Christophe Fiessinger Principal PM Manager cfiessinger chrisfiemicrosoft com

Christophe Fiessinger Principal PM Manager @cfiessinger | chrisfie@microsoft. com Martina Grom Office 365 MVP, Microsoft RD, atwork @magrom | mg@atwork. at

1 How do I get started with groups? 2 How do I keep groups safe & apply governance? 3

How do I get started with Office 365 Groups?

Office 365 · Windows 10 · Enterprise Mobility + Security

Microsoft 365: Universal Toolkit for Teamwork Yammer Teams Share. Point Hub for Teamwork Intranets & Content Management Office 365 Groups Single team membership across apps and services Office Apps Connect Across the Organization Microsoft Graph Suite-wide intelligence connecting people and content Co-Author Outlook Email & Calendar Security and Compliance Centralized policy management

OPEN CONTROLLED Processes in place Reporting & monitoring Change management

Can I bring self-service to users and keep control and governance for Groups?

1. User enters group name in Power. Apps 8. Flow sends email to sender 2. Data is sent to SPO list 3. Flow is triggered and sends approval email 4. Manager accepts or rejects the request 7. Azure function creates the group + owner 6. Accept: Azure function starts 5. Reject: Sender gets a denied email Solution: Provisioning an Office 365 group with an approval flow and Azure functions-part 1 | Part 2 | Part 3

Demo

How do I manage Groups at scale? How do I keep groups safe and apply governance?

Creation permissions Reporting Naming policy Policies and information protection Expiration policy Azure AD access reviews Soft delete and restore Upgrade DLs to groups in Outlook Guest access

Benefits Guidance Documentation: Office 365 Group Expiration Policy | Configure Office 365 groups expiration

Benefits Guidance Documentation: Restore a deleted Office 365 Group

Demo

Benefits Guidance Documentation: Office 365 Groups Naming Policy

Reach • Guest inviter role - Setup a policy so that users with this role can only invite guest • This can be set using user AD properties such - Title, Job Description • Admins can create an allow/deny list of external partner domains that are allowed to be added as guests. • • Guest approved by IT admin can be approved and added to groups. . Add guests through B 2 B portal and turn off sharing for tenant

Documentation: Guest access in Office 365 groups – Admin Help Azure AD access reviews Azure Active Directory Terms of Use feature Guest inviter role

Benefits Guidance Documentation: Group settings | Overview of retention policies | Overview of labels | Search the audit log

Demo

Office 365 Groups and Share. Point, Teams, Yammer

Overview of the "Connect to new Office 365 group" feature

Share. Point site design and site script overview New Share. Point admin center Share. Point & Exchange Multi-Geo support Groups in Outlook and Group-connected team sites are now private-by-default Increase in Share. Point Online storage allocation Tenant Admin Tools to connect existing Share. Point team sites to Office 365 Groups

Proper Setup of Yammer Network Yammer identity management Enable Group creation through Yammer (Big) Advantage! Documentation Yammer and Office 365 Groups

Link an existing private group to a Microsoft Team Use main Planner Site for Group planning (General Tab) Documentation Office 365 groups and Microsoft Teams | Admin training for Microsoft Teams | Access Plans from Microsoft Teams in Planner apps

Demo

Summary

aka. ms/O 365 g aka. ms/O 365 ng aka. ms/O 365 uv fasttrack. microsoft. com/office http: //fasttrack. microsoft. com/roadmap https: //sharepoint. com/resources Manage Office 365 Groups with Power. Shell Overview of Office 365 groups in Microsoft Graph Licensing requirements Office 365 Groups at Microsoft Ignite 2017 Groups in Outlook recap from Microsoft Ignite 2017 https: //sharepoint. com/community http: //sharepoint. uservoice. com

1 Learn about Office 365 groups best practices 2 Enable self-service with governance & drive usage with Fast. Track resources 3 Find all resources in a multi-part series at blog. atwork. at

Questions?

Appendix

## List all groups in descending order Get-Unified. Group | Select Id, Display. Name, Managed. By, Alias, Access. Type, When. Created, @{Expression={([array](Get-Unified. Group. Links -Identity $_. Id -Link. Type Members)). Count }; Label='Members'} | Sort-Object whencreated | Format-Table displayname, alias, managedby, Members, accesstype, whencreated ## List all private groups Get-Unified. Group | Where-Object {$_. Access. Type -eq 'Private'} | Sort-Object whencreated | Format-Table displayname, alias, managedby, accesstype, whencreated ## List deleted group in descending order Get-Azure. ADMSDeleted. Group | Sort-Object Deleted. Date. Time -Descending | Format-Table Id, Display. Name, Description, Visibility, Deleted. Date. Time ## List orphan groups $Groups = Get-Unified. Group | Where-Object {([array](Get-Unified. Group. Links -Identity $_. Id -Link. Type Owners)). Count -eq 0} ` | Select Id, Display. Name, Managed. By, When. Created For. Each ($G in $Groups) { Write-Host "Warning! The following group has no owner: " $G. Display. Name }

## Update group site quotas # Variables: # Cut off date in days # Storage quota in MB # Storage quota warning level in MB #. . . . . $cutoffdate = ((Get-Date). Add. Days(-20)) $quota = 500 $warning = 400 # Retrieve recently created groups $Groups = Get-Unified. Group | Where-Object {$_. When. Created -ge $cutoffdate} | Sort-Object whencreated | Select Display. Name, When. Created, Share. Point. Site. Url # For each new group update quota accordinly if a team site exists. For. Each ($G in $Groups) { try { Set-SPOSite –Identity ($G. Share. Point. Site. Url) -Storage. Quota $quota -Storage. Quota. Warning. Level $warning Write-Host "The following site quota was updated: " $G. Share. Point. Site. Url } catch { Write-Host "The following Groups does have a site: " $G. Display. Name } }

## Set classifications for all groups $Groups = Get-Unified. Group | Where-Object {$_. Classification -Eq $Null} Classification | Select Display. Name, For. Each ($G in $Groups) { If ($G. Classification -Eq $Null) { Write-Host $G. Display. Name Set-Unified. Group -Identity $G. Display. Name -Classification "Low" } } #. . . . . # Variables: # Cut off date in days # Classification #. . . . . $cutoffdate = ((Get-Date). Add. Days(-10)) $classification = "High" # Retrieve recently created groups with accesstype set to PUBLIC $Groups = Get-Unified. Group | Where-Object { $_. When. Created -ge $cutoffdate -and $_. Access. Type -eq 'Public' -and $_. Classification -eq $classification } `

## Update privacy based on classification #. . . . . # Variables: # Cut off date in days # Classification #. . . . . $cutoffdate = ((Get-Date). Add. Days(-10)) $classification = "High" # Retrieve recently created groups with accesstype set to PUBLIC $Groups = Get-Unified. Group | Where-Object { $_. When. Created -ge $cutoffdate -and $_. Access. Type -eq 'Public' -and $_. Classification -eq $classification } ` | Sort-Object whencreated | Select Display. Name, When. Created, Access. Type, Classification, Managed. By # For each new group update set accesstype to PRIVATE For. Each ($G in $Groups) { Set-Unified. Group -Identity $G. Display. Name -Access. Type 'Private' Write-Host "The following Group privacy setting was updated: " $G. Display. Name }

Get-Unified. Group | select Display. Name, Recipient*, @{n="Size"; e={(Get-Mailbox. Statistics $_. Identity). Total. Item. Size}} https: //www. petri. com/identifying-obsolete-office-365 -groups-powershell