Mar 16 2017 12:19 PM
Please let me know what you think:
To view the complete article: https://support.office.com/en-us/article/Manage-automatic-creation-of-direct-reports-group-Admin-hel...
Mar 21 2017 06:25 AM
Very well put, and agree with your findings.
Our "ManagedBy" is 100% (integrated AD with our HR system, changes update in AD every 3 hours, and sync to AAD every 30 minutes), however I received an email from a Microsoft PM that stated our organization didnt qualify for auto-creation because:
From email:"Before creating any groups in the organization we have special logic that verifies whether an O365 Group has been created with the manager and reports already or not...a Group will only be auto created when the organizational structure is set up for the company, and it appears that we don’t have the proper information to auto create these groups in <my company>".
If ours is not good enough, no one's is good enough.
Mar 21 2017 06:48 AM
The phrase "couldn't manage a p*** up in a brewery" comes to mind...
Mar 21 2017 07:25 AM
Unrelated to the main topic, but equally important to many of us. @Jeff Medford the way replies and threading work in here is making very active posts like this very difficult to follow. I'm left scrolling through the entire thing to find the new replies, and other than the time they were posted it is very hard to pick them out from the crowd. Maybe a known thing you're working on, but wanted to give the feedback and a real life example.
Mar 21 2017 07:28 AM
Things like this make me check the O365 Message Center/Centre regularly...that's good right :)
The best thing about this new feature,...is that it is easily disabled. Obv better if disabled by default or at least had a big countdown somewhere on the Admin page to remind people to disable.
Someone somewhere is no doubt very happy that this feature is coming.... Emphasis on the one.
Mar 21 2017 07:28 AM
Thanks @Paul Cunningham,
I'll take a note on this, but would be nice if Microsoft updates their documentation to add this case scenario at least for the ones that do not read this thread.
Regards.
Mar 21 2017 09:51 AM
Chris,
2. Refers to that fact that by default only group owners and members of a private group can even see the content, making it difficult to judge if people are using them. You can add yourself as an owner but it takes time to take effect. No part of a computer system should be locked out to the people managing it. Having them not searchable and unrecoverable only adds to them problem.
5. Refers to the fact that Microsoft are pushing groups all the time time but the UI is disjointed to the users. How does someone navigate from a group to a central intranet site etc?
Mike
Mar 21 2017 10:51 AM
Had a good discussion with @Christophe Fiessinger and @Ben Schorr on documentation on Twitter, if you can call 140 characters a discussion. They clarified a lot for me, and made some updates to the documentation already as a result of our conversation. Give it a look: https://support.office.com/en-us/article/Manage-automatic-creation-of-direct-reports-group-Admin-hel...
Mar 21 2017 11:35 AM
I've read it multiple times. The first paragraph says it quite well. Managers with 2-20 direct reports will get a group if they don't have one.
An assesment tool to see the actual impact would be good. And how do you determine if a manager already have a direct reports group? cc/ @Christophe Fiessinger
And the non-dynamic part doesn't make sense for a direct reports scenario imo, which is very rule based ar the start.
And, the idea might be a good one, but I think opt-in would be the way. Send an e-mail to all applicable managers, asking if they want O365 to set this up for them.
We're currently creating a lot of groups for dept/divisions for a customer. How do we know if these trump the auto ones? Unless we just opt-out.
Mar 21 2017 12:02 PM
I would certainly prefer it to be dynamic if we were going to leave it turned on, but I can understand why it isn't and probably never will be from a Microsoft level. Office 365 is what now, over 90 million users or something? Imagine the overhead of a dynamic Groups membership process running at a high enough frequency to not cause gaps for that amount of people.
Perhaps a good opportunity for some documentation and guidance around the requirements from a license perspective, and the actual steps for turning on dynamic membership for this scenario using Azure AD features and what not. Give people a way to convert this into something valuable if they don't agree with the base functionality.
This whole thing may have been a bit heavy handed, but this is only going to keep happening in various forms. We all signed up for stuff like this when we embraced Office 365. I've learned to go with the flow and keep my ear to the ground, where in the past I didn't have to pay much attention because no one could impact my environment but me. That is no longer true.
Most definitely some learning to be had here for the Groups team in the future.
Mar 21 2017 12:07 PM
Here's an article on using attributes to create dynamic membership: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-with...
Hope that helps!
Mar 21 2017 12:28 PM
@Christophe Fiessinger can you confirm my thinking on something here... when it states "automatic group creation"...we are talking about an Office 365 Group (I've seen this stated as "connected group"). So this isn't just a Group in Outlook (a distribution list on steriods)? This is a fully fledged security group, distribution list, plus you'll get a OneDrive for Business folder, SharePoint site, Yammer group, Planner plan etc. etc. provisioned as well? This seems like a lot of moving parts that may not get used and sit stale and most likely be innaccurate membership.
Obviously this isn't that big of a concern I think. At hyperfish we're seeing that most organizations don't have the manager field populated for users, around 40% of users we've analyzed do. We can clearly help with completing and ensuring up-to-date manager fields.
Mar 21 2017 01:06 PM
Mar 21 2017 01:17 PM
Mar 21 2017 01:23 PM
To be fair to the original question:
1. Microsoft originally presented the Files component of Office 365 Groups as an extension of OneDrive for Business. It's only relatively recently that the emphasis moved to SharePoint (where the files always were, even if the labeling indicated otherwise).
2. Microsoft makes a very big thing about the ability of Office 365 Groups to replace email distribution groups. While I agree that the two objects are not close to be the same, you do make lots of noise about being able to use Office 365 Groups in the same manner as email distribution groups, so I understand where the confusion arises. And email-enabled security groups function in some part like the identity part of Office 365 Groups, so again it's easy to see where confusion might come from.
Mar 21 2017 02:11 PM - edited Mar 21 2017 02:14 PM
@David Rosenthal wrote:We all signed up for stuff like this when we embraced Office 365.
No, my organization signed up for a professionally managed service.
Mar 21 2017 02:18 PM
Not to name drop or anything, but I replied to Jeff Teper's recent tweet about some new, fun stuff coming to SharePoint and OneDrive with a comment referring to how badly this auto-creation of Direct Reports groups is. He kindly replied and it is interesting but begs a question and an opinion:
https://twitter.com/jeffteper/status/844285513859137536
Q: Is he suggesting that this roll out is now modified to be piloted in small orgs, or is he suggesting that Tenant Admins perhaps pilot the auto creation in small parts of our orgs?
Opinion: either way, I believe that my recommendation to my large org customers will be as follows:
1. Turn off Group creation for all users (allow groups to be created upon request) temporarily
2. Turn on Group creation permissions for certain small groups of managers who would be amenable to pilot this (and take responsibility for managing the membership of their group).
3. Work on the AD Managed By shortcomings
4. Once the org gets a feel for how this works, then perhaps release it broadly in their tenant by enabling more (all?) users to have group creation permissions.
Fortunately, (I guess) most of my customers are gov orgs, and so haven't quite gotten on the "everyone can create a group" bandwagon anyway.
Mar 21 2017 02:25 PM
Mar 21 2017 02:29 PM
Mar 21 2017 02:35 PM
Really? Don't you think that nugget of information might have been shared through the Message Center? Is that late-developing news?
Mar 21 2017 03:00 PM
Hi @Ben Schorr,
Can you say something about how the system goes about to detect if a Group is already in place for a manger and the direct reports? If I have existing O365 Groups set up, what parameters does it look at to avoid creating a duplicate ones?
-m