Microsoft Teams.

Roundup of Key Microsoft Team Features Announced at Microsoft Ignite

At the Ignite 2018 conference last week, Microsoft revealed that Microsoft Teams is now the fastest growing business app in Microsoft’s history and announced several powerful new capabilities to foster teamwork and collaboration.

As we help more of our clients strategically rollout and adopt Microsoft Teams, it is exciting to learn that many of the new features will help fill the gaps our clients have needed – particularly around security, compliance, and data loss prevention.

According to our Office 365 and Microsoft Teams strategy guru, JoAnna Battin, here are several of the new features and functionalities she says our clients will be happy to see rollout for both their Teams end users and Teams administrators.


New Meeting features:

Our team is particularly excited about the new artificial intelligence (AI) powered meeting features including background blur and meeting recording. Background Blur uses facial detection to blur your background during video meetings, and Meeting Recording allows you to playback recorded meeting content at any time with captions and a searchable, timecoded transcript.

Access your Yammer community via a tab in Teams:

You can include relevant Yammer groups directly in Teams for easy monitoring and engagement by adding them as a tab in any of your team channels. No more going back and forth between Teams and Yammer!

Enrich your private chat experience with screen sharing:

Need to quickly show someone your screen, but don’t have time for a call? You can now share your entire desktop or a specific window directly from a private chat session. You can even let them take control to collaborate on content together.


Enhanced Security & Compliance Features for Messaging:

For organizations with enhanced security and compliance needs, Microsoft is releasing two new secure messaging features. With Image Annotation, users can capture images, annotate, and share them on a secure platform. IT Admins can set policies to prevent images from being stored on a mobile device or local drive. As we mentioned, Priority Notifications will alert a recipient to an urgent message and automatically notify the recipient every two minutes for up to twenty minutes – it is scheduled to roll out by the end of this year to all Teams commercial customers.

Microsoft announced that these capabilities support HIPAA compliance, and enable clinicians to communicate about patients while avoiding the privacy risks that arise when healthcare professionals use consumer chat apps. In addition to the healthcare sector, we are excited to help our clients in other fields use these features to protect their security.

Microsoft Teams Urgent Message Notification.Microsoft Teams Urgent Message Notification.

Data Loss Prevention (DLP) in Teams will enable you to identify, monitor, and automatically protect sensitive information:

With DLP, you can soon create policies directly from the Security and Compliance Center to prevent sensitive information – credit card numbers, social security numbers, or health records – from being shared or leaking unintentionally. Policies will apply to both messages shared in private chat and channel conversations. Files that are shared in channels and private chats will be covered by SharePoint and OneDrive for Business DLP policies. User messages that contain the specified sensitive information will be blocked based on the DLP policy you create with options for the sender to override and send the message and/or report false positives. Stay tuned for more details.

Microsoft Teams SCC Policy configuration.

SCC Policy Configuration

Manage your teams directly from the Admin Center:

According to JoAnna, this is huge! Administrators will have the insights into Teams that they never had before.

A list of all teams in your organization is now available directly in the Microsoft Teams and Skype for Business Admin Center. Simply click on “Teams” in the left navigation and select “Manage Teams” to see this list. From here, you can manage membership, add or remove channels, and change settings. Additionally, you can quickly create a new team, customize it, and add members allowing you to better support your users.

Microsoft Teams Admin Center Manager.

Microsoft Teams Admin Center Manager View

Manage your team membership with dynamic groups:

We are excited about this feature – you can reduce your administrative overhead of adding and removing users by creating teams from Office 365 groups with a dynamic membership rule. For these groups, membership is managed dynamically based on user’s Azure Active Directory (AAD) attributes. Thus, when a user’s AAD attributes change, they will be added or removed automatically from the team based on the dynamic membership rules defined by the administrator. All Office 365 groups can continue to be managed directly from the Azure Admin portal. Teams will support the creation of teams from Dynamic Groups in the coming months. Learn more about dynamic groups here.

Replicate your best Team’s experience with Templates:

Finally, a real template experience!

Have you found a team setup that works best for a type of project or workstyle? You soon will be able to easily create new teams based on best practices and lessons learned by leveraging a new REST endpoint as part of the Microsoft Graph API. With Team Templates, you’ll be able to pre-define a team’s channels, apps, and tabs that can help you easily create consistent teams across your organization. You can also define team settings and auto-favorite channels, allowing your team owners to focus on collaborations rather than spending time setting up the team.

Boost your productivity with a tighter integration between Teams and SharePoint:

You’ll soon be able to enjoy the full capabilities of SharePoint libraries in your file tab with features like creating a custom view and pinning a document to the top. Additionally, you will have the ability to add SharePoint lists and SharePoint Framework web parts as tabs in your team’s channel.

Those new features will provide new ways to aggregate information between SharePoint and Teams.

Read the official Microsoft Teams announcements from Ignite: What’s New in Teams – Ignite Edition

Let us help your organization create a culture of collaboration and teamwork with Office 365 tools including Microsoft Teams, OneDrive, SharePoint, Yammer, and more.
Contact us to learn more »

New Microsoft Teams Features for Meetings

Microsoft Ignite 2018 is underway! There are loads of announcements coming out each day about new capabilities and features in Office 365, SharePoint, Microsoft Teams, Azure, and more. Our team is currently gathering top takeaways – stay tuned for upcoming blog posts!

In the meantime, here are two of my favorite features now available in Microsoft Teams.

Background Blur:

Microsoft Teams now allows video conference participants to blur their background.  The ‘background blur’ feature is possible due to artificial intelligence, which is able to distinguish between a person’s face and their background.  Now, employees can remotely tune into video conferences from almost anywhere – whether at the beach, a coffee shop, or home office – and it’ll go almost entirely undetected.

Meeting Recordings & Transcripts:

Microsoft is putting its machine learning technology to work with a new tool that will automatically generate real-time transcripts of your meetings, as well as captions on recordings. With meeting recording in Teams, you or other invitees who missed the meeting can playback recorded audio, video and content at any time. Pull up a transcript, powered by Microsoft Stream, and search for keywords so you can optimize your time while getting caught up.

We can help your organization create a culture of collaboration and teamwork with Office 365 tools including Microsoft Teams, OneDrive, SharePoint, Yammer, and more.
Contact us to learn how we can help »

Can You Use Microsoft Teams Without an Exchange License?

One of the government clients that I support has selected to use Google as their primary unified communication service. However, they also purchased an Office 365 tenant to use for SharePoint Online, Skype for Business, and OneDrive for Business. The Exchange license is turned off for all of their users. But what about Microsoft Teams? Based on conversations happening today, I can tell that there is already demand for Teams.

But according to the Microsoft roadmap, Teams won’t be available in the Government Cloud until sometime in the 3rd quarter of 2018. Here’s a screenshot:

This made me think about what the Microsoft Teams experience would be like without an Exchange license.

Setting Up a Test

First, I discovered that Teams DOES work without Exchange – and surprisingly well. As a test, I created a user in my Office 365 tenant and disabled their Exchange license.

See below for the settings:


From the End User’s Perspective

As the “Exchange-less” user, I was able to log into Teams (from both the web app and the desktop app) and do the following:

  1. Create a new Teams (both public and private)
  2. Add members to both teams
  3. Manage a Team’s Members, Channels, Settings, and Apps
  4. Participate in Team Conversations, including using @Mentions
  5. View meeting info from a Channel conversation
  6. Participate in a channel meeting
  7. Upload files into a Channel
  8. Update a Wiki
  9. Add Other Tabs in a Channel such as Planner
  10. Create Buckets and assign tasks in Planner
  11. Participate in a Private chat including sending files, and making both a phone and video call
  12. Access files uploaded via private chat and within a team channel via the Files left tab

Here’s what I was not able to do outright or was able to do with partial success:

  1. Schedule a meeting
  2. View Scheduled Meetings via the Meetings left tab
  3. Update my picture
  4. Configure Connectors

Here are some of the screenshots associated with a few of the processes:

That’s it from the end user perspective. So far, I learned that not having Exchange is not much of an issue.

From the Administrator’s Perspective

According to Microsoft, Teams was built to support audit log search, eDiscovery, and legal hold for channels, chats and files as well as mobile application management with Microsoft Intune. These tools reside in the O365 Security and Compliance Portal and provide the following features:

  • Auditing and Reporting
  • Compliance Content Search and eDiscovery

Let’s take a look how those features are affected when the user doesn’t have an Exchange license.

Auditing and Reporting

Audit log searches work on content that was created by accounts without an Exchange license. The following is a screen capture of what Teams activities are audited and can be reported on:

Below is a sample report showing all the Created Team, Deleted Team, and Added Channel activities. The TestUser account is the one without an Exchange license, and as you can see, that user’s activities are still being captured.

Compliance Content Search & eDiscovery

Content Search can be used to search Teams through rich filtering capabilities and exported to a specific container for compliance and litigation support. You can use Content Search to search for content in Microsoft Teams. However, without an Exchange license, you will not be able to search the group mailbox or shared calendar.

Below is an explanation from Microsoft:

“Users who participate in conversations that are part of the Chat list in Microsoft Teams must have an Exchange Online (cloud-based) mailbox in order for you to search chat conversations. That’s because conversations that are part of the Chat list are stored in the cloud-based mailboxes of the chat participants. If a chat participant doesn’t have an Exchange Online mailbox, you won’t be able to search chat conversations. For example, in an Exchange hybrid deployment, users with an on-premises mailbox might be able to participate in conversations that are part of the Chat list in Microsoft Teams. However in this case, content from these conversation aren’t searchable because the users don’t have cloud-based mailboxes.

Conversations that are part of a Microsoft Teams channel are stored in the mailbox that’s associated with the Microsoft Team. Similarly, files that team members share in a channel are stored on the team’s SharePoint site. Therefore, you have to add the Microsoft Team mailbox and SharePoint site as a content location to search conversations and files in a channel.

Alternatively, conversations that are part of the Chat list in Microsoft Teams are stored in the Exchange Online mailbox of the users who participate in the chat. And files that a user shares in Chat conversations are stored in the OneDrive for Business account of the user who shares the file. Therefore, you have to add the individual user mailboxes and OneDrive for Business accounts as content locations to search conversations and files in the Chat list.”


My biggest takeaway from research and testing is that users without an Exchange license can use most of the Teams functionality to collaborate and their activities are included in the audit logs.

However, not all their content will be accessible by the Office 365 Compliance and Search and eDiscovery functionalities.

If your organization is considering implementing Office 365, please contact us to discuss how our team of experts can provide personalized assistance to get your Office 365 platform and related applications deployed as quick and as painless as possible.

About the Author

Dean Virag is currently a consultant and trainer at Xgility. He’s been providing Microsoft SharePoint consulting services and training to a variety of organizations since 2009. Currently, Dean helps manage SharePoint 2010 & 2013 and Office 365 for a large federal government client as well as provides them with process automation consulting, training, and documentation services. 


4 Project Management Applications You Should Be Using Now

According to PWC, more than half of the companies that are unhappy with the project management software say that it is because the software is too expensive.  Are you still using sticky notes or Microsoft Excel to manage projects?  I continue to be surprised that Excel is still one of the most popular project management applications.  If you have not researched your options in the past year or even 6 months, now is the time.

For our customers running SharePoint in their data center, many project managers use Microsoft Project on their desktop and sync with either a SharePoint Project Site Template or Project Server.  The project site template allows project managers to share a Gantt chart, tasks, and documents on a SharePoint web page.  Project server takes project management to a whole new level allowing for true portfolio management, including resource scheduling/allocation, prioritization, time-sheets, and resource leveling across projects.  Our on premises customers have also had success with a 3rd party SharePoint application called BrightWork.

In the past 5 years, we have shifted, along with customers, from waterfall (PMP style) project management to Agile project management, especially when it comes to large software development projects.  At Xgility and with several of our customers, we have used a cloud based application called JIRA.  JIRA has a helpdesk component as well as an Agile cloud based project management software component.  One disadvantage for us is that JIRA is not as tightly integrated with SharePoint, Outlook, and Office 365.  The other disadvantage to JIRA is that we already have Office 365 E5 licenses.

4 Project Management Applications You Should Be Using Now

For customers using the Microsoft cloud, project managers have a new option.  Project managers can continue to use the SharePoint Project Site Template or Project Online (project server in the cloud).

Our team is really excited about a new tool called Office 365 Planner.  Office 365 Planner is based on Office 365 Groups, so you if you have tried out groups, you will notice that your Office 365 Groups will show up under planner.  I believe many customers that like Agile and don’t need true portfolio management will move to this as a project management tool.

4 Project Management Applications You Should Be Using Now 2

Features of planner include reporting, conversations, tasks and subtasks, conversations, OneNote Notebook, and document storage.  As a member, it is easy to track your tasks across multiple projects.  For a demo, check out this link.

We are happy to announce that Microsoft has introduced two new features to planner.  The first is the ability to assign multiple users per task, the second is allowing guest/external user access.

Try out planner and let us know what you think as compared with the other tools we mentioned.  As always, contact us if our team of experts can help your organization become more efficient and effective.



Author:  Kurt Greening

Editor:  Alex Finkel

Board Portal Solutions – Diligent vs Office 365

According to Wikipedia, “a Board Portal can be a custom-built, in-house application, an off-the-shelf, commercial application that is deployed by IT, or a subscription-based software as a service (SaaS).”  The portal is used to provide information to the board of directors and organize documents used to conduct a meeting.  Diligent Corporation (formerly Thompson Reuters Boardlink) has one of the leading SaaS solutions and it is a great product.  As an alternative to Diligent, several customers have asked us to compare Office 365 (SharePoint Online) to Diligent’s offering.  The purpose of this article to explain the requirements for a board portal and compare features in Diligent and SharePoint Online that meet the requirements for a Board Portal.  Both solutions have many advantages over email attachments and printed documents.

While Diligent is the leading board portal solution, some of our customers have used other SaaS solutions.  Maren, from the Xgility team, built a solution that saved $8,000 annually by replacing BoardEffect with a SharePoint site.  The solution was more secure and reduced the number of places employees had to go to save and find information needed to do their job.

Board portals provide the following features:

  • Strict Security: Due to the sensitive nature of board information, security and confidentiality is critical.  Sometimes board portals will use two-factor authentication for user logins, role-based access control to information, and full encryption of stored information and communications between members.
  • Online Accessibility: Board members can review documents or communicate with other members at any time, even when they are on the road.
  • Offline Accessibility: Board members can download documents to their computer for offline review.  However, board portals ensure that downloaded documents still support the same strict level of security.
  • Board Packet Creation, Modification, and Distribution: Corporate secretaries can use the board portal to create board materials and disseminate them online.  Edits or deletion of documents can be done and the changes are immediately distributed.  This saves the hassles associated with printing and handling changes after board packets have been printed.  Board packets are often quite thick, with 600 pages on the low-end and as many as 2,000+ pages.
  • Dashboard of Key Performance Indicators: to allow directors a quick view of the KPI of the organization’s performance, a flexible dashboard is often an integral part of Board Portal packages.
  • Online Collaboration support allows documents and board packets to allow for directors to record their comments and save a record, while reviewing such information.
  • Data Retention Policy Support: To mitigate company liability, board portals enforce data retention policies on documents, as well as board member communications.
  • Read Receipt of announcements, policy documents and any other legal documents is recorded and maintained by board portals.


In reviewing the solution offered by Diligent, their main advantage is that they are a purpose-built SaaS application.  They excel at creating a board book, which is the document used by the board to prepare and follow along during a meeting.  A typical board book contains the agenda, meeting minutes (including approval), executive management reports, committee reports, new business, and adjournment.  The Board Book can be accessed online and offline.  Diligent is also known for personalized executive support.  Since Diligent is a purpose built application, they meet all of the requirements above.

Office 365 can also meet all the requirements for a Board portal, but some configuration is necessary. SharePoint Online is designed as a general purpose, enterprise wide, collaboration system.  For many companies, the work needed to customize Office 365 will outweigh the benefits of the point solution offered by Diligent.

Office 365 would be a great choice for those looking to have a platform that can be used for the collaboration and creation of the documents that are used to create the board book.  With Diligent, documents are typically created outside the application.  In addition, Office 365 should be used as a collaboration and follow up on action items assigned from the board meeting.  For instance, tasks can be assigned to company employees in the portal or new committees can be formed inside the portal.   Office 365 out-of-the-box features that would be used for a Board Portal include: calendars, OneNote notebooks, contact list, Outlook meeting invites, workflows, alerts, metadata, tasks, and subsites.

Another advantage of Office 365 is tight integration with Office products such as Word, Excel, Outlook, and PowerPoint.  Office 365 also has good mobile applications.  Some executive administrators may choose to take Notes in OneNote, but distribute the final meeting minutes for approval in Word.

In terms of security, I would prefer to trust my sensitive corporate data to a larger SaaS provider such as Microsoft.  Microsoft offers great solutions for single sign-on and two factor authentication, along with a very large security team.  While our typical recommendation is to assign SharePoint permissions based on active directory groups, assigning permissions to individual board members may be a requirement in the board portal.

The disadvantage of Office 365 when compared with Diligent is that corporate IT may have train the executive admin team to utilize best practices for security and collaboration.  Since Office 365 support is not specific to board portals, training and support should be provided by an expert like Xgility.

While some boards may still use paper or email attachments, these methods are likely to cause issues.  For instance, this may cause confusion over the latest document version and make it difficult to correct documents at last minute.  A Board Portal is a great solution to improve productivity and collaboration for executive staff, as well as to assist with proper governance and oversight.

See below for examples of a demo Board Portal Solution:

Board Portal Solution S1 Board Portal Solution S2


Want a free trial of Office 365?  Get your Office 365 E5 trial subscription here.  If you are ready to implement a board portal in Office 365 or would like to learn more about Microsoft’s Cloud please contact us.



Author:  Kurt Greening

Editors:  Alex Finkel and Maren Kelley

Office 365 vs. Your Information Security Program

As you compare Office 365 versus your company’s security program, you should evaluate both internal and external threats.  Many security professionals focus on external threats, but data shows that internal threats are more common than external threats.  I have found that that NIST has a lot of great resources that can be leveraged to build your information security program.  Microsoft and many other cloud vendors are very transparent about their security and privacy policies in the Trust Center.  Below are six factors that should be part of your evaluation of Office 365 services versus applications hosted by your organization.


  1. The Team

Most of my security discussions with customers start with asking the customer to bring in their security team in to discuss their security program versus Office 365.  If they have a large team, the discussion may continue, if not, I point out that Microsoft has invested more than a billion dollars in security and has thousands of security professionals.  Microsoft has two teams of security experts, one known as the red team and, one known as the blue team.  The job of the red team is to break-in and the blue team is tasked with stopping them.


  1. Secure Score

If you already have Office 365, we recommend evaluating your secure score.  This is a gamification tool provided with Office 365 that makes recommendations and allows your organization to see the affects of security improvements in your environment.  Secure score is available to all Office 365 customers.


  1. Continuous Monitoring

If your organization is considering going all-in with the Microsoft cloud, you should consider Microsoft 365 E5.  This SKU is still called Secure Productive Enterprise, but will change in Microsoft documentation soon.  This includes Advance Security Management.  Advanced Security Management can also be purchased as an add-on SKU for $3 per user per month if you don’t want everything in the suite.  Since this tool comes with multiple templates, it is better than many of the tools purchased by our customers that don’t often get used after they are installed.  Buying best-of-breed security solutions can be an effective strategy, just make sure you have the staff and budget to integrate best-of-breed security systems.


  1. Device Protection

If your network and applications are secure, that won’t be enough if your devices are not secure.  Windows 10 is the most secure operating system ever offered by Microsoft.  We are upgrading many customers from Windows 7 and implementing Windows Defender for virus scanning and BitLocker for encryption.  System Center Configuration Manager can help keep your systems patched and updated.  Intune (included in Microsoft 365 E5) is an integrated mobile device management solution that enforces policies including what to do if a device is lost or stolen.  Again, buying best-of-breed security solutions can be an effective strategy, just make sure you have the staff and budget to integrate best-of-breed security systems.


  1. Data Loss Prevention

Office 365 provides integrated options for encryption, data loss prevention, and information protection.  These solutions protect against employees sharing personal identifiable information and sensitive/confidential data.  Policies can be created by the compliance team to align to industry standards.  Here is an example of the new policy template for Personally Identifiable Information supporting content in email, collaboration, and personal storage:


To classify documents at the user level, templates for common scenarios exist and can be customized for organizational needs.

Recently I received a confidential email from a partner and the email was setup so I could not forward, print, or event screenshot the information:


  1. Authentication

Recently our team completed an security audit for an organization with several hundred users of which 18% were Active Directory Domain Administrators!  They did not have any Single Sign-on applications, so they had a tough time forcing password resets when an administrator left the company.  Office 365 with Azure Active Directory Premium makes it easy to enforce password policies and allows users to have a single login to both on-premise and cloud applications.  At a minimum, I would recommend two-factor authentication for administrators and implement just-in-time admin access.  At Xgility, we have enabled two-factor authentication for all users.  We find the Microsoft Authenticator app to be the best way to implement two-factor authentication.  On our Windows 10 devices we have enabled facial recognition using Windows Hello.



If you are looking for help comparing Office 365 to running collaboration workloads in your data center, make sure you consider the true cost of providing enterprise class security in your data center.  Don’t assume that just because you can see the server that it is more secure than the cloud.  If you are looking to build a custom return on investment (ROI) analysis for your organization, Microsoft has funding that pays for Xgility experts to assist.  If you would like to learn more, please contact us.

Unraveling Office 365 Groups

Let’s face it, Office 365 Groups is a bit confusing.  Are they the same as AD security groups?  How do I use them and what do my users need to know?

From an IT perspective, we need to be able to put Office 365 tools in a box and present them to our users and administrators in a way they understand.  Office 365 Groups are managed through Azure AD and are presented like familiar AD managed resources, so Administrators tend to think of them as just another way to control permissions.  Office 365 Groups isn’t necessarily a change in permission management or control….but we’ll get into that in a bit.

The truth is, in today’s workplace, users get frustrated when they must ask IT for resources to do their jobs.  If that process is difficult or frustrating, they will figure out another way to perform these tasks.  Many times, that means your organization’s intellectual property gets dumped into shadow IT applications like Slack, DropBox, Google Drive, etc.  With today’s “consumer app generation” users want on-demand, self-service applications and they want to be able to control who has access to their documents and processes.  But more importantly, they want features and functionality that a standard SharePoint Team site doesn’t provide.

That’s where Office 365 Groups comes in!  Groups is a way to manage and provide the security wrapper around what the users are demanding – resources when and where they need them – in a self-service way that doesn’t require IT intervention or control to create/manage who has access to them.  AND the suite of tools Microsoft has introduced into Office 365 is beginning to rival any third-party tool your users may already be using.

Stay with me, I will explain….


What Users Want – The Tools

Until now, when a user needed documents, calendars, tasks management, or any other collaboration tools, we created a SharePoint Team Site.  Then we determined who needed access to the site and granted that access using AD security groups – and in some cases direct permissions to users.  These sites came with out-of-the-box lists and libraries and we presented these basic sites to users so they could add content.  But let’s face it, sometimes a SharePoint Team Site falls short and doesn’t quite live up to user expectations because of functional limitations within SharePoint.  So we create custom lists and use workflows to make the tools fit business needs.  Some examples of places where SharePoint fell short are:

  1. Task Management – Users want robust task and project management without having to be a Microsoft Project expert.
  2. Calendars – It should work and function like Outlook.
  3. Real, robust document collaboration – the ability to decide who gets access to my documents.
  4. Messaging and insights into team activities – send an email or post updates to my team or group.

So Microsoft introduced some really great, fully functional and ever-expanding tools like Office 365 Groups, Teams, Planner, etc.  These tools will change the way your users work and keep them from looking elsewhere for tools to fill the gaps where the organization’s technology fell short.  By focusing on the features and functionality, Microsoft is providing real, valuable, resources that people will use.

But Aren’t We Talking About Office 365 Groups?

We sure are!  To talk about Office 365 Groups, we must understand what drove Microsoft to implement Teams, Planner, and other Office 365 tools the way they did, and how these tools work together with Office 365 Groups.  The concept, use, and implementation of Office 365 Groups is, in my opinion, revolutionary! 

Office 365 Groups Are NOT AD Security Groups

Simply put, Office 365 Groups is a bundle of services, functionality, tools, and security.  Including:

  1. People – An aggregation of individual people brought together for a common purpose.
  2. On-Demand/Self-Service – The functionality users want, when they want it.
  3. Robust Tools – To easily communicate and collaborate.
  4. Autonomous Control of Membership – Management and oversight of the Group by its Owners. No IT intervention is needed to manage who has access to the group resources.

But what about security and permissions?  This is where it gets fun!

You are granted access to the tools and resources of the group simply by being a member (or Owner) of the group.  Let me say that again – you choose a group of people that you want to collaborate with, the collection of resources is created for these people, and permissions to these tools and resources are automatically granted because they are included in the group.  There is no longer a need to grant permissions to the resources.

The Resources and Tools

There are several ways that Office 365 Groups are created.  In general, it doesn’t matter which method you use to create the Group, as the same resources are provisioned.

When an Office 365 Group is created – either through the Admin Panel or through creating a new Plan (in Planner), the following resources and tools are dynamically created and permissions granted to the users in the Group.

  • Shared Inbox – For email conversations between your members. This inbox has an email address and can be set to accept messages from people outside the group and even outside your organization, much like a traditional distribution list.
  • Shared Calendar – For scheduling events related to the group. This is a fully-functional calendar as you would see in Outlook.
  • SharePoint Document Library – A central place for the group to store and share files.
  • Shared OneNote Notebook – For gathering ideas, research, and information.
  • SharePoint Team Site – A central repository for information, links, and content relating to your group.
  • Planner – Organize, assign, and collaborate on tasks; set due dates; update statuses and share files, while visual dashboards and email notifications keep everyone informed on progress.

When an Office 365 Group is created through Teams, those same resources and tools are created, permissions are granted to users in the Group, AND these additional resources and tools are created:

  • Team Workspace – Content, tools, people, and conversations in the team workspace
  • SharePoint Document Library – A central place for the group to store and share files
  • Scheduling Features – Calendar integration for easy scheduling of team meetings from within Teams
  • Skype for Business Integration – Communicate one-on-one or in a group with tightly integrated Skype for Business features and functionality

 Governance and Oversight

The new model allows users to create on-demand tools for their teams and groups of people.  From a management and governance perspective that can make even the most seasoned IT professional nervous.  We’ve focused on security and permissions as we roll out new applications and managing the infrastructure behind the scenes was critical.  Office 365 Groups changes that approach because the security and permissions is already managed.

IT’s focus needs to be on the resources that are provisioned behind the scenes, so that we manage the growth of our Office 365 environments.  There are two vital pieces of information regarding the dynamic provisioning of these resources.

  1. When a new Group is created a SharePoint site collection is provisioned.
    • This is a true site collection with a unique URL and visible through the browser directly or on the SharePoint tile.
  2. This site collection is hidden and not manageable in the traditional site collection administrative views.
    • The only way to know how many site collections have been created is by the number of Office 365 Groups created.

New governance and management features are now available to help manage retention and deletion of unused sites, create a tagging structure within Office 365 applications, and to programmatically rename Groups to append or extend the names of Groups upon creation so they are easily differentiated between AD Security Groups.  New features and functionality are being added constantly for management of the infrastructure required to roll out Groups, Teams, and Planner to members of your organization.

We continue to be excited around what Microsoft will add next and how responsive they have been to user feedback.  The rapid roll-out of new features and functionality, coupled with the ability for users to create on-demand, self-service resources, all while removing the need to assign permissions for these resources is something we should all be excited about.

If you are in IT and wanting help providing governance and security best practices, our team at Xgility can help.  If you are a departmental executive looking for training on how and when to use what, please contact us.

Office 365 – Desktop Update Best Practices

When it comes to cloud migrations, most customers dedicate efforts to the migration only to then realize there is more work to be done.  Enterprise customers have been accustomed to Microsoft version releases every couple of years.  However, subscription-based cloud services update often.  Large enterprises managing desktops and applications often dedicate teams to test and deploy updates.  Consumers who manage their own devices and smartphones are accustomed to seeing their system and apps update automatically and more often.

As an Office 365 subscriber, organizations should be aware of subscription channels and their update frequency.  Information Technology users should be on the First Release Deferred Channel with monthly feature updates.  The rest of the enterprise should run the Deferred Channel, which updates three times per year.  Consumers and Windows insiders are kept current with monthly builds.

Great news!  Starting this September, the updates will move to a semi-annual model.  Microsoft announced these changes in a blog and then shared the support article with this helpful chart:

Windows 10 will also follow the same model starting in September and then March as well.  While this change is confusing, it seems Microsoft is listening to customers who have been managing the update frenzy as they try to keep current and secure with the Microsoft cloud.  Having to deal with this twice a year for the desktop OS and Office apps sounds almost blissful.


Are you thinking of moving from a subscription based model for Microsoft applications such as Word, Outlook, PowerPoint and Excel?  If you are interested in migrating, but concerned about the change, the team of experts at Xgility can help.  Want a free trial of Office 365?  Get your Office 365 E5 trial subscription here.  For a free 30 minute consultation, please contact us.



Author:  Chris Ertz

Editors:  Alex Finkel and Kurt Greening

Microsoft Outlook App for iOS

In a previous YouTube video, Dean Virag showed you how to setup two-factor authentication using Azure AD premium.  The setup for two-factor authentication using the Outlook iOS app is very similar to any of the Office desktop apps.

The Outlook app is an alternative to the native mail, calendar, and contacts apps on your iPhone or other iOS device.   The native apps utilize active sync, which today does not support two-factor authentication and requires the use of an Azure app password.  This is the reason that your IT organization may want to use the iOS Outlook app and disable active sync.

In moving to the iOS Outlook app, I encountered two problems that kept me from switching over (Email is supposed to be a productivity tool, not slow you down) and today I will explain to you how to overcome those issues.

First, when I first started using the iOS Outlook app, I accidentally archived several emails.  This was very frustrating.  I was able to fix this issue in three easy steps.

  1. Go to settings or the gear at the bottom right of your iOS app
  2. Click on swipe options
  3. Hold down left swipe until you can select none

Second, after deleting my email account in active sync, my phone lost access to my contacts.  This means I could not tell which customers were sending me messages.  I fixed this is three easy steps.

  1. Go to settings or the gear at the bottom right of your iOS app
  2. Click on advanced options
  3. Select save contacts to device

Now that both problems are solved, I can safely and securely use email, calendars, and contacts from my iPhone.

The Outlook app is also extremely simple and easy to use.  The learning curve for the native iOS app users, is small, especially if you already have experience with Microsoft products/software.  The app also gives you slightly more customization than the native apps on iPhone, iPad, and iPod touch.  Microsoft also does a great job regularly sending out updates to the app to add new features and fix various bugs/issues.  Other features that the Outlook iOS app includes are: Touch ID login for verification purposes, the ability to choose which web app links and directions open in, customize notifications for calendar and email separately, the ability to have multiple accounts, and much more.


If you need security consulting or help with Microsoft Cloud/Office 365 training and implementations, contact us.



Author:  Kurt Greening

Editor:  Alex Finkel

Governance Features Available for Office 365 Groups

Governance and security are important aspects on customers’ minds when it comes to collaboration tools.  Microsoft Groups, which are a new feature in Office 365, are of course, no exception.  Although there are many safeguards already in place, there are some noticeable governance gaps that Microsoft is rapidly working on resolving and releasing as soon as possible.  Adding these features will make groups enterprise ready.

Groups allow organizations to define a set of teammates that you want to collaborate with.  When you create a Group, you get a shared inbox, calendar, SharePoint Team site and document library, OneNote notebook, and Planner.  These are a lot of places to store content!  Organizations need to be fully aware of the controls that exist for Microsoft Groups, so they can utilize them to the fullest, avoid losing valuable content, manage Group membership with ease, and collaborate efficiently.  For example, one IT department at one of our customers learned about groups after their users had created more than 20!


Below are some of the current governance features for Groups:

  1. Ability to hold content in place and perform eDiscovery search
  1. Privacy settings to allow Group Owners to make a group’s content available to anyone or to only Group members
  1. A Group Audit Report from the Azure Management Portal shows group creations, updates, and membership changes

Office 365 Groups Governance

  1. Group members can be based on rules using the Azure Management Portal. For example, a Group’s membership could be determined based on a sub-organization or having a specific supervisor.
  1. Functionality to create a custom classification system for Groups to match existing organizational policies for handling content so that end users are aware of the guidelines handling the group’s information. For example: “Classified,” “Unclassified,” and ”Public.”


On the Roadmap for Future Releases:

  1. A Group naming policy in Azure Active Directory that will allow Administrators to append text to the end or beginning of a Group’s name and have a list of blocked words that will not be able to be used in Group names
  1. Ability to hide the list of members of a Group from non-members
  1. Policy that can be set to automatically expire Groups that have been in-active for a certain amount of time
  1. Deletion recovery so End Users and Administrators can recover a Group that was deleted in one quick step
  1. A Group Audit Report that can be accessed from the Office 365 Compliance Center


See Melissa’s other blog articles here and if you would like to learn more about Office 365 Groups and how it compares to Slack, go here.  If you have any questions or would like a demo, contact us.



Author:  Melissa Hubbard

Editors:  Alex Finkel and Kurt Greening