Forum Discussion
How to manage O365 Group membership through AD Security Groups and/or nested O365 Groups?
I have two issues concerning management of membership in Groups:
1. In the Outlook Widget, I see that I can add another O365 Group as a member in an O365 Group. But what does it mean? It seems like I am then adding the individual members from the other groups as members, not the Group as such? Or is the meaning of this that I should be able to manage individuals for instance in a "mother" group, and then add the group itself to another group as a nested group? Why don´t I then see the group in the membership list?
2. Security Groups and mail-enabled security groups seems to be a better way to manage a company or department team on a regular basis. But it does not seem that I am able to add an AD Security Group as a member in an Office 365 Group. Am I missing something, and/or is this on the roadmap?
41 Replies
Hello cfiessinger, any update on the ability to sync security groups with Office 365 Group members? Do you have in mind any other idea for doing so?
It's been more than a year so it would be nice to have some progress about it.
I've been following this for a while now. If anyone hasn't already, please go vote for this idea here: https://office365.uservoice.com/forums/286611-office-365-groups/suggestions/33942997-add-security-groups-to-office-365-groups
Had this very discussion today on a client site - large EDU customer. Now we do have AAD P1 licenses so can avail of Dynamic Groups in Azure. Seems sensible therefore to base membership off of the Department attribute - but, with this client they tell me that Department names often change so we'd end up with complex membership generation rules.
I can only assume the thinking here by Microsoft is that on-premise AD Security groups, manged by Admin, continue to secure local resources and that Office 365 Groups are managed, not by Admin but by the end users. So yes, we end up with two sets of groups essentially.
Not a great end result.
Technically there's nothing that can't be done, but MS nudges you to the next tier constantly.
- SharePoint (which is everything on the back end) will let you go so far as to add synced security groups without write-back.... but you need O365 Business Premium for that.
- Teams will let you import a security group into a teams security group, but no sync there, so you're managing two groups (but at least you have the import). You also need O365 Business Premium, so why not just stick with SharePoint unless you're using the Skype integration (TBR).
- Groups won't let you do squat other than add members. Have fun with that.
- Write-back? OMG... AAD P1 pricing is ridiculous.. at almost $8/user/month, you're looking at over $55k/yr on a 300 user compliment, just for full sync! Sick. So you're now being nudged to M365 E3 since you may as well be getting more out of it than just AD syncing. (All M365 offerings nudge to enterprise).
I used to complain about trims on new cars, or cable TV packages... but MS just took the cake.
I too would like to add to this. An absolute pain in adding members .
No simple powershell available for Hybrid set ups. Having to replicate everything in two places is just ridiculous.
I too would like to add to this. An absolute pain in adding members .
Absolutely nothing available for Hybrid set ups. Having to replicate everything in two places is just ridiculous.
I also want to add my vote for this feature we really need it.
Has anyone tried adding an AD group into the Office Group site collection administrators?
I've read some other posts about this issue and there seems to be a core misconseption from MS of how larger organizations utilize Security Groups (Yes, they still have a purpose). If Microsoft's mindest is 365 groups being used in the cloud for a small organization, there is no reason for linking to security groups. But larger organizations need security groups on prem, and as other posters have mentioned, there are likely to be many 365 groups with the same members. Let's pretend we have a group called "accounts_payable". The group has access to ERP system assets, File servers (yes, not all files moved to SP yet), BI systems and then a 365 group is created for their team. Then a few other 365 groups are created for projects for that team. Now we're managing users in multiple groups that all should have the same membership? This type of mindset simply doesn't work at the enterprise level. I keep seeing examples like this that make me wonder if 365 is designed for cloud only Small Businesses.
Does anyone have suggestions or examples on how they're managing and tracking their security + 365 groups? A spreadsheet? The thought makes me nauseous.
- You may find this amusing. We actually have a List on SharePoint that is a manually edited list which contains entries from the Office 365 Admin UI and the ECP so that people that are not Admins can see the groups and the members. Whenever we make a change to either one we have to update the others. Takes too much time when we hire new staff (or staff leave) that is in multiple DL, Shared Mailbox, or Security groups. Now we have to deal with O365 groups?
Share you concern.
I am not sure what's your definition of Enterprise. We are a 60 people company and need the nested membership feature as desparately as you do. Hoping to see something sooner than later.
Hi all
ist there somethin new regarding using AD groups as members of Office 365 groups? It is really function which I can appreciate. I was able to add security group to office grooup at azure portal - or to be more correct it looked like it worked (confirmation message informed me that group was successfully added) but unfortunatelly when I checked group membership, there was no change :(.
Thank you for info.
Michal
- cfiessinger
Microsoft
We haven't delivered anything, so nothing new. Office 365 Groups are not tied to security groupsis there a plan to add this feature?
it is a deal braker for us, so i will really like to see it.
