Forum Discussion
MicrosoftAbility to connect existing SharePoint team sites to Office 365 Groups is coming later this year
Hi all - yes our plan is to provide the ability to connect only root site collections to new Office 365 Groups. We've considered enabling subsite-to-group connections, but there are enough gotchas both architecturally as well as from a design standpoint in delivering an experience that is comprehensible to most humans. One example is that when we start rolling out classification-based policy (e.g. Confidential classification equates to group guests being disabled, SharePoint external sharing turned off, etc. - this is just an example for discussion), those policies apply at the site collection container level. If we enabled subsite connection to groups, we would have to deal with site parent-child policy conflicts, inheritance-based permissions, etc. Not saying it's impossible but cleary stands in the way of shipping an experience sooner.
Having looked at all site collections in the service, the vast majority are flat (i.e. no subwebs), for which this experience should work seamlessly. That said, we acknowledge that there are some very active site collections with subsite hierarchies. For these subwebs, there are a couple of paths to get to 'modern'. One is a migration effort from subsite to root site collection, and then connecting the collection to a new group with the feature described in this thread. The other, is a 'modernize this site' type of experience that brings the classic subsite to the modern experiences without a group connection. This is also a body of work we are investing in and will share additional details in the future.
Hope this helps to clarify. We'll definitely be talking more about this in the coming months as we make progress on the feature.
Thanks
Hi Baronne,
Let's say your old "classic" site is called Old-Contoso, and it has the usual 3x SP Groups: Old-Contoso Owners, Old-Contoso Members, Old-Contoso Visitors. You manage members of the SPG's in the usual manner, by selecting security principals from the people picker.
And you've got a new Office Group called New-Contoso. So this comes with its own membership management, surfaced in the Office 365 Admin Centre -> Groups, and also in the Outlook Groups presentation of the OG functionality.
If you go to the Old-Contoso SP site -> Site Settings -> People and Groups, and select one of the SPG's, say Old-Contoso Members, then add a new user, the people picker will let you select the OG's like they were users. If you add an OG to an SPG, the members of the OG membership gets the access that the SPG has to sites, libraries, folders, and docs in the Old-Contoso site.
Likewise, if you go to a site, library, folder, or document in the Old-Contoso site, and disinherit its permissions from its parent, and add permissions, the people picker will allow you to add an OG and grant it permissions.
So you can use OG's, for example the New-Contoso OG, to puppet master the permission across your old "classic" SP sites, for example Old-Contoso, by adding the OG's as members of the old "classic" SP sites' SPG's, or by directly granting the OG's access permissions on the old "classic" SP sites' containers (sites, libraries, folders) and documents.
So in a migration or hybrid you can manually configure the OG's to duplicate the old permissions by creating OG's with memberships, adding them to the old sites SPG's, containers, and documents permissions. Then delete the old memberships of old SPG's.
The old sites and SPG's are then security "zombies" from a group membership point of view. All granting of collective permissions is made by member management of the new OG's, and by granting permissions of those OG's onto the resources of the old sites.
So, here, as an example is what I see when I go and setup a SharePoint Site... if this is the classic experience what is the 'new' experience where a site is connected to an Office 365 group?
New OG groups are either created in the Office Admin Centre, or in the Outlook Groups part of Outlook's menus, or when you create a Team, or when you launch "SharePoint" from the Office 365 app launcher (waffle menu).
Old SP sites are created as you've described above.
The classic sites probably reside in a different corner of MS's Office 365 datacentre from the OG sites, both with respect to where the data is and the admin functionality that manages them. Notice the OG sites don't appear in the list of SP sites in the Office 365 SharePoint Admin Centre.
This is another reason - over and above the differing SP site templates - why MS will have to work quite hard to produce an upgrade or "magic merge" solution: The two systems and data areas are separate, and therefore data will have to be copied between the two. The process will likely not be able to happen in place.