Forum Discussion
Looking for Microsoft 365 best practices for a large dynamic company group
Looking for Microsoft 365 best practices for a large dynamic company group
I'm a Microsoft 365 admin trying to figure out the best architecture for a company-wide group (100+ users) and I'm wondering if there's a better approach than what I'm currently doing.
What I need
I want a single company group that can:
- Automatically include users through dynamic membership
- Share SharePoint sites, files, OneDrive content, Teams resources, etc.
- Allow sending company-wide emails
- Allow sending required Outlook meeting invitations (not optional)
- Have moderation/approval for announcements, meeting invites, or posts
- Allow certain trusted users to bypass approval while everyone else requires approval
- Scale as employees are hired/terminated automatically
Current setup
- Dynamic Distribution List
- Used for company-wide emails and Outlook meeting invites.
- Membership is dynamic using an Exchange recipient filter based on US users.
- Private Microsoft 365 Group
- Used for SharePoint, file sharing, and collaboration.
- Membership is dynamic through an Entra ID Dynamic Membership Rule.
- I had to use PowerShell to configure some permissions because the portal didn't support everything I needed.
Problems I'm running into
- I now have two separate groups that should always contain the same people.
- The Dynamic Distribution List works well for email/meetings but doesn't provide SharePoint, Teams, or file collaboration.
- The Microsoft 365 Group provides collaboration but doesn't seem to support everything I need for company-wide communication.
- I haven't found a clean way to have approvers/moderators, while allowing a few designated people to post or send meeting invites without requiring approval.
- I also haven't found a good way to make Outlook meeting requests "required" from the sender side other than relying on attendees not changing their RSVP.
My questions
- Is there a better Microsoft 365 architecture for this?
- Should I be using a Dynamic Distribution List, a Microsoft 365 Group, a Mail-enabled Security Group, Teams, Viva Engage, or something else?
- Is there a supported way to have dynamic membership + SharePoint + company email + moderated announcements/meeting invites all in one solution?
- How do large organizations typically handle company-wide communications while keeping membership automatic?
- Is maintaining two dynamic groups (one for collaboration and one for email) simply the recommended approach?
I'd love to hear how other Microsoft 365 admins have solved this in production. Thanks!
2 Replies
If sharing items is a must, your only option is to use an M365 Group. M365 Groups do support moderation, though the relevant settings are only configurable via PowerShell, see https://michev.info/blog/post/3546/did-you-know-microsoft-365-groups-now-support-moderation
For any additional "mail" features that you might be missing, consider "nesting" the M365 Group into a (non-dynamic) DG, where you will be able to configure such settings.
Oh, and do remember that Dynamic membership for M365 Groups is not free.
- NikolinoDEPlatinum Contributor
There is no single Microsoft 365 group type that fully covers company-wide communication, collaboration, and guaranteed email delivery.
The recommended enterprise approach is to separate responsibilities:
- Entra ID Dynamic Group → source of truth for automatic membership (identity, licensing, and targeting).
- Dynamic Distribution Group (Exchange Online) → used for company-wide email and meeting invitations where delivery must be deterministic and independent of user subscription settings.
- Microsoft 365 Group (and/or Teams) → used for collaboration (SharePoint, Teams, file sharing) and non-critical or engagement-based communications.
This approach avoids the subscription-based delivery variability inherent in Microsoft 365 Groups while maintaining modern collaboration capabilities.
For smaller environments, a single Microsoft 365 Group may be sufficient, but it relies on “best-effort” delivery semantics, where users can unsubscribe or choose not to surface group messages in their inbox, making it unsuitable for critical or guaranteed communications.
In summary: use Microsoft 365 Groups for collaboration, and a Dynamic Distribution Group for guaranteed company-wide communication, both driven by the same Entra ID dynamic membership logic.
My answers are voluntary and without guarantee!