Office 365 Groups for Administrators

In a nutshell, an Office 365 Group is a collaboration accelerator. It is similar to a traditional email distribution group, since all members see messages sent to the group. However,  an Office 365 Group supports additional collaboration through access to other parts of the Office 365 service, including dedicated:

How can I manage Office 365 Groups?

By default, Office 365 Groups are designed to be self-service, with the advantage that users are able to join and create groups as they wish. This can be a benefit to IT teams, reducing the time spent on group management, and freeing them up to pursue other projects for the organization. However, you may wish to restrict staff from creating new Office 365 Groups, and only grant group creation privileges to particular employees. Using that approach would give end users less flexibility, but may lead to a more coherent and practical set of groups for everyone to use.

PowerShell commands are used to control the permission to create groups, as the option is not available in the Office 365 Admin Portal. Every mailbox in Office 365 has an OWA Mailbox Policy applied to it, and you edit this policy to control creation of Office 365 Groups.

For example, you could block group creation for mailboxes in the default OWA Mailbox policy, and then create a second OWA Mailbox policy which does allow group creation. The PowerShell commands would have the following structure:

Furthermore, Global Administrators in Office 365 maintain management ability over all Office 365 Groups. Using the Admin Portal, they can edit group membership and also control which members can administer the group.

How are they different?

If you are a member of a private or public Office 365 Group, you are free to leave the group at any time. This is different from traditional Exchange Online distribution groups, where the administrator of the group can control who can leave the group. Also, unlike traditional security and distribution groups, Office 365 Groups cannot be a member of another group. 

What are the storage limits?

Each Office 365 Group has its own file storage area that resembles a OneDrive. That storage location is actually a SharePoint document library in your Office 365 tenancy, that has been designed to look like OneDrive. From a storage perspective, files stored in Office 365 Groups count against your SharePoint storage quota. From a user’s perspective this could be confusing, especially since they can access the groups file storage areas from their own OneDrive page – as shown in the following image:

What about privacy?

There are two types of Office 365 Group, public and private.  Once created, you cannot change between the two types. New groups are public by default, meaning anyone in the organization can potentially see their contents. If you create a private group, then group files are only accessible by members. The creator/administrator of the group decides who will be granted membership in the group.

All members of an Office 365 Group see all the files in the group’s storage area. Also, any member of the group can share group files with others within your organization who are not members of the group – even if it is a private group. People outside your organization cannot email the group by default, but you can change this in the properties of the group after it’s been created.

What are the next steps?

First, review the options and determine how your organization wants to make use of Office 365 Groups. Then apply the appropriate policy settings described above to implement your decision. You could also consider migrating your traditional email distribution groups across to Office 365 Groups. The ability for new members of the group to see earlier messages sent to the group can be a real bonus, even if you don’t need the shared calendar and file storage. In a forthcoming post, we will take a look at how users can join, create and manage  Office 365 Groups by themselves.