Office 365 Groups is a service for Office 365 commercial and education customers that enables teams to come together and get work done by establishing a single team identity (managed in Azure Active Directory) and a single set of permissions across Office 365 apps including Outlook, OneDrive for Business, OneNote, Skype for Business, Power BI and Dynamics CRM. Office 365 Groups will soon extend to include Office Planner, Delve and Yammer. When a user joins a group, they immediately gain access to all of the assets of the team, such as conversations, meetings and documents.
A key benefit of Office 365 Groups is that any user in your organization can create a Group and start collaborating with others within minutes. Self-service creation is great for end users, but we know IT needs to be able to easily manage groups, gain insight into their use, control their directories and ensure compliance of group data. Today we are announcing new enhancements for administering Office 365 Groups to support these needs.
Compliance and protection
- eDiscovery and litigation hold—You can now perform an eDiscovery and litigation hold on a group’s mailbox using Exchange Admin Center and on group files using the Office 365 Compliance Center. To get started, read Security and compliance for Exchange Online.
- Auditing—The Azure Management Portal now exposes group management events (creation, updates, membership changes, etc.) in the group audit report. Soon, these same events will appear in the Office 365 Compliance Center alongside other Office 365 events you’re used to tracking. This will give you a complete picture of the Groups changes in your tenant over time.
- Office 365 Groups API—Last month at Connect(), we announced general availability of the Microsoft Graph, which includes the Office 365 Groups API. Developers can now connect Office 365 Groups with line of business applications or to create industry-specific solutions. Get started here.
- Distribution list migration—We recently released sample code to demonstrate how email distribution groups can be converted to Office 365 Groups. Visit Hummingbird for more details and note this code is provided as-is.
- Naming policies for Office 365 Group names and aliases—Group naming policies allow users to self-organize, but enables control over the way that these groups appear in the corporate directory. Now a naming policy also applies to the email alias created for groups. For example, if a group naming policy would cause a group created with the name “(North America) Marketing,” the group’s email address would be “firstname.lastname@example.org.” This prevents groups from inadvertently taking valuable email addresses.
- Dynamic membership—Administrators can now create groups with rule-based memberships using the Azure Management Portal. Group membership is updated within a minute as users’ properties change. This allows easy management of larger groups or the creation of groups that always reflect the organization’s structure. Note, enabling dynamic membership for groups requires Azure AD Premium licenses.
These capabilities are starting to roll out today and are expected to be available to all Office 365 commercial and education customers by February 2016.
And that’s not all. We’re continually improving Office 365 Groups, including admin capabilities. Here’s a look at some of the enhancements we expect to roll out in the first quarter of 2016.
- Group naming and creation policy for Power BI, Planner and the Microsoft Graph—We implemented a policy in Azure AD that allows administrators to restrict group creation to certain users—the existing Exchange Mailbox policy only applies to creation in Exchange, Outlook or the Outlook Groups app. Leveraging our experience with naming policy in Exchange, we’re extending these capabilities to the base substrate for Groups in Azure AD. This way, groups created within any Office 365 app, such as Planner or OneDrive for Business, will follow the same naming policies and controls as Exchange. This ensures that creation of Office 365 Groups through all endpoints can be given to selected users and your corporate directory continues to be consistently managed.
- Group expiry—To support administrators’ desires to keep their directories clear of stale or inactive content, we’re working on a policy that would expire inactive groups over a definable period of time.
It’s worth noting that we’re delivering more administrative experiences for groups through the Azure Management Portal to ensure a consistent management experience across all current and future services that integrate with Office 365 Groups.
Compliance and protection
We’re also planning richer capabilities to keep data and users secure:
- Hidden membership—It will soon be possible to indicate that the group member list should be hidden from non-members. This is especially useful in schools where class rosters can’t be exposed to other students or faculty in the school.
- Data classification and extensible policy—We’re working on delivering a customizable classification system for groups that would allow separation of groups by policy type, such as “unclassified” or “corporate confidential.” In this manner, your groups can exhibit the policies of other content in your organization. Extensible policy allows you to implement your own policies for group creation or change.
- Mobile application management—To protect users’ data on the go, we’re working on exposing the Outlook Groups apps in Microsoft Intune as policy managed apps.
- Usage guidelines—Over the next few months, you’ll be able to customize the usage guidelines for Office 365 Groups to educate your users about best practices that help keep their groups effective and their content safe.
Last but not least, we’re planning improvements to the tools you use to manage groups—giving you greater control and visibility into how groups are being used in your organization.
- Multi-domain support—Some large organizations use separate email domains to reflect different parts of their businesses. Office 365 Groups that are created by users in one domain will share that domain (as opposed to using a common domain across the tenant). Administrators will soon have control to create groups in a specific domain of their choosing.
- General usage reporting—Over the next few months, we’ll make it possible for admins to access metrics on usage and engagement for groups in their tenant from within the Office 365 Admin Center.
- File quota management—Today, group files consume from your organization’s SharePoint shared storage quota, with team sites and groups sharing the same available capacity. We plan to deliver the ability to set quotas on groups’ underlying sites to help manage the consumption of shared storage by Office 365 Group files.
- Hybrid guidance—The goal for our hybrid support is to ensure that users with mailboxes hosted on-premises are able to participate fully in group conversations and have access to group assets like files, notes and plans that are stored in the cloud. This requires that Azure AD Connect is configured and syncing groups to your on-premises directory. Additional guidance on configuring Exchange for optimal mail flow to groups from on-premises is on the way.
Other upcoming improvements in 2016 include support for privacy type conversion on existing groups, native data leakage prevention in group communication and file experiences, and deletion recovery by enabling administrators to undelete a group and its content.
For more information about upcoming improvements to Office 365 Groups, please visit success.office.com/roadmap and see this recent presentation from Ignite Australia to learn more about Office 365 Groups. If your organization already has Office 365, start driving Office 365 Groups usage!
—Christophe Fiessinger, senior product manager for the Office 365 team, @cfiessinger