Forum Discussion

TheITGirl's avatar
TheITGirl
Copper Contributor
Jun 30, 2026

Looking for Microsoft 365 best practices for a large dynamic company group

Looking for Microsoft 365 best practices for a large dynamic company group

I'm a Microsoft 365 admin trying to figure out the best architecture for a company-wide group (100+ users) and I'm wondering if there's a better approach than what I'm currently doing.

What I need

I want a single company group that can:

  • Automatically include users through dynamic membership
  • Share SharePoint sites, files, OneDrive content, Teams resources, etc.
  • Allow sending company-wide emails
  • Allow sending required Outlook meeting invitations (not optional)
  • Have moderation/approval for announcements, meeting invites, or posts
  • Allow certain trusted users to bypass approval while everyone else requires approval
  • Scale as employees are hired/terminated automatically

Current setup

  1. Dynamic Distribution List
  • Used for company-wide emails and Outlook meeting invites.
  • Membership is dynamic using an Exchange recipient filter based on US users.
  1. Private Microsoft 365 Group
  • Used for SharePoint, file sharing, and collaboration.
  • Membership is dynamic through an Entra ID Dynamic Membership Rule.
  • I had to use PowerShell to configure some permissions because the portal didn't support everything I needed.

Problems I'm running into

  • I now have two separate groups that should always contain the same people.
  • The Dynamic Distribution List works well for email/meetings but doesn't provide SharePoint, Teams, or file collaboration.
  • The Microsoft 365 Group provides collaboration but doesn't seem to support everything I need for company-wide communication.
  • I haven't found a clean way to have approvers/moderators, while allowing a few designated people to post or send meeting invites without requiring approval.
  • I also haven't found a good way to make Outlook meeting requests "required" from the sender side other than relying on attendees not changing their RSVP.

My questions

  1. Is there a better Microsoft 365 architecture for this?
  2. Should I be using a Dynamic Distribution List, a Microsoft 365 Group, a Mail-enabled Security Group, Teams, Viva Engage, or something else?
  3. Is there a supported way to have dynamic membership + SharePoint + company email + moderated announcements/meeting invites all in one solution?
  4. How do large organizations typically handle company-wide communications while keeping membership automatic?
  5. Is maintaining two dynamic groups (one for collaboration and one for email) simply the recommended approach?

I'd love to hear how other Microsoft 365 admins have solved this in production. Thanks!

2 Replies

  • If sharing items is a must, your only option is to use an M365 Group. M365 Groups do support moderation, though the relevant settings are only configurable via PowerShell, see https://michev.info/blog/post/3546/did-you-know-microsoft-365-groups-now-support-moderation

    For any additional "mail" features that you might be missing, consider "nesting" the M365 Group into a (non-dynamic) DG, where you will be able to configure such settings.

    Oh, and do remember that Dynamic membership for M365 Groups is not free.

  • NikolinoDE's avatar
    NikolinoDE
    Platinum Contributor

    There is no single Microsoft 365 group type that fully covers company-wide communication, collaboration, and guaranteed email delivery.

     

    The recommended enterprise approach is to separate responsibilities:

    • Entra ID Dynamic Group → source of truth for automatic membership (identity, licensing, and targeting).
    • Dynamic Distribution Group (Exchange Online) → used for company-wide email and meeting invitations where delivery must be deterministic and independent of user subscription settings.
    • Microsoft 365 Group (and/or Teams) → used for collaboration (SharePoint, Teams, file sharing) and non-critical or engagement-based communications.

     

    This approach avoids the subscription-based delivery variability inherent in Microsoft 365 Groups while maintaining modern collaboration capabilities.

     

    For smaller environments, a single Microsoft 365 Group may be sufficient, but it relies on “best-effort” delivery semantics, where users can unsubscribe or choose not to surface group messages in their inbox, making it unsuitable for critical or guaranteed communications.

     

    In summary: use Microsoft 365 Groups for collaboration, and a Dynamic Distribution Group for guaranteed company-wide communication, both driven by the same Entra ID dynamic membership logic.

     

     

    My answers are voluntary and without guarantee!