Unraveling Office 365 Groups

Let’s face it, Office 365 Groups is a bit confusing.  Are they the same as AD security groups?  How do I use them and what do my users need to know?

From an IT perspective, we need to be able to put Office 365 tools in a box and present them to our users and administrators in a way they understand.  Office 365 Groups are managed through Azure AD and are presented like familiar AD managed resources, so Administrators tend to think of them as just another way to control permissions.  Office 365 Groups isn’t necessarily a change in permission management or control….but we’ll get into that in a bit.

The truth is, in today’s workplace, users get frustrated when they must ask IT for resources to do their jobs.  If that process is difficult or frustrating, they will figure out another way to perform these tasks.  Many times, that means your organization’s intellectual property gets dumped into shadow IT applications like Slack, DropBox, Google Drive, etc.  With today’s “consumer app generation” users want on-demand, self-service applications and they want to be able to control who has access to their documents and processes.  But more importantly, they want features and functionality that a standard SharePoint Team site doesn’t provide.

That’s where Office 365 Groups comes in!  Groups is a way to manage and provide the security wrapper around what the users are demanding – resources when and where they need them – in a self-service way that doesn’t require IT intervention or control to create/manage who has access to them.  AND the suite of tools Microsoft has introduced into Office 365 is beginning to rival any third-party tool your users may already be using.

Stay with me, I will explain….


What Users Want – The Tools

Until now, when a user needed documents, calendars, tasks management, or any other collaboration tools, we created a SharePoint Team Site.  Then we determined who needed access to the site and granted that access using AD security groups – and in some cases direct permissions to users.  These sites came with out-of-the-box lists and libraries and we presented these basic sites to users so they could add content.  But let’s face it, sometimes a SharePoint Team Site falls short and doesn’t quite live up to user expectations because of functional limitations within SharePoint.  So we create custom lists and use workflows to make the tools fit business needs.  Some examples of places where SharePoint fell short are:

  1. Task Management – Users want robust task and project management without having to be a Microsoft Project expert.
  2. Calendars – It should work and function like Outlook.
  3. Real, robust document collaboration – the ability to decide who gets access to my documents.
  4. Messaging and insights into team activities – send an email or post updates to my team or group.

So Microsoft introduced some really great, fully functional and ever-expanding tools like Office 365 Groups, Teams, Planner, etc.  These tools will change the way your users work and keep them from looking elsewhere for tools to fill the gaps where the organization’s technology fell short.  By focusing on the features and functionality, Microsoft is providing real, valuable, resources that people will use.

But Aren’t We Talking About Office 365 Groups?

We sure are!  To talk about Office 365 Groups, we must understand what drove Microsoft to implement Teams, Planner, and other Office 365 tools the way they did, and how these tools work together with Office 365 Groups.  The concept, use, and implementation of Office 365 Groups is, in my opinion, revolutionary! 

Office 365 Groups Are NOT AD Security Groups

Simply put, Office 365 Groups is a bundle of services, functionality, tools, and security.  Including:

  1. People – An aggregation of individual people brought together for a common purpose.
  2. On-Demand/Self-Service – The functionality users want, when they want it.
  3. Robust Tools – To easily communicate and collaborate.
  4. Autonomous Control of Membership – Management and oversight of the Group by its Owners. No IT intervention is needed to manage who has access to the group resources.

But what about security and permissions?  This is where it gets fun!

You are granted access to the tools and resources of the group simply by being a member (or Owner) of the group.  Let me say that again – you choose a group of people that you want to collaborate with, the collection of resources is created for these people, and permissions to these tools and resources are automatically granted because they are included in the group.  There is no longer a need to grant permissions to the resources.

The Resources and Tools

There are several ways that Office 365 Groups are created.  In general, it doesn’t matter which method you use to create the Group, as the same resources are provisioned.

When an Office 365 Group is created – either through the Admin Panel or through creating a new Plan (in Planner), the following resources and tools are dynamically created and permissions granted to the users in the Group.

  • Shared Inbox – For email conversations between your members. This inbox has an email address and can be set to accept messages from people outside the group and even outside your organization, much like a traditional distribution list.
  • Shared Calendar – For scheduling events related to the group. This is a fully-functional calendar as you would see in Outlook.
  • SharePoint Document Library – A central place for the group to store and share files.
  • Shared OneNote Notebook – For gathering ideas, research, and information.
  • SharePoint Team Site – A central repository for information, links, and content relating to your group.
  • Planner – Organize, assign, and collaborate on tasks; set due dates; update statuses and share files, while visual dashboards and email notifications keep everyone informed on progress.

When an Office 365 Group is created through Teams, those same resources and tools are created, permissions are granted to users in the Group, AND these additional resources and tools are created:

  • Team Workspace – Content, tools, people, and conversations in the team workspace
  • SharePoint Document Library – A central place for the group to store and share files
  • Scheduling Features – Calendar integration for easy scheduling of team meetings from within Teams
  • Skype for Business Integration – Communicate one-on-one or in a group with tightly integrated Skype for Business features and functionality

 Governance and Oversight

The new model allows users to create on-demand tools for their teams and groups of people.  From a management and governance perspective that can make even the most seasoned IT professional nervous.  We’ve focused on security and permissions as we roll out new applications and managing the infrastructure behind the scenes was critical.  Office 365 Groups changes that approach because the security and permissions is already managed.

IT’s focus needs to be on the resources that are provisioned behind the scenes, so that we manage the growth of our Office 365 environments.  There are two vital pieces of information regarding the dynamic provisioning of these resources.

  1. When a new Group is created a SharePoint site collection is provisioned.
    • This is a true site collection with a unique URL and visible through the browser directly or on the SharePoint tile.
  2. This site collection is hidden and not manageable in the traditional site collection administrative views.
    • The only way to know how many site collections have been created is by the number of Office 365 Groups created.

New governance and management features are now available to help manage retention and deletion of unused sites, create a tagging structure within Office 365 applications, and to programmatically rename Groups to append or extend the names of Groups upon creation so they are easily differentiated between AD Security Groups.  New features and functionality are being added constantly for management of the infrastructure required to roll out Groups, Teams, and Planner to members of your organization.

We continue to be excited around what Microsoft will add next and how responsive they have been to user feedback.  The rapid roll-out of new features and functionality, coupled with the ability for users to create on-demand, self-service resources, all while removing the need to assign permissions for these resources is something we should all be excited about.

If you are in IT and wanting help providing governance and security best practices, our team at Xgility can help.  If you are a departmental executive looking for training on how and when to use what, please contact us.