Teams Expands Coverage for Group Policy Assignment

Teams Group Policy Assignment Possible for Many More Policy Types, But Only Using PowerShell for Now

Microsoft published two recent message center posts (MC557818 on May 19, and MC557241 on May 18) that seem to cover much the same ground. In a nutshell, tenants that use Teams group policy assignments to set policies based on group membership rather than individual assignments on a per-account basis now have access to a wider set of policies. The caveat is that you must create and manage group assignments for many policies using the Teams PowerShell module (currently at version 5.2).

Support in PowerShell is available now. Given usual practice, it shouldn’t be too long before Microsoft updates the Teams admin center to accommodate the new functionality.

Teams Group Policy Assignments

The Teams admin center supports group assignments for popular policies like the calling policy, call park policy, teams policy, live events policy, meeting policy, and messaging policy. You know when the Teams admin center supports group-based assignment if you see a tab for this purpose when working with a policy. Figure 1 shows that four group assignments are active for messaging policies.

Teams group policy assignment tab available for messaging policies
Figure 1: Teams group policy assignment tab available for messaging policies

To process group-based assignments, Teams uses a background process to find the members of the target group and make the assignments. During this process, Teams follows rules to ensure that directly-assigned policies take precedence over group assignments and that group assignments with higher priority have precedence over those with lower priority. Assignments are not immediate and can take up to 24 hours to become effective.

Teams Policies Now Supported for Group Assignment

What’s changing is that Microsoft has introduced support for group-based assignments for many policies in areas like Teams Phone, Teams Premium, and Teams support for VDI,:

  • Application Access Policy.
  • Call Hold Policy.
  • Carrier Emergency Call Routing Policy.
  • Cortana Policy.
  • Dial Out Policy.
  • Education Assignments App Policy.
  • Emergency Calling Policy.
  • Enhanced Encryption Policy.
  • Events Policy.
  • External Access Policy.
  • Feedback Policy.
  • Files Policy.
  • IPPhone Policy.
  • Media Logging Policy.
  • Meeting Branding Policy.
  • Meeting Template Permission Policy.
  • Mobility Policy.
  • Notification And Feeds Policy.
  • Room Video Tele Conferencing Policy.
  • Synthetic Automated Call Policy.
  • Teams Branch Survivability Policy.
  • Template Permission Policy.
  • VDI Policy.
  • Video Interop Service Policy.
  • Voice Routing Policy.
  • Voicemail Policy.

You can only assign these policies to groups using PowerShell. For example, this command uses the Get-MgGroup cmdlet to retrieve the group identifier for a Microsoft 365 group and uses the identifier as the target to perform a group assignment for a Teams events policy. Giving the assignment a rank of 1 means that Teams will treat this as the most important assignment and will use it unless a direct policy assignment exists for a user:

$GroupId = (Get-MgGroup -Filter "displayName eq 'All tenant member user accounts'").Id
New-CsGroupPolicyAssignment -GroupId $GroupId -PolicyType TeamsEventsPolicy -PolicyName "Webinar Organizers" -Rank 1

Policy assignments based on group membership (Microsoft 365 groups, dynamic Azure AD groups, security groups, and distribution lists) is a good idea for large tenants where clearly defined sets of user accounts share the same policy needs. It rapidly becomes boring to edit multiple accounts to make policies assignments, so if you can use a group for assignments, it’s a good idea.

Introducing Dark Mode in Teams Admin Center

When I refreshed my knowledge of how the Teams admin center deals with group-based assignments, I noted the appearance of dark mode support for the console (announced in MC567496, 2 Jun 2023). I’m not a great fan of dark mode except on mobile devices but recognize that many appreciate having the option.

If you choose to go with dark mode, make sure that any customizations applied to the tenant Microsoft 365 theme show up nicely. In my case, they didn’t, as obvious from Figure 2.

Teams admin center in dark mode
Figure 2: Teams admin center in dark mode

Microsoft can’t account for the color choices made by tenants when they customize their themes, so they can’t be blamed. This time!

Stay updated with developments across the Microsoft 365 ecosystem by subscribing to the Office 365 for IT Pros eBook. We do the research to make sure that our readers understand the technology.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.