We are getting ready to rollout groups everywhere but we are struggling to keep it simple because of the differences in availability of various group types in various applications.

We use PowerBI a lot and we are trying to get lots of usage in Teams and OneDrive

It seems that if we create an Office365 Group called "Human Resources" and if we also create a security group called "sg-Human Resources" we can set them both to dynamic membership and then forget about the membership. 

**A security group is needed because power bi reports can not be shared with another office 365 group. You have 2 choices to solve this, you can either use a DL(which can't be dynamic) or Security Group, we choose Security Group**

We also want to have groups called "HR Committee" this group is always changing and is random so having a dynamic group won't work.  For us to utilize the same pattern as above will require the "owner" of HR Committee to update membership in 2 places every time.  We would really like them to only update the membership in one place.

So...….

1. Teach everyone to update membership in both groups-- Bad Idea

2. Use PowerShell magic and a flow or something similar to have an owner request changes and then have that push the changes to the office 365 group and security group. --Good Idea

3. Something that someone with more insight or intelligence than me has come up with --Best Idea