Office 365 Groups has a rich set of tools to implement any governance capabilities your organization might require. This article guides IT Pros to ask the right questions to determine their requirements for governance and how to meet them based on their organizational profile.
Why Office 365 Groups?
We know that organizations today are using a diverse toolset. There’s the team of developers using team chat, the executives sending email, and the entire organization connecting over enterprise social. Multiple collaboration tools are in use because every group is unique and has their own functional needs and workstyle. Some will use only email while others will live primarily in chat. If users feel the IT-provided tools do not fit their needs, they will likely download their favorite consumer app which supports their scenarios. Although this process allows users to get started quickly, it leads to a frustrating user experience across the organization with multiple logins, difficulty sharing, and no single place to view content.
This concept is referred to as “Shadow IT” and poses a significant risk to organizations. It reduces the ability to uniformly manage user access, ensure security, and service compliance needs. Office 365 Groups empowers users and reduces the risk of shadow IT by providing in a single step many of the tools needed to collaborate.
Office 365 Groups lets you choose a set of people with which you wish to collaborate, and easily set up a collection of resources for those people to share. Manually assigning permissions to resources is a thing of the past as adding members to the Office 365 Group automatically grants the needed permissions to all assets provided by the group.
Technical Architecture
There are three main communication modalities supported by Office 365 Groups. Groups can be created within these experiences and used across the Office 365 suite:
- Outlook: collaboration through email with a shared group inbox and calendar
- Microsoft Teams: a persistent chat-based workspace where you can have informal, real-time, conversations around a variety of topics, organized by specific sub-groups
- Yammer: enterprise social experience for collaboration
Note
Creating a new group via other teamwork applications - such as SharePoint, Planner or Stream - will create an Office 365 Group with an Outlook communication modality with the ability to connect to Microsoft Teams.
Depending on where an Office 365 Group is created, certain resources are provisioned automatically, such as:
- Inbox - For email conversations between your members. This inbox has an email address and can be set to accept messages from people outside the group and even outside your organization, much like a traditional distribution list.
- Calendar – For scheduling events related to the group
- SharePoint Team Site – A central repository for information, links and content relating to your group
- SharePoint Document Library – A central place for the group to store and share files
- OneNote Notebook – For gathering ideas, research, and information
- Planner – For assigning and managing project tasks among your group members
- Yammer Group – A common place to have conversations and share information
- Microsoft Teams – A chat-based workspace in Office 365
To learn more about which resources are created for each group, visit Learn about Office 365 Groups.
Note
When a new Office 365 Group is created via Yammer or Teams, the the group isn't visible in Outlook or the address book because the primary communication between those users happens in their respective clients.
Important
When a new Yammer group is created, the Office 365 group does not create a group mailbox or calendar resource. Therefore, a Yammer group cannot be connected to Microsoft Teams. See Yammer and Groups
Where to start a conversation
There are multiple places to have a conversation within Office 365. Understanding where to start a conversation can help organizations define a strategy for communication.
-
Teams: chat-based workspace (high velocity collaboration) – inner loop
- Built for collaboration with the people you work with every day
- Puts information at the fingertips of users in a single experience
- Add tabs, connectors and bots
- Live chat, audio/video conferencing, recorded meetings.
-
Yammer: connect across the org (enterprise social) – outer loop
- Communities of Practice - Cross-functional groups of people who share a common interest or expertise but are not necessarily working together on a day-to-day basis
- Leadership connection, learning communities, role-based communities
-
Outlook Groups: modern DL (email-based collaboration)
- Ubiquitous for targeted communication
- Upgrade DLs to Office 365 Groups – Why you should upgrade?
-
SharePoint – Core content collaboration experience for all Office 365 Groups
- Every Office 365 Group gets a connected SharePoint team site
- Share content, create customized pages and author news
- Connect existing SharePoint team sites to new Office 365 Groups
Managing and governing Office 365 at scale
Office 365 Groups has a rich set of tools to implement any governance capabilities your organization might require. The following section describes the capabilities, recommends best practices, and provides guidance to ask the right questions to determine the requirements for governance, and how to meet them.
In this section:
- Control who can create Office 365 Groups
- Group soft delete and restore
- Group naming policy
- Group expiration policy
- Group guest access
- Group policies & information protection
- Upgrade traditional collaboration tools
- Groups reporting
Control who can create Office 365 Groups
Groups can be created by end-users from multiple end-points including Outlook, SharePoint, Microsoft Teams, and other environments.
Tip
- Strongly consider self-service to empower group owners.
- Document and communicate how to request a group.
- Revisit who can create groups during your cloud journey.
- Consider using dynamic membership to configure Security group’s members to control group creation.
- Assess which groups scenarios can managed via a dynamic membership and allow self-service for the rest.
There are three primary models of provisioning in Office 365 Groups: Open, IT-led or Controlled. The following table describes the advantages of each model.
| Model | Advantages |
|---|---|
| Open (default) | Users can create their own groups as needed without needing to wait for, or bother IT. |
| IT-led | Users request a group from IT. IT can guide them in selecting the best collaboration tools for their needs. |
| Controlled | Group creation restricted to specific people, teams or services. To learn more, see Manage who can create Office 365 Groups. |
Your organization might have specific requirements to implement strict controls on who can create groups. Use the following table to help make the decision on which provisioning model fits your organization.
 |
Decision points |
|
 |
Next steps |
|
Important
Limiting group and team creation can slow users productivity because many Office 365 services require that groups be created for the service to function. To learn more, see Why control who creates Office 365 Groups?
Resources
- Manage who can create Office 365 Groups
- Populate groups dynamically based on object attributes
- How to change the default setting of Office 365 Groups for Outlook, to public or private
- Syncing Security Groups with team membership
Group soft delete and restore
If you've deleted an Office 365 group, by default it's retained for 30 days. This 30-day period is called "soft-delete" because you can still restore the group. After 30 days, the group and associated content is permanently deleted and cannot be restored.
Tip
- Communicate the restore process to your users.
- Train your helpdesk team.
- Track upcoming groups that will be deleted using PowerShell script.
|
Decision points |
|
|
Next steps |
|
Important
During the "soft-delete" period if a user tries to access the site they will get a 403 forbidden message. After this period if the user tries to access the site they will get a 404 not found message.
Resources
- Restore a deleted Office 365 Group
- Restore a deleted Office 365 group in Azure Active Directory
- Delete groups using the Remove-UnifiedGroup cmdlet
Group naming policy
A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group. The naming policy can also help categorize groups in the address book. You can use the policy to block specific words from being used in group names and aliases.
Tip
- Use short strings as suffix.
- Use attributes with values.
- Don’t be too creative, total name length has a maximum of 264 characters.
- Upload your organization specific blocked words to restrict usage.
|
Decision points |
|
|
Next steps |
|
Important
The naming policy is applied to groups that are created across all groups workloads (like Outlook, Microsoft Teams, SharePoint, Planner, Yammer, etc). It gets applied to both the group name and group alias. It gets applied when a user creates a group and when group name or alias is edited for an existing group.
Resources
- Office 365 Groups naming policy
- Enforce a naming policy for Office 365 groups in Azure Active Directory
- Azure Active Directory cmdlets for configuring group settings
Group expiration policy
Administrators can specify an expiration period and any group that reaches the end of that period, and is not renewed, will be deleted. The expiration period begins when the group is created, or on the date it was last renewed. Group owners will automatically be sent an email before the expiration that allows them to renew the group for another expiration interval.
