Best Practices for Permissions on an O365 Group SharePoint Site

Hi Brent,

in regards to the improved permission management for Office 365 groups (https://techcommunity.microsoft.com/t5/SharePoint/UPDATE-Create-Office-365-Groups-with-team-sites-from-SharePoint/m-p/48277#M4601) there are some more options to handle advanced permissions - I wouldn't call this complex. However, this already helps a lot for several user scenarios.

Moreover, I'd recommend as best practices first to set each new Group as private so that not everybody in the tenant can access it. Second, only certain users in the regarding security group should be allowed to create groups. And third, consider the invitation to external users (guests): permit this generally or only allow for certain groups.

Unfortunately, at the moment this has to be done manually after a group's creation. This also applies to more granular permissions, which are still possible to modify in the SharePoint site. However, I'd wish to have a better permission management or other governance options during groups creation process in order to enforce policies. At the moment this is only possible with 3rd party solutions. For now I can just say, use PowerShell and the manual permission management in the SharePoint sites to achieve your complex group permissions.

Hope this helps.

Rob