A new Graph API and the Teams AadSync process improve how Teams synchronizes group membership information with Azure AD. The older background sync process was tied to the Teams client and didn’t work so well in practice, especially when scaled up. Things look good for the new mechanism.
Microsoft is changing the default setting for guest access to Teams from Off to On. This won’t affect tenants already using Teams, but it’s a good opportunity to review how guest access is used in tenants and consider whether existing guest accounts are needed or can be removed. This post offers some ideas about using policies to control guests and how to check what these accounts are used for.
Among some interesting statistics offered at the Ignite 2020 conference, we learned that 79% of Microsoft 365 groups successfully auto-renewed because of their activity. That leaves 21% of groups which didn’t meet the bar to be automatically renewed. Only groups within the scope of an expiration policy are included, but even so millions of groups weren’t renewed. Is that a problem?
Outlook for Windows has supported Microsoft 365 Groups since 2015. The developers chose a seen/unseen model for Groups, but now Outlook has switched to a read/unread model, meaning that the unread counts for Groups can suddenly seem much higher than before. It’s a one-time change that aligns Outlook desktop with OWA and Outlook Mobile and there’s an easy way to set all unread items to be read. But you might want to tell people that this change is coming!
The Groups section of the Microsoft 365 admin center has been overhauled recently and several useful changes were made. Restore deleted groups is the headline act, but the other updates also deliver value. Collectively, they make Groups easier to manage.
You can apply an Office 365 Sensitivity Label to control different aspects of Groups, Teams, and Sites. One of the settings controls whether guest users are allowed in group membership. We explain how to use PowerShell to search groups assigned a label to block guest access for existing guests, just in case you want to remove them.
You can use Microsoft 365 Groups and distribution lists to schedule meetings in the Teams calendar app, but sometimes you can’t schedule meetings with Teams. That sounds odd, but it’s because of the way that Teams selects groups from the Exchange Online GAL to show to users in the “picker” control to select meeting attendees. You can make changes to have Teams show up in the GAL, but that might not be enough if you want everyone in the team to receive meeting invitations.
In the latest example of rebranding wizardry, Microsoft has announced that Office 365 Groups are becoming Microsoft 365 Groups. You’d wonder if the rename is just to keep the marketing people happy. But maybe the new name reflects what Office 365 Groups have become. Less of a collaboration platform and more of a membership service for Microsoft 365 apps.
After a couple of years, it’s time to update the Office 365 Groups and Teams Activity Report script. Written in PowerShell, the script analyzes the groups in an Office 365 tenant to figure out if each group or team is in active use. Because it’s a PowerShell script, you can amend the code to your heart’s content.
Office 365 applications create lots of Azure Active Directory guest accounts. Here’s how to find old accounts and check their Office 365 group membership. If you know the accounts that are old and stale and aren’t members of any Office 365 group, you can consider removing them from your tenant.
The latest version of the Teams desktop and browser clients support the creation of dynamic teams based on dynamic Office 365 Groups. The functionality is welcome, as long as you can pay for it as every member who comes within the scope of a query used for a dynamic team needs an Azure AD P1 license.
Security groups are often used to protect access to resources, but they can’t be used to control membership for Microsoft 365 Groups or Teams. If you want to use AAD security groups to control membership for Groups and Teams, you need to come up with a way to synchronize. PowerShell is available to do the job, and as it turns out, it’s not too difficult.