to system admins. Although Azure AD underpins the group identity management, the relationship with the collaboration workloads is a new capability and needs to be understood to prevent issues for users and administrators.
A deep dive into Microsoft 365 Groups functionality is beyond this article, but instead let’s take a look at what’s changing for administrators.
Microsoft 365 Groups classification using MIP labels
Microsoft Information Protection (MIP) Sensitivity Labels can be used to classify and protect documents and emails held within Office 365. This capability has now been extended to allow sensitivity labels to be applied to containers such as Microsoft 365 Groups, Group-enabled SharePoint Sites and Microsoft Teams.
By classifying these containers with configured labels, it allows the following controls to be enforced:
- Privacy of teams sites and Microsoft 365 groups (whether they’re public or private)
- External user access
- External sharing from SharePoint sites (currently in preview)
- Access from unmanaged devices
When a label is applied to a supported container, it automatically applies the classification and configured protection settings to the site or group.
The contents of the group (documents, emails, etc) do not inherit the container label – these are still labelled and protected separately.
The container labels are managed using the same Admin Centre as the document labels and can be defined and published separately to allow flexibility over which labels are available to which location.
Admin Centre enhancements
There have been multiple changes to the Office 365 Admin Centre to make administering Groups easier and more effective through the web interface.
These include the following capabilities:
- Export group list
- Restore deleted groups
- ‘Teamify’ existing Groups
- Edit Group Email address
Groups who have no active owners can become a problem if not proactively managed and Microsoft are also addressing this with new admin features. Ownerless groups can be quickly identified in the Admin Centre, and Members invited to be promoted to Owners to resolve the problem.
Managing Azure AD Roles through Group Membership
A common practice within organisations is to use an Azure AD Security Group to assign Office 365 licenses and apps to its members.
Azure AD roles can now be assigned to a group to allow role management in the same way. This has been launched in preview for all organisations with a Azure AD Premium P1 licence. For organisations who have Azure AD Premium P2, this functionality can be combined with Privileged Identity Management for temporary activation of admin roles.
Activity Directory Security Groups have always allowed ‘nested group’ functionality i.e. a group can be a member of a group. Although this can introduce complexity, when well-managed, nested groups can significantly reduce the overhead of granting access and capabilities to organisational users.
Office 365 groups have not supported nested groups to date, instead individual must be assigned, or Dynamic Group rules applied to manage membership.
This is due to change however with the “Group-driven membership” feature appearing on the Microsoft 365 Roadmap with a planned release date of June 2021.
Group-driven membership will provide the ability for Group Owners to add a Security Group as a member of an Office 365 Group. The Security Group can then be used to drive membership inside an Office 365 Group, enabling a consistent management model across all Azure AD Group Types.
Find out more about Microsoft 365 Groups on Microsoft’s documentation: