The Lessons of Experience
Those given the job of planning the deployment of a new technology usually like to know how other companies approach the same task. After all, no one likes to make the same mistake as other companies have, so it’s always good to find out about successful techniques for the deployment and management of technology.
At the Ignite 2018 conference, Microsoft IT described the way they manage Office 365 Groups (here’s a recording of the session). Microsoft is different from most companies: they don’t have to worry about the cost of licensing advanced features (like those which need Azure Active Directory P1 licenses) and their user community is more technically-savvy than the norm. However, there’s still value in understanding their perspective towards groups.
First, Microsoft uses a dynamic group for all full-time employees (“blue badges”) and allows members of this group to create new groups. While allowing all full-time employees to create new groups (and teams) might lead to a lot of groups that don’t get much usage, Microsoft uses an aggressive 180-day expiration policy to age out groups that no one needs.
Microsoft doesn’t use a naming policy, possibly because they never used a naming policy for distribution lists. They have custom jobs to scan for groups with no owner (important when you have an aggressive expiration policy), to ensure that groups have at least two owners, and to make sure that groups that have certain classifications are disabled for guest membership. They also use Azure Active Directory group reviews to make sure that guest members only keep access to groups for as long as they need to.
Microsoft also uses the Office 365 multi-geo capabilities for SharePoint Online and Office 365 Groups (in preview and expected to be generally available in Q1 2019) to provision the team sites according to users’ preferred data locations (the Office 365 datacenter region they are deployed in).
Documenting a management framework for Office 365 Groups within an organization is a good idea because it brings clarity to the deployment and lays out how the groups policy and other associated policies (like the Azure B2B collaboration policy and expiration policy) fit into the framework.
For more information about how to use the Azure Active Directory policy for Groups to control Office 365 Groups (and Teams) and associated policies like the Azure B2B Collaboration policy or the Groups expiration policy, read Chapter 12 of the Office 365 for IT Pros eBook. We have lots to say on this subject!