1 / 38

The keys to Office 365 Groups management

Gain insights on managing & governing Office 365 Groups at scale, from creation to expiration policies. Implement controlled creation workflows for secure collaboration. Explore Azure functions, naming policies, guest access, and more.

wendyd
Download Presentation

The keys to Office 365 Groups management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The keys to Office 365 Groups management Martina Grom Office 365 MVP, Microsoft RD, atwork @magrom | mg@atwork.at Christophe Fiessinger Principal PM Manager @cfiessinger | chrisfie@microsoft.com

  2. Agenda – Keys to Office 365 Groups Management Office 365 Groups and SharePoint, Teams, Yammer 1 2 3 How do I get started with groups? How do I keep groups safe & apply governance?

  3. How do I get started with Office 365 Groups?

  4. 1 Microsoft 365 A complete, intelligent, secure solution to empower employees Office 365 · Windows 10 · Enterprise Mobility + Security Unlocks creativity Built for teamwork Intelligent security Integrated for simplicity

  5. Microsoft 365: Universal Toolkit for Teamwork Office Apps Yammer Outlook SharePoint Teams Hub for Teamwork Email & Calendar Connect Across the Organization Co-Author Intranets & Content Management Security and Compliance Centralized policy management Office 365 Groups Single team membership across apps and services Microsoft Graph Suite-wide intelligence connecting people and content

  6. How are organizations managing groups successfully? • COMMON • Processes in place • Reporting & monitoring • Change management • OPEN • Everyone can create groups (default). • Using all teamwork apps to meet their diverse needs. • Consistent classification and policy enforcement. • CONTROLLED • Creation is limited to certain business units/users. • Progressively expand self-service during O365 apps onboarding. • Guide users to collaboration choices.

  7. Can I bring self-service to users and keep control and governance for Groups?

  8. Workflow for controlled Groups creation 3. Flow is triggered and sends approval email 4. Manager accepts or rejects the request 1. User enters group name in PowerApps 2. Data is sent to SPO list 7. Azure function creates the group + owner 8. Flow sends email to sender 6. Accept: Azure function starts 5. Reject:Sender gets a denied email • Solution: Provisioning an Office 365 group with an approval flow and Azure functions-part 1 | Part 2 | Part 3

  9. Demo

  10. How do I manage Groups at scale?How do I keep groups safe and apply governance?

  11. Managing and governing Office 365 groups at scale Creation permissions Naming policy Expiration policy Soft delete and restore Guest access Reporting Policies and information protection Azure AD access reviews Upgrade DLs to groups in Outlook

  12. Group expiration policy Benefits Expire groups older than a specific period Group owners get notified to take renewal action on the group Can set expiration policy to specific groups Expired groups can be restored within 30 days Guidance Pilot with specific groups initially Choose inactive groups based on the activity report in Office Admin center Communicate renewal process to group owners Onboard your helpdesk team Ensure groups have multiple owners & configure email for orphaned groups • Documentation: Office 365 Group Expiration Policy | Configure Office 365 groups expiration

  13. Group soft delete and restore Benefits Deleted groups and their respective app content are kept for a maximum of 30 days Restore the deleted group and its content via Exchange admin center or PowerShell Hard delete a group and its content ahead of the 30 days retention period Guidance Communicate the restore process to your users Train your helpdesk team Track upcoming groups that will be deleted using PowerShell scripts • Documentation: Restore a deleted Office 365 Group

  14. Demo

  15. Group naming policy Benefits Applies to all apps Ensure group names follow your organization schema Use fixed strings or Active Directory attributes as prefixes and/or suffixes Define custom blocked words Guidance Use short strings as suffix Use attributes with values Don’t be too creative, total name length has a maximum of 264 characters • Documentation: Office 365 Groups Naming Policy

  16. Policies for Guest Access - Best Practices User managed • Guest inviter role - Setup a policy so that users with this role can only invite guest • This can be set using user AD properties such - Title, Job Description Domain managed • Admins can create an allow/deny list of external partner domains that are allowed to be added as guests. IT-Managed • Guest approved by IT admin can be approved and added to groups.. • Add guests through B2B portal and turn off sharing for tenant Reach IT approved list of domains Guests Only IT admin User Guests Guests Title = Manager

  17. Group guest access Benefits Enables safe teamwork outside the firewall Works with any email addresses Based on common Azure B2B platform • Documentation: • Guest access in Office 365 groups • Guest access in Office 365 groups – Admin Help • Azure AD access reviews • Azure Active Directory Terms of Use feature • Guest inviter role Guidance Enable guest access! Govern using allow/block guest domains, guest inviter role, access reviews, terms of use Track guest user activity via audit logs

  18. Group policies & information protection Benefits Usage guidelines informs users about organization policies Classification enables policy enforcement Retention policies helps comply with industry regulations and internal policies Labels helps you classify data across your organization Guidance Configure classification, usage guidelines, labels aligned with your org needs Retention policies can be defined independently of labels Audit groups activities: creation, deletion, etc. Control group privacy and guest access based on classification • Documentation: Group settings | Overview of retention policies | Overview of labels | Search the audit log

  19. Demo

  20. Office 365 Groups and SharePoint, Teams, Yammer

  21. Connect existing SharePoint team sites to new Office 365 Groups With the Connect to new Office 365 group feature, you can augment your team site collaboration capabilities with the benefits of other group services such as Outlook, Planner, and Microsoft Teams. This keeps your site, its content, permissions, and customizations intact and eliminates the need to migrate content to a new group-backed site. See Overview of the "Connect to new Office 365 group" feature

  22. Other recent SharePoint and O365 Groups updates SharePoint site design and site script overview New SharePoint admin center SharePoint & Exchange Multi-Geo support Groups in Outlook and Group-connected team sites are now private-by-default Increase in SharePoint Online storage allocation Tenant Admin Tools to connect existing SharePoint team sites to Office 365 Groups

  23. Proper Setup of Yammer Network Consolidate all Yammer networks into one Yammer identity management Clean up your Yammer identities Setup Office 365 as main Identity provider for Yammer Allow only licensed users to access Yammer Enable Group creation through Yammer For Team collaboration out of Yammer and Integration with Groups (Big) Advantage! File and search through SharePoint Online Groups and Yammer - Best Practices Documentation Yammer and Office 365 Groups

  24. Link an existing private group to a Microsoft Team If Office 365 Group is private you can open it up from Teams Use main Planner Site for Group planning (General Tab) Sub-plans in Teams are visible in Main Group Planner Site Groups and Teams - Best Practices Documentation Office 365 groups and Microsoft Teams | Admin training for Microsoft Teams | Access Plans from Microsoft Teams in Planner apps

  25. Demo

  26. Summary

  27. Useful resources Documentation aka.ms/O365g Join the conversation: Groups aka.ms/O365ng - SharePoint https://sharepoint.com/community Provide feedback: Groups aka.ms/O365uv - SharePoint http://sharepoint.uservoice.com Adoption with FastTrack fasttrack.microsoft.com/office Roadmap http://fasttrack.microsoft.com/roadmap SharePoint resources https://sharepoint.com/resources Manage Office 365 Groups with PowerShell Overview of Office 365 groups in Microsoft Graph Licensing requirements Office 365 Groups at Microsoft Ignite 2017 Groups in Outlook recap from Microsoft Ignite 2017

  28. Session takeaways and actions 1 • Learn about Office 365 groups best practices 2 • Enable self-service with governance & drive usage with FastTrack resources 3 Find all resources in a multi-part series at blog.atwork.at

  29. Questions? Meet us at and after 2pm at the Office 365 Groups booth at the expo!

  30. Appendix

  31. Useful Groups PowerShell cmdlets 1/6 ## List all groups in descending order Get-UnifiedGroup|SelectId,DisplayName,ManagedBy,Alias,AccessType,WhenCreated, @{Expression={([array](Get-UnifiedGroupLinks-Identity$_.Id -LinkTypeMembers)).Count }; Label='Members'} |Sort-Objectwhencreated|Format-Tabledisplayname,alias,managedby,Members,accesstype,whencreated ## List all private groups Get-UnifiedGroup|Where-Object {$_.AccessType -eq'Private'} |Sort-Objectwhencreated|Format-Tabledisplayname,alias,managedby,accesstype,whencreated ## List deleted group in descending order Get-AzureADMSDeletedGroup|Sort-ObjectDeletedDateTime-Descending|Format-TableId,DisplayName,Description,Visibility,DeletedDateTime ## List orphan groups $Groups=Get-UnifiedGroup|Where-Object {([array](Get-UnifiedGroupLinks-Identity$_.Id -LinkTypeOwners)).Count -eq0} ` |SelectId,DisplayName,ManagedBy,WhenCreated ForEach ($Gin$Groups) { Write-Host"Warning! The following group has no owner:"$G.DisplayName }

  32. Useful Groups PowerShell cmdlets 2/6 ## Update group site quotas # Variables: # Cut off date in days # Storage quota in MB # Storage quota warning level in MB #................................... $cutoffdate= ((Get-Date).AddDays(-20)) $quota=500 $warning=400 # Retrieve recently created groups $Groups=Get-UnifiedGroup|Where-Object {$_.WhenCreated-ge$cutoffdate} |Sort-Objectwhencreated|SelectDisplayName,WhenCreated,SharePointSiteUrl # For each new group update quota accordinly if a team site exists. ForEach ($Gin$Groups) { try { Set-SPOSite–Identity ($G.SharePointSiteUrl) -StorageQuota$quota-StorageQuotaWarningLevel$warning Write-Host"The following site quota was updated:"$G.SharePointSiteUrl } catch { Write-Host"The following Groups does have a site:"$G.DisplayName } }

  33. Useful Groups PowerShell cmdlets 3/6 ## Set classifications for all groups $Groups=Get-UnifiedGroup|Where-Object {$_.Classification -Eq$Null} |SelectDisplayName,Classification ForEach ($Gin$Groups) { If ($G.Classification-Eq$Null) { Write-Host$G.DisplayName Set-UnifiedGroup-Identity$G.DisplayName-Classification"Low" } } #................................... # Variables: # Cut off date in days # Classification #................................... $cutoffdate= ((Get-Date).AddDays(-10)) $classification="High" # Retrieve recently created groups with accesstype set to PUBLIC $Groups=Get-UnifiedGroup|Where-Object { $_.WhenCreated-ge$cutoffdate-and$_.AccessType-eq'Public'-and$_.Classification -eq$classification } ` |Sort-Objectwhencreated|SelectDisplayName,WhenCreated,AccessType,Classification,ManagedBy # For each new group update set accesstype to PRIVATE ForEach ($Gin$Groups) { Set-UnifiedGroup-Identity$G.DisplayName-AccessType'Private' Write-Host"The following Group privacy setting was updated:"$G.DisplayName }

  34. Useful Groups PowerShell cmdlets 4/6 ## Update privacy based on classification #................................... # Variables: # Cut off date in days # Classification #................................... $cutoffdate= ((Get-Date).AddDays(-10)) $classification="High" # Retrieve recently created groups with accesstype set to PUBLIC $Groups=Get-UnifiedGroup|Where-Object { $_.WhenCreated-ge$cutoffdate-and$_.AccessType-eq'Public'-and$_.Classification -eq$classification } ` |Sort-Objectwhencreated|SelectDisplayName,WhenCreated,AccessType,Classification,ManagedBy # For each new group update set accesstype to PRIVATE ForEach ($Gin$Groups) { Set-UnifiedGroup-Identity$G.DisplayName-AccessType'Private' Write-Host"The following Group privacy setting was updated:"$G.DisplayName }

  35. Useful Groups PowerShell cmdlets 5/6 Get-UnifiedGroup|selectDisplayName,Recipient*,@{n="Size";e={(Get-MailboxStatistics$_.Identity).TotalItemSize}} https://www.petri.com/identifying-obsolete-office-365-groups-powershell

  36. Useful Groups PowerShell cmdlets 6/6 Set-SPOSiteOffice365Group -Site https://<yourtenantname>.sharepoint.com/sites/demo1 -DisplayName "Demo1" -Alias "Demo1" -Classification "Medium"

More Related