O365 Groups- Best Practices and Solutions

Webinar: O365 Groups- Best Practices and SolutionsPresented by AvePoint

John PelusoAvePoint

Sr. VP of Product Strategy

@JohnConnected

Agenda:

• What’s a “Group” anyway?

• What’s to worry about?

• What is Microsoft Doing?

• What should YOU do?

• Demo

• Live Q&A

©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.

From Tahoe to today.

Deloitte

Technology Fast 500

Inc. Magazine

Hire Power Award

Ernst & Young

Entrepreneur of the Year

Windows IT Pro

Best SharePoint Product


All-In

On-Premises

Hybrid

88 Countries 6 Continents

15,000Customers

5 MillionCloud Users



Different groups have different needs

Co-Creating

Content

Mail &

Calendar

Voice, Video

& MeetingsChat-based

Workspace

Sites & Content

Management

Enterprise

Social

Today’s Challenges

Siloed Apps Friction across applications – multiple logins, difficulty sharing and discovering information

Shadow IT Incomplete toolset can lead to inconsistent security, compliance and risk

Wasted TimeContext switching between different apps drains attention and time


Office 365: Designed for the unique workstyle of every group

Complete Collaboration SolutionOffice 365 addresses the breadth of

collaboration needs across your company

Integrated ExperiencesOffice 365 Groups and Graph enable

integrated experiences that facilitate

effective collaboration

Security and ComplianceOffice 365 delivers the security,

compliance and manageability

required in today’s workplace

Co-Creating

Content

Office 365 ProPlus

Mail &

Calendar

Outlook

Voice, Video

& Meetings

Skype

Chat-based

Workspace

Microsoft Teams

Sites & Content

Management

SharePoint

Enterprise

Social

Yammer

Office 365 Groups


Office 365 GroupsSimplifies Collaboration

Today

Request DL for messaging

Get SharePoint Site for files

Create project plan

Manually manage permissions on content

Ramp up new team members based on previous group discussions

Apply & manage policies on content

Manually manage membership and access on DL

Benefits for IT

Group identity & assets created in a single step

Centrally managed as a single object in AAD

Simplified permissions and access structure

Benefits for end users

All group assets created in a single step

Easy to manage independently

New members onboard quickly

CollaborationIn the Past

Self-service group in application of choice

Office 365 Groups is a membership service

User creates new group

for collaboration

Office 365 Application

Group experience

populated in app of choice

Office 365 Application

One IdentityAzure Active Directory (AAD) is the master

for group identity and membership across

Office 365 (Exchange, SharePoint, etc.)

Federated ResourcesO365 services extend with their data

(e.g. Group messaging, SharePoint

TeamSite, OneNote, Planner)

Loose couplingServices notify each other of

changes to a group (e.g., creation,

deletion, updates).

Group identity created

Azure Active Directory

Identity, Resource URLs,

Owners, Members


Calendars

User mailboxes

Planner task comments

Group conversations

Group mailboxes

MS Teams Chats

Instant Messaging

S4B Broadcasting

Internal Networks

External Networks

Sites, Lists, Libraries

User OneDrives

Planner attachments

MS Teams attachments

Group notebook

Group Files

O365 Video Portal

Yammer Notes and Files

Classification

Recertification

Granular

backup/recovery

Information

Lifecycle

Administrative

Policy

Enforcement Provisioning Usage and ROIMigration &

Restructuring

Plans

Buckets

Tasks

Planner

… …

… …

Risk Management


User confusion: What O365

service to use and when?

Trying to navigate to Groups

and Group Resources is painful

and disjointed

Balance: cool new tools for

end users with ability to

enforce corporate policies

Same old problems: “Owners”

have too much power


https://techcommunity.microsoft.com/t5/Office-365-Groups/Curious-Are-you-allowing-all-users-to-create-O365-groups-or/m-p/37908#M1662


https://techcommunity.microsoft.com/t5/Office-365-Groups/Curious-Are-you-allowing-all-users-to-create-O365-groups-or/m-p/37908#M1662



To Enable Modern Team Collaboration Experiences

Dynamic

Membership

Privacy type

conversion

Multi-domain

support

Creation policies

in Azure AD

Mobile

application

management

Data classification

and extensible

policies Usage

guidelines

Exchange Admin

Center UI for

upgrading DL to

Groups

Hybrid guidance

& improvements

Audit log report

SharePoint site

usage report

Groups activity

report


End UserCreate group

Set as public/private

Add members & admins

Add/remove external members

Delete group

Tenant AdminPull reports on group activity

Control who can create groups

Establish dynamic membership

Set naming & retention policies

Master permissions for groups

Admin Tools

> Get-UnifiedGroup #create/update/view groups and their settings

> Get-UnifiedGroupLinks #Manage members, owners, and subscriber list

> Get-MsolSettings #Manage tenant-wide group settings

Admin UI

Office 365 Admin Center

Office 365 Admin app

Azure AD Admin Portal

Exchange Admin console

PowerShell

Execute against Azure AD as

primary

Synchronous notification/update in

Exchange/SP

*-UnifiedGroup / *-MsolGroup

*-UnifiedGroupLinks

*-MsolSettings


Naming policySet on display name during create/change

Blocked word list, pre-/post-fix based on AAD attributes

IT admins can override

Only applies to Outlook (web, desktop, mobile) endpoints today

Dynamic membershipDefined in Azure AD Admin Portal or via PowerShell, see Using attributes to create advanced rules

Hidden membershipMembership is only exposed to members

Configure using REST API today and via PowerShell in the future

Group creation permissionsAzure AD policy can restrict some users from creating groups anywhere in O365, see Manage Group Creation

Does not prevent users from using groups

IT can still create groups

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-with-advanced-rules

https://support.office.com/en-US/Article/Disable-Group-creation-cf0889c0-b287-4f45-bce7-42e30963f1f3


https://www.avepoint.com/blog/technical-blog/how-to-manage-office-365-groups-natively/

https://www.avepoint.com/blog/technical-blog/how-to-manage-office-365-groups-natively/


Naming policy

Banned words and profanity checking

Deletion recovery (soft-delete)

Expiring Groups

http://fasttrack.microsoft.com/roadmap

What’s Next?

http://fasttrack.microsoft.com/roadmap


Office 365 Groups becoming a primary focus

BenefitsEasy to provision by anyone

• Include all necessary team resources- Security Group- File storage- Calendar and group mailbox- Notebook- Discussions- Task management

• Microsoft continuing to invest

• Interfaces are user friendly

Risks• Sprawl

• Oversharing is hard to avoid“Public” by default

• Group artifacts are spread across Office 365 services

• Only basic features planned for recovering artifacts “Soft delete”

• Only basic lifecycle story“Expire and delete”


Archiver

AvePoint Online Services for Office 365

Governance

Management

Backup & Recovery

Compliance

Insights

Priced to appeal competitively for SMB customers against Metalogix / ShareGate

Contains: Administrator, Content Manager, Replicator, Deployment Manager, Policy Enforcer, Identity

Manager, Report Center (Does not include Cloud Insights)

Priced to appeal to enterprise customers as value beyond the management workload.

Contains: Governance Automation Online and Management for Office 365 package

Priced competitively to existing Backup and Recovery vendors for Office 365

Contains: Backup and Recovery for Office 365 including Exchange, SharePoint, OneDrive for Business, Groups, and

Teams

Priced based on demand from regulated customers, suggested packaging with GAOL for lifecycle management

Contains: Archiver for Office 365 including SharePoint and OneDrive for Business

Ensure your data is protected throughout Office 365 with all-in-one scanning, reporting, and built-in issues

resolution.

Contains: Compliance Guardian Online

Provides Office 365 Administrators and Content Owners with the intelligence they need to make more informed

resource allocation and data management decisions.

Contains: AvePoint Cloud Insights


Provisioning with approval

of the requestsAutomated policy

enforcement

Recertification of key attributes

and permissionsAutomated site and

content lifecycle


Native options“Build Your Own”

The Good:

Can align with corporate

processes

The Bad:

Requires constant effort to

develop, support, and

maintain as MSFT innovates

rapidly. Primarily focused

just on the provisioning –

doesn’t solve ongoing

lifecycle management

The Ugly:

You will need to repeatedly

invest to stay current with

Microsoft’s pace of innovation

Native Options

The Good:

Self Service Group creation

allow users to create new

Group objects easily

The Bad:

Few, difficult to scale controls

and policy restrictions

The Ugly:

You are bound to end up with

sprawl, redundancy and

oversharing in groups

AvePoint’s Solution

FrameworkNo-code configuration of

provisioning, permissions

and ownership, and lifecycle

services – extensible via

PowerShell and REST APIs

Full auditing and reporting

of requests and approvals

with admin and ROI

dashboards

Monthly feature and bug-fix

releases, 24/7 support

provided


Flexibility in creation

• Multiple classifications for tracking

• Gathering of organization-specific

details about the requested Group

• Requestor-driven dynamic membership

• Organizational roles and permissions

for stewardship and change

management

• Divisional or departmental provisioning

policies

• Request approval where necessary

Management and lifecycle

• Periodic recertification of owners,

members, permissions and classification

• Merge/separate Groups and their data

• Inventory and tracking of Groups and

their activity

• Policy-driven restrictions for

membership within Groups

• Control over ownership and options for

end-of-life decisions


Native options Access Permissions

Who can do what to the

stuff in here?

Does Bob still need his

access?

No native solutions for

periodic permission review

and certification

Data Ownership

Who is responsible for the

stuff in here?

Are they still here and

willing to own it?


ensuring data ownership for

Office 365 content stays

current

Classification

Tell me about the stuff that

lives in here…

Is it sensitive?

Is it important?


ensuring content is properly

classified


AvePoint’s Office 365 Groups strategy

TodayGovernance of group creationBetter, role-based control of who can request a group

Mandate options like “private” and “unsubscribed”

Require approval for group request to reduce sprawl and redundancy

Manual and automated group lifecycle Set appropriate group lifespan based on business purpose

Extend or delete when expired via configurable approval process

Granular move/copy/restore of group files and mailbox items

TomorrowSingle pane of glass for Group management• Group creation permissions, naming and guest access

• Backup, restore, archive and movement of a group’s content and artifacts

Enhanced lifecycle for groups• Expire groups based on access patterns

• Archive rather than delete when expired

Recertification for groups• Membership

• Classification

• Ownership

Thank You for Joining:

Office 365 GroupsPresented by AvePoint

For More Blogs, Videos, & Webinars, Check Out:

www.avepoint.com/office-365-groups