Welcome back to part 3 of the Core Components of Microsoft Teams series! This time we’ll discuss all things Office 365 groups including how Teams leverages Office 365 groups. With that said let’s get this show started!
In a nutshell, Office 365 Groups is a membership service that gets broken down into 3 steps:
- A user creates a new Office 365 Group for collaboration and in turn they utilize several different applications (Outlook, Teams, Yammer, SharePoint, and Groups itself).
- As the user creates the new group a group identity is created within Azure Active Directory to represent that particular collection of users. This group consists of identity, resource URL’s, owners, and members.
- Lastly, the group experience will then be populated in the application of choice for that end user.
Groups provide a singular identity in Azure Active Directory which is the master for the group identity and membership across the Office 365 services that will leverage that particular underlying Group (SharePoint, Exchange, etc.). You also have the ability to extend your services to federated resources. A good example of this would be Group messaging, SharePoint Team Site, OneNote, and Planner. The Group(s) themselves provide something called ‘loose coupling’ where the services will notify each other of changes relative to the group. A good example of this is when there is a group creation, deletion, or update.
Office 365 Group Provisioning
Let’s say you’re ready to proceed with provisioning an Office 365 Group. Well, lucky for you anyone has the ability to create a new Office 365 Group by default. However, if this needs to be regulated there is the ability for administrators to control who can create Office 365 Groups. There are a number of applications where you can create this new Office 365 Group, such as:
- Outlook 2016, OWA, or the Outlook Groups app
- PowerShell (New-UnifiedGroup)
- SharePoint Online (when creating a new team site)
- Microsoft Teams (when creating a new team)
- Planner, Power BI, StaffHub, and Stream integrations
So now that your Group has been created, what next? Well upon the creation of your Group, you will have the following resources at your disposal:
- Shared Inbox
- Shared Calendar
- SharePoint Document Library
- Shared OneNote Notebook
- SharePoint Team Site
- Yammer Group
Whenever a user is added to that particular Group, they automictically inherit the ability to use those resources that your Group provides. So, depending on the application that is being used that will determine the set of resources that become available when the group is created. A good example of this would be if you used Yammer to create a new modern group you would then get access to the SharePoint Document Library, Shared OneNote Notebook, SharePoint Team Site, and the Yammer Group.
Office 365 Group Roles
Upon the creation of an Office 365 Group there are different roles that can be assigned: Owners, Members, or Guests.
- Owners – Person who creates the group and acts as the moderator
- Ability to add/remove members from the Group
- Ability to delete conversations from the shared inbox, change group settings, rename the group, etc.
- Members – Regular users in the organization that use the group to collaborate
- Can access everything in the group, but cannot change group settings
- As users are added as members to the Group, they are added as site members for the corresponding SharePoint site
- Guests – Similar to members in the sense that they have access to items in another Group but only covers users outside of your organization
- Administrators have the ability to control if Guests are permitted into that Group
Office 365 Group Privacy Levels
Privacy is a huge aspect of Office 365 Groups and rightfully so. Office 365 Groups breaks down privacy levels into 2 different categories:
- Public: The group content can be seen by anyone in your organization.
- Private: The group content can only be seen by the members of the group. People who want to join the private group will need to be approved by the owner of that group to gain access.
Note: Neither public nor private groups can be access by people outside of the organization unless thy have specifically been invited as a Guest.
Where does Microsoft Teams come into play?
When utilizing Microsoft Teams and a new team is created inside the application, an underlying modern group will be created inside of Office 365. When the modern Group is created its is automatically provisioned with the following items:
- Shared Mailbox (Hidden)
- Shared Calendar (Hidden)
- SharePoint Document Library
- Shared OneNote Notebook
- SharePoint Team site
- Persistent chat-based work space
In order to maintain membership of this newly created group, the membership will be synced between the underlying Group and Microsoft Teams. Anytime a new member is added to that underlying group will result in replication to Teams. Likewise, if you added a new member within Teams this would replicate to the underlying modern group membership. In addition, you have the ability to add a distribution list to the team which will perform a one-time expansion and invite those individual members. Lastly, Microsoft recently announced support for dynamic memberships which basically allows you to create a dynamic group inside of AAD and that dynamic group will be attached to the team and the membership of the team will then be driven based upon the rules established for dynamic membership for that underlying group. For more information on dynamic membership, I encourage you to check out the Microsoft article here.
How does Teams leverage Groups?
The last piece we’ll be discussing today is how exactly Teams will leverage Office 365 Groups. As mentioned earlier, Microsoft Teams uses group memberships as the ACL (access control list) to Files and Notes tabs. The “Files” tab is basically the connection path to SharePoint which is provisioned when the team is initially created. In addition, owners of any exisiting Groups that have been created prior to the implementation of Microsoft Teams can add the Teams functionality to the underlying Office 365 group. Lastly, team creation settings for Microsoft Teams are controlled within the admin portal where group creation settings are controlled.
Considerations for Planning Microsoft Teams and Office 365 Groups
As a wise man (Benjamin Franklin) once said, “By failing to prepare, you are preparing to fail”. This should really hit home for anyone preparing Microsoft Teams in your organization. When planning for Teams some of the things you should consider include:
- Teams will be leveraging settings from the underlying Group
- Memberships
- Naming Policies – Ability to determine how to follow the naming structure for Groups (Need AAD P1 license for each unique user that is a member of the groups)
- Group Expiration – Ability to put time box on how long a group can live (Need AAD P1 license for all users that are members of groups to which the expiration policy is applied)
- Administration of Groups
- Admin center (basic management)
- Azure AD Portal (advanced management)
- PowerShell (naming policies)
Provided that you have covered all of these considerations above, then it is safe to say you are well on your way to properly planning and deploying Teams in your organization. This concludes part 3 of the “Core Components of Microsoft Teams” blog series. I hope you have found this helpful, and I encourage you to check back soon when we’ll be covering SharePoint Online and OneDrive for Business in Microsoft Teams.