Embed Size (px)
Citation preview
Office 365 GroupsFrom the ground up
SPTechCon Boston
Drew Madelung
Email : [email protected] Twitter : @dmadelungLinkedIn : /in/dmadelungWebsite: drewmadelung.com
Senior SharePoint and Office 365 consultant specializing in business-oriented content management solutions.
Avid Wisconsin sports fan and golfer.
What are Office 365 Groups?
How do I work with them?
How do they work technically?
How can I administer?
Agenda
Demos, Demos & more Demos
What’s new & What’s Next?Office 365 GroupsFrom the ground up
SPTechCon Boston
There are over 70 million active Office 365 commercial users.
Reference
Collaboration is evolving…
Collaboration has evolved
I N F O R M AT I O N M OV E S S LOW LY C O M M A N D A N D C O N T R O L
T R A D I T I O N A L H I E R A R C H I E S
I N F O R M AT I O N T R AV E L S FA S T L EA R N A N D A DA P T
R E S P O N S I V E N E T W O R K S
F I X E D WO R K F O R C E S S I LO E D T EA M S
T R A D I T I O N A L H I E R A R C H I E S R E S P O N S I V E N E T W O R K S
L E V E R AG E T H E O N - D E M A N D G LO B A L TA L E N T P O O L
Office 365 Groups
Brings together people, information, and apps across Office 365, to enable better communication and collaboration.
SELF-SERVICE
PUBLIC BY DEFAULT
SHARING TO NON-MEMBERS
CONTEXT & HISTORY
SINGLE DEFINITION
SIMPLE TO MANAGE
Office 365 Groups
“ME” = OneDrive for Business
“WE”+Process = Team Sites
“WE” = Office 365 Groups
Today…
“ME” = OneDrive for Business
“WE” = Team Sites
All new Team Sites will get an Office 365 Group and all new Office 365 Groups will get a Team Site- Announced at Future of SharePoint Event 5/4/16
In the future…
“Groups, Graph, and Governance” – Jeff Teper
Azure Active Directory
AppsOffice 365 Groups
Office 365 Groups building blocksIdentity
Office GraphSk
ype
Conv
ersa
tions
Files
Cale
ndar
Note
book
Dyna
mics
CRM
Plan
s
Powe
r BI
Conn
ecto
rs
How do I access Office 365 Groups?There are multiple endpoints to get started…
Outlook on the web OneDrive for Business
Outlook 2016
PowerBI Dynamics CRM Outlook Groups app
Demo!
What’s behind the scenes
One group system across Office 365One identityAzure Active Directory (AAD) is the master for group identity and membership across Office 365 (Exchange, SharePoint, etc.)
Federated resourcesO365 services extend with their data(e.g., conversations stored in Exchange mailbox & documents stored in SharePoint for a group)
Loose couplingServices notify each other of changes to a group (e.g., creation, deletion, updates)Using sync from AAD to Exchange Online AD and SharePoint Online AD they achieve reliability if they miss notifications
SharePoint
SharePoint Online AD Documents
OneNote
Site collection
Additional workloads
Workload scenarios
Workload resourcesLocal
directory
Exchange
Conversations Calendar
Group mailboxExchange
Online AD
IdentityResource URLsOwnersMembers
AAD
Group identity
Management Options – User Interface
Office 365 admin center
Delete
Add Edit
Management Options – User Interface
Azure AD Portal
View & Add Edit & DeleteConfigure Dynamic Membership
*Requires AAD Premium
Management Options – User Interface
Office 365 Admin AppView Add Edit
Management Options – User Interface
Outlook Groups App
Edit & DeleteInteract Add
Management Options – User Interface
Clients
PlannerOutlook on the Web
Outlook 2016
*Offline access supported (GST file)
Power BI
Management Options – ScriptingPowershell
Manipulating groupsAdd-UnifiedGroupLinksGet-UnifiedGroupLinksRemove-UnifiedGroupLinks
Get-UnifiedGroupNew-UnifiedGroupRemove-UnifiedGroupSet-UnifiedGroup
Manipulating group membership
Owners | Members | Subscribers
$creds = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri ` https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirectionImport-PSSession $Session
Establish a remote session to Exchange Online
A Few Useful Scripts for GroupsCreate groupNew-UnifiedGroup –DisplayName “Legal” –Alias “Legal” –EmailAddresses [email protected]
Rename groupSet-UnifiedGroup -Identity “Legal” -Alias “Legal” -DisplayName “New Legal” -PrimarySmtpAddress [email protected]
View all subscribers, members or owners for a groupGet-UnifiedGroupLinks -Identity “Legal” -LinkType Subscribers
Show detailed info for all groupsGet-UnifiedGroup | select Id,Alias, AccessType, Language,Notes, PrimarySmtpAddress, ` HiddenFromAddressListsEnabled, WhenCreated, WhenChanged, ` @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; ` Label='Members'}, ` @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count }; ` Label='Owners'} | Format-Table Alias, Members, Owners
Restricting Group CreationThe old wayUse an OWA Mailbox Policy to disable group creation for ALL users or a SUBSET of users
This does NOT disable group creation except when trying to create through Outlook/Exchange Creating groups in other clients/admin areas (PowerBI, Planner, etc…) would
NOT disable
Set-OwaMailboxPolicy -Identity test.com\OwaMailboxPolicy-Default -GroupCreationEnabled $false
Restricting Group Creation through Azure ADThe new way uses Azure AD No longer dependency on Exchange so it passes throughout Office 365 If OWA policy exists and AAD policy is enabled, OWA policy will be ignored
You can do 2 things: Disable the default ability of everyone to create a new Office 365 Group Point to an AAD group (Office 365 Group or Distribution Group) that contains a list of
people who are allowed to create groups This group cannot have a group in it, must be individual users Users with higher tenant roles already have access (company admin, mailbox admin,
etc…)
Prerequisites Azure AD Version 1.1.117.0 or later (currently preview)
Restricting Group Creation through Azure ADSteps to setup1. Retrieve the Object ID for the group that contains the authorized users
Use Azure AD portal to get Object ID Get-MsolGroup cmdlet to discover GUID via PowerShell
2. Use PowerShell to update the Azure AD policy The object identifier for the template you’re updating is consistent across all tenants Pass the GUID of your authorized user group to GroupCreationAllowedGroupId
Connect-MsolService$template = Get-MsolSettingTemplate –TemplateId 62375ab9-6b52-47ed-826b-58e47e0e304b$setting = $template.CreateSettingsObject()$setting[“EnableGroupCreation”] = “false”$setting[“GroupCreationAllowedGroupId”] = “7edd1d0b-557d-43e6-b583-4f3e0198c167”New-MsolSettings –SettingsObject $setting
3. Confirm using PowerShell and test creating a groupGet-MsolAllSettings | ForEach Values
Configuring multi-domain support
Example Main domain is contoso.com Default accepted domain is service.contoso.com (where groups get created by
default) You have a sub-domain called students.contoso.com and groups.contoso.com
Configured with Exchange Address Policy (EAP) via Exchange Powershell
Option 1:All Office 365 Groups built under groups.contoso.com domain
New-EmailAddressPolicy -Name Groups -IncludeUnifiedGroupRecipients `-EnabledEmailAddressTemplates "SMTP:@groups.contoso.com" -Priority 1
Configuring multi-domain support - ContinuedOption 2:
Control what sub-domains Office 365 groups are created in by attribute
Set users which have their Department attribute set to Students to create groups by default in the students.contoso.com domain
New-EmailAddressPolicy -Name StudentsGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates `"SMTP:@students.contoso.com” ManagedByFilter {Department -eq 'Students'} -Priority 1
All other users will create groups in the groups.contoso.com domainNew-EmailAddressPolicy -Name OtherGroups -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates `
"SMTP:@groups.contoso.com” -Priority 2
Only admins can perform this Use the –RecipientFilter for available properties to filter on (company,
city, office, etc…) If you remove domain you need to update EAPs Max limit of 100 EAPs per organization
• Office 365 Groups are created & managed in Azure Active Directory (AAD)
• Azure AD Connect enables synchronization of Groups with your on-premises Active Directory into DLs with:
• Target Address - the service address of the Groups object• Recipient Type Details - specifies that the Group is not mastered in the on-premises
directory
• AAD Premium is required
• Exchange 2013 CU9 required (individual mailboxes are on-premises) or Exchange 2016
• Still lots of issues as primarily in preview
• Can also be configured to write back as a mail enabled security group
Office 365 Groups Hybrid Support
Resources: • Configure Office 365 Groups with on-premises Exchange Hybrid• Integrating your on-premises identities with Azure Active Directory • Office 365 Groups write back• How to write back an Office Group in Azure AD to a Mail Enabled Security Group
Office 365 Groups things to know
Currently requires using the old sync client for files (stated to be updated to NGSC by EOY 16)
Available in the Global Address List by default
A group can’t have more than 10 owners and a user can’t create more than 250 groups
Currently not supported in Outlook 2016 on the Mac
Groups with more than 1000 members are supported but will decrease performance
When a group owner leaves, all content is saved but new admin must be set at high level
Office 365 Groups can be used as security groups in SharePoint (but not O365 Video)
Group site collections exist under “/sites” managed path but cannot be seen via SP Admin Center
What about governance?
Management tidbits Establish governance plan for groups
Establish AAD group creation policies
Monitor SharePoint Online Storage to ensure group sites not overtaking total storage
Establish a process to have groups admin support easily available for users
Run reports to try to track groups sprawl
Upcoming UsageGuidelinesUrl setting will be available
Migrate multiple distribution lists to Office 365 groups – Link – (soon via GUI)
Technical OptionsSet access type (private or public)
Add quota setting for Group Sites
Set-UnifiedGroup -Identity "Legal" -AccessType Private
Set-SPOSite –Identity https://contoso.sharepoint.com/sites/<groupname> -StorageQuota 3000 -StorageQuotaWarningLevel 2000
*Before using the Set-SPOSite command, your site collection storage management must be set to Manual and not use pooled storage
View all subscribers, members or owners of a group
Get-UnifiedGroupLinks -Identity $groupAlias -LinkType Subscribers
$groupAlias = “TestView”
Available LinkTypes: Members | Owners | Subscribers
1. Pass the groupalias to the Get-Recipient cmdlet to get the recipient details.
2. Pass the group to the Add-RecipientPermission cmdlet with the useralias
Technical Options…continuedAllow users to send as the Office 365 Group
Set naming policy via Exchange
$groupsRecipientDetails = Get-Recipient -RecipientTypeDetails groupmailbox -Identity $groupAlias
Add-RecipientPermission -Identity $groupsRecipientDetails.Name -Trustee $userAlias -AccessRights SendAs
$groupAlias = “TestSendAs”
$userAlias = “User”
Audit reports
This is set via EAC and it applies to Distribution Groups, dynamic distribution groups AND Office 365 Groups *use carefully
View reports of who created, joined and shared Groups via Azure AD Portal
Technical Options…continuedRemove groups email from GAL (global address list)
Accept/Reject certain users from sending emails to groups
Set-UnifiedGroup –Identity $groupAlias –HiddenFromAddressListsEnabled $true
$groupAlias = “TestGAL”
–RejectMessagesFromSendersOrMembers or -AcceptMessagesOnlyFromSendersOrMembers
Set-UnifiedGroup –Identity $groupAlias –RejectMesssagesFromSendersOrMembers [email protected]
$groupAlias = “TestHide”
Hide group members unless you are a member of the private group
$groupAlias = “TestSend”
Set-unifiedgroup –Identity $groupAlias –HiddenGroupMembershipEnabled:$true
Technical Options…continuedFind out which groups do not have owners
1. Get all groups into $groups then go through each looking at the ManagedBy property$groups = Get-UnifiedGroupForEach ($G in $Groups) { If ($G.ManagedBy -Ne $Null) { $GoodGroups = $GoodGroups + 1 } Else { Write-Host "Warning! The" $G.DisplayName "has no owners" $BadGroups = $BadGroups + 1 }}Write-Host $GoodGroups "groups are OK but" $BadGroups "groups lack owners"
Get all storage for group sites
Available in my groups scripts collection: http://bit.ly/DrewO365GroupScripts
Demo!
New “files” UI/UX experience Microsoft Classroom & PLC documentation Office 365 Connectors (now including Dynamics
CRM) 10 GB upload limit and 1 TB total storage for files File quota management Dynamic membership (requires Azure AD premium) eDiscovery and Litigation available IRM for email support Multi domain management Ability to change privacy type of created Group Azure AD creation restriction
As of 5/6/2016
What’s new in Office 365 Groups
Groups REST API
Office 365 unified API overview Office 365 Groups REST API reference Deep Dive into the Office 365 Groups API - Hands On Labs
Events
Files
Management Conversations
1. Create industry/vertical specific solutions2. Connect line of business apps with
Groups
Common content queriesSCENARIO URLGet top 10 conversations sorted by LastDeliveryTime
/group/{id}/conversations?$top=10&$orderby=LastDeliveryTime
Get the next 10 conversations /group/{id}/conversations?$top=10&$skip=10
Get selected properties on events starting after a particular Date/Time
/group/{id}/events?$top=10&$select=Subject,Start,End&$filter=Start ge 2014-09-22
Get selected properties on conversation threads
/groups/{id}/conversations/{id}/threads/{id}/posts?$select=body
Get files where the name starts with “c”
/group/{id}/files?$filter=startswith(name,+'c')
Get selected properties on files /group/{id}/files?$select=dateTimeCreated
What’s upcoming?Launched
Rolling out
In Development
As of 6/30/2016http://fasttrack.microsoft.com/roadmap
UserVoicehttps://office365.uservoice.com/forums/286611-office-365-groups
Office 365 Network “Groups” – Yammer Grouphttp://bit.ly/O365GroupsYammerGroup
• xxxxHelp Contribute!
Questions?Email: [email protected] Twitter: @dmadelung
Website: drewmadelung.com
Scripts: http://bit.ly/DrewO365GroupScripts
Slides: http://bit.ly/DrewO365GroupsSlides
Office 365 GroupsFrom the ground up
SPTechCon Boston
