Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Office365 Groups from the Ground Up - SPTechCon San Francisco 2016


Published on

Office 365 Groups enable teams to work together by establishing a single identity in Office 365. Office 365 Groups are a new and modern solution for collaboration in Office 365. There is a lot of confusion on what Groups can do and should be used for. This session will be a deep dive into all things Office 365 Groups focusing on the technical aspects..
We will spend a large amount of this session demoing Office 365 Groups. This session will include demos of:

How to create, access, and navigate
What are the core things to do
How are they technically structured
What administration is available and how to do it
What extensibility options are there

I will also walk through the pros and cons of using Groups vs other collaboration options in Office 365. Groups are also one of the fastest changing solutions in Office 365, so this session will bring everyone up to speed on the most recent updates that Microsoft has rolled out and what innovations are next. By the end of the session you should have a better understanding of what Groups can do and if they are right for your enterprise right now or in the future!

Published in: Technology
  • Be the first to comment

Office365 Groups from the Ground Up - SPTechCon San Francisco 2016

  1. 1. Office 365 Groups From the ground up SPTechCon San Francisco 2016
  2. 2. Drew Madelung Email : Twitter : @dmadelung Website: Senior SharePoint and Office 365 consultant.
  3. 3. What are Office 365 Groups? How do I work with them? How do they work technically? How can I administer? Demos, Demos & more Demos What’s new & What’s Next? Office 365 Groups From the ground up SPTechCon San Francisco 2016
  4. 4. Collaboration is evolving… Collaboration has evolved Employees work on 2x more teams now than they did five years ago1 1 Source: 2009, 2014 US IW Survey
  5. 5. The real world of collaboration Reference
  6. 6. Office 365 Groups
  7. 7. Office 365 Designed for the unique workstyle of every group SharePoint Teams Office 365 ProPlus Yammer Outlook Skype Intranets, Team Sites & Apps Chat-based Workspace Co-Authoring Content Enterprise Social Mail & Calendar Voice, Video & Meetings Complete Collaboration Solution Office 365 addresses the breadth of collaboration needs across your company Integrated Experiences Office 365 Groups and Graph enable integrated experiences that facilitate effective collaboration Security and Compliance Office 365 delivers the security, compliance and manageability required in today’s workplace Office 365 Groups
  9. 9. Azure Active Directory Apps Office 365 Groups building blocks
  10. 10. All new Team Sites will get an Office 365 Group and all new Office 365 Groups will get a Team Site. Groups & SharePoint “Groups, Graph, and Governance” – Jeff Teper Existing Office 365 Groups will get a full SharePoint Team Site.
  11. 11. Projects Popular Group Scenarios Organization Interest
  12. 12. How do I access Office 365 Groups?
  13. 13. Groups in Outlook on the web Fully immersive experience accessible via the left navigation. Inner group navigation available once in a group.
  14. 14. Groups through OneDrive (SharePoint!) Can be accessed through OneDrive and redirects to a document library in a SharePoint site.
  15. 15. SharePoint, SharePoint, SharePoint The SharePoint tile takes you to a list of Sites which includes your Group sites.
  16. 16. I found a SharePoint site A full SharePoint team site is connected to the Group.
  17. 17. Groups in Outlook 2016 Participate in conversations, schedule meetings, share files & notes and even initiate a Skype for Business voice and video call for urgent real-time decisions.
  18. 18. Office 365 Planner Create new plans, organize & assign tasks, share files, talk about what you’re working on, and get updates on progress. Integrated with Office 365 Groups, so all of the conversations in Planner are available in Outlook 2016, Outlook on the web and the Outlook Groups mobile app.
  19. 19. Power BI Create a workspace to collaborate with your team. Leverage the Groups collaboration & communication capabilities to create and review insights.
  20. 20. Dynamics CRM Create Office 365 Groups for opportunities, cases, accounts and all other entities. . Groups experiences are surfaced in- context within CRM
  21. 21. Outlook Groups app Available on iOS, Android & Windows Phone. Continue conversations, view files, @mention colleagues and even discover other relevant groups.
  22. 22. Demo!
  23. 23. Office 365 Groups things to know Eligible to use the NGSC for sync as of Sept release Anyone can create a group and available in the Global Address List by default A group can’t have more than 10 owners and a user can’t create more than 250 groups Currently not supported in Outlook 2016 on the Mac Groups with more than 1000 members are supported but will decrease performance When a group owner leaves, all content is saved but new admin must be set at high level Office 365 Groups can be used as security groups in SharePoint (but not O365 Video) Group site collections exist under “/sites” managed path but cannot be seen via SP Admin Center
  24. 24. Joining vs Subscribing On creation, the option is available to subscribe all new members automatically • Joined = only appear in group mailbox • Subscribed = receives in private inbox and group
  25. 25. Group email options
  26. 26. What’s behind the scenes
  27. 27. Office 365 plans that include Groups Any O365 plan that includes Exchange and SharePoint • Enterprise E1-E5 • Academic A2-A4 • Government G1-G4 • Business Essentials • Business Premium • Enterprise K1 (kiosk) *Exchange-only license can only access Inbox & Calendar
  28. 28. One group system across Office 365 One identity Federated resources Loose coupling SharePoint Documents OneNote Additional workloads Workload scenarios Exchange Conversations Calendar Identity Resource URLs Owners Members AAD
  29. 29. Office 365 Admin Center Management Options – User Interface Office 365 Admin App Azure AD Admin Portal Exchange Admin Console Outlook Groups App Clients – (Outlook, Planner, PowerBI)
  30. 30. Demo!
  31. 31. Management Options – Scripting Powershell Manipulating groups Manipulating group membership Owners | Members | Subscribers $creds = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri ` -Credential $creds -Authentication Basic -AllowRedirection Import-PSSession $Session Establish a remote session to Exchange Online
  32. 32. Useful Scripts for Groups to Get Started Create group New-UnifiedGroup –DisplayName “Legal” –Alias “Legal” –EmailAddresses Rename group Set-UnifiedGroup -Identity “Legal” -Alias “Legal” -DisplayName “New Legal” -PrimarySmtpAddress View all subscribers, members or owners for a group Get-UnifiedGroupLinks -Identity “Legal” -LinkType Subscribers Show detailed info for all groups Get-UnifiedGroup | select Id,Alias, AccessType, Language,Notes, PrimarySmtpAddress, ` HiddenFromAddressListsEnabled, WhenCreated, WhenChanged, ` @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; ` Label='Members'}, ` @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count }; ` Label='Owners'} | Format-Table Alias, Members, Owners
  33. 33. Managing Group Creation The old way but still can be used for OWA and Outlook 2016 Use an OWA Mailbox Policy to disable group creation for ALL users or a SUBSET of users  This does NOT disable group creation EXCEPT when trying to create through Outlook/Exchange  Creating groups in other clients/admin areas (PowerBI, Planner, etc…) would NOT disable Set-OwaMailboxPolicy -Identity test.comOwaMailboxPolicy-Default -GroupCreationEnabled $false
  34. 34. Managing Group Creation through Azure AD The new way uses Azure AD  No longer dependency on Exchange so it passes throughout Office 365  If OWA policy exists and AAD policy is enabled, OWA policy will be ignored  You can do 2 things:  Disable the default ability of everyone to create a new Office 365 Group  Point to an AAD group (Office 365 Group or Distribution Group) that contains a list of people who are allowed to create groups  This group cannot have a group in it, must be individual users  Users with higher tenant roles already have access (company admin, mailbox admin, etc…)  Prerequisites  Azure AD Version or later (currently preview)
  35. 35. Managing Group Creation through Azure AD Steps to setup 1. Retrieve the Object ID for the group that contains the authorized users  Use Azure AD portal to get Object ID  Get-MsolGroup cmdlet to discover GUID via PowerShell 2. Use PowerShell to update the Azure AD policy  Pass the GUID of your authorized user group to GroupCreationAllowedGroupId Connect-MsolService $template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”} $setting = $template.CreateSettingsObject() $setting[“EnableGroupCreation”] = “false” $setting[“GroupCreationAllowedGroupId”] = “7edd1d0b-557d-43e6-b583-4f3e0198c167” New-MsolSettings –SettingsObject $setting 3. Confirm using PowerShell and test creating a group Get-MsolAllSettings | ForEach Values
  36. 36. Group Guest Access You can now grant external users access to Office 365 Groups  Does not comply with tenant blacklist/whitelist  Enabled by default  Overall Group guest access is managed at the tenant level  Guests cannot view IRM protected files  Guests needs to access via browser  Guests cannot:  Be an owner  View the GAL  View Group members or contact cards  Access Planner  Be blocked by specific user Feature Guest user allowed? Create a group No Add/remove group members No Delete a group No Join a group Yes, by invitation Start a conversation Yes Reply to a conversation Yes Search for a conversation Yes @mention a person in the group No Pin/Favorite a group No Delete a conversation Yes "Like" messages No Manage meetings No View group calendar No Modify calendar events No Add a group calendar to a personal calendar No View and edit group files Yes, if enabled by tenant admin Access the group OneNote notebook Yes, via link from group member Browse groups No
  37. 37. Group Guest Access Group owners can invite external people to be guest users Group members can request an invitation for an external person
  38. 38. Group Guest Access Admin Controls Guest addition to organization • Allow invitation to guests users in the organization • Office 365 Portal – Settings & Privacy > Sharing Guest addition to groups • Allow adding of guests to any group within the organization. • Office 365 Portal – Services & Add-Ins > Office 365 groups • Allow adding of guests to a specific group in the organization (only available in Power Shell) Guest access to group resources • Allow guests to access to any Office 365 group resources • Office 365 Portal – Services & Add-Ins > Office 365 groups
  39. 39. Group Guest Access Powershell Steps to block for tenant 1. Ensure that sharing is allowed in the SharePoint Admin Center / O365 Admin Center 2. Use PowerShell to update the Azure AD policy (if settings object exists) $template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”} $settings = Get-MsolSettings -SettingId $settings.ObjectId $Value = $GroupSettings.GetSettingsValue() $Value["AllowToAddGuests"] = "False" $Value["AllowGuestsToAccessGroups"] = "True" Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $Value 3. Set AllowGuestsToAccessGroups to False to instantly disable all external users from accessing groups
  40. 40. Group Guest Access Powershell Steps to block external access for a specific group 1. Ensure that sharing is allowed in the SharePoint Admin Center / O365 Admin Center 2. Use PowerShell to update the Azure AD policy for the group (if no group settings exist) $group = Get-MsolGroup -All | Where-Object {$_.DisplayName -eq “GROUP DISPLAY NAME”} $groupsettings = Get-MsolAllSettings -TargetObjectId $group.ObjectId $template = Get-MsolSettingTemplate -TemplateId 08d542b9-071f-4e16-94b0-74abb372e3d9 $setting = $template.CreateSettingsObject() $settingsnew = New-MsolSettings -SettingsObject $setting -TargetObjectId $group.ObjectId $settings = Get-MsolAllSettings -TargetObjectId $group.ObjectId $value = $GroupSettings.GetSettingsValue() $value["AllowToAddGuests"] = "False" Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $value -TargetObjectId $group.ObjectId 3. Run a check to see if it worked (Get-MsolAllSettings -TargetObjectId $group.ObjectId).GetSettingsValue() | foreach values
  41. 41. Configuring multi-domain support Example  Main domain is  Default accepted domain is (where groups get created by default)  You have a sub-domain called and Configured with Exchange Address Policy (EAP) via Exchange Powershell Option 1: All Office 365 Groups built under domain New-EmailAddressPolicy -Name Groups -IncludeUnifiedGroupRecipients ` -EnabledEmailAddressTemplates "" -Priority 1
  42. 42. Configuring multi-domain support - Continued Option 2: Control what sub-domains Office 365 groups are created in by attribute  Set users which have their Department attribute set to Students to create groups by default in the domain New-EmailAddressPolicy -Name StudentsGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates ` "” ManagedByFilter {Department -eq 'Students'} -Priority 1  All other users will create groups in the domain New-EmailAddressPolicy -Name OtherGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates ` "” -Priority 2  Only admins can perform this  Use the –RecipientFilter for available properties to filter on (company, city, office, etc…)  If you remove domain you need to update EAPs  Max limit of 100 EAPs per organization
  43. 43. What about governance?
  44. 44. Security and Compliance eDiscovery through Exchange and SharePoint Data loss prevention Preservation policies Audit log and Content search
  45. 45. Management tidbits  Establish governance plan for groups  Establish AAD group creation policies  Monitor SharePoint Online Storage to ensure group sites not overtaking total storage  Establish a process to have groups admin support easily available for users  Run reports to try to track groups sprawl  Use UsageGuidelinesUrl and ClassificationList  Migrate multiple distribution lists to Office 365 groups – Link – (also via GUI)
  46. 46. A few technical options Remove groups email from GAL (global address list) Accept/Reject certain users from sending emails to groups Set-UnifiedGroup –Identity $groupAlias –HiddenFromAddressListsEnabled $true $groupAlias = “TestGAL” –RejectMessagesFromSendersOrMembers or -AcceptMessagesOnlyFromSendersOrMembers Set-UnifiedGroup –Identity $groupAlias –RejectMesssagesFromSendersOrMembers $groupAlias = “TestHide” Hide group members unless you are a member of the private group $groupAlias = “TestSend” Set-unifiedgroup –Identity $groupAlias –HiddenGroupMembershipEnabled:$true
  47. 47. Demo!
  48. 48.  External access  Groups SharePoint sites expanding  Group classification  Group usage guidelines URL  Groups iPad app  Privacy type conversion  Dynamic membership (requires Azure AD premium)  eDiscovery and Litigation available  Ability to change privacy type of created Group  Azure AD creation restriction  Upgrade a DL to a Group via GUI  Groups usage reporting As of 12/5/2016 What’s new in Office 365 Groups
  49. 49. What’s upcoming? Launched Rolling out As of 12/5/2016 In Development
  50. 50. • xxxx Help Contribute & Stay Informed! O365 Groups UserVoice Microsoft Tech Community Office 365 Roadmap Office Blogs Office 365 Admin Center – Message Center Office 365 for IT Pros
  51. 51. Questions? Email: Twitter: @dmadelung Website: Scripts: Slides:
  52. 52. Office 365 Groups From the ground up SPTechCon San Francisco 2016