May 11 2017 10:47 AM
May 11 2017 10:47 AM
I've seen a few other posts that have brushed by this, but I'm curious how others handle this. It's really stressing me out as an admin because I like keeping things clean, however, I'm starting to think I need to just ignore the Office 365 Groups in the directory and treat it like any other cloud provider does with a public service and just let it run it's course. No sense in maintaining or paying attention to who creates what?
Are you guys doing this? Or have you tried your best to lock down most creation items (I've already killed planner, having groups get made off plans is the dumbest things ever, having Username todo's show up all over and in GAL is just mudane).
Already having issues where I have 2 users who have discovered how to create stuff in 365 (migrated exchange online) but for the most part it's quiet, however as time goes it'll just get worse, those 2 users have created about 10 groups each already in some form or fasion, many with 1 user..... and 2 have duplicate names so I'm guessing they created a sharepoint site for their team, then turned around and made another group or Team with the same name not knowing it had been created already on the back end...../sigh, this is just dumb guys....., I understand making a group for something because it's required for it to funciton but make that group hidden and only used for the service it has, don't create and spawn other services from it, trying to get users to understand this is a nightmare.
May 11 2017 10:48 PM
We have locked down the ability to create groups to two Global Admins (me and one other) in a Security Group - but we are right at the beginning of our O365 journey (after close to a year of background research, documentation and governance preparation) so this group of people may expand.
We have a controlled SharePoint site creation process and expect to do the same with Groups.The only thing we have not yet really worked through is what happens to DLs - in most (but not all) cases they will become Groups, but this of course means they create all the other elements, which is fine as our migration strategy for SharePoint includes SharePoint on-prem to Group-based SPO sites.
May 11 2017 10:50 PM
Might I ask how you control the SharePoint site creation?
May 12 2017 12:04 AM
May 12 2017 07:56 AM
May 14 2017 08:05 PM
End users cannot create SharePoint sites or sub-sites in both our on-prem and early O365 environment. We have a 'SharePoint Request' list form that users must complete to request a new site. We will do the same for O365 Groups (or merge the two as the same request) for O365. For on-prem, once the user submits the request I get notified and use a PS script to create the new site; for O365, we may use the script or just create them manually.
The point is control - but not too much. For example, Site Owners are largely responsible for setting up libraries and lists, and modifying pages as required.
We've had SharePoint running since early 2012 (2010 upgraded to 2013 two and a half years ago). In that time, we've created just on 245 sites collections, of which 94 are team sites (with 425 sub-sites) and 83 project sites (with 85 subsites). Note, we have different web applications for on-prem team and project sites, but they use the same template. We have around 8,000 staff across a widely dispered geographical area (State) in Australia.
Our current project sites will become Group-based sites, while the team sites will be a mixture of Group-based and SharePoint Admin-created.
May 14 2017 08:08 PM
I forgot to mention there are only two of us in the SharePoint team, my colleague is the primary SP Administrator.
May 14 2017 08:09 PM
I agree with the potential problem of ending up with two names the same if users can create a Group (which creates a site), or a Site (which creates a Group). Our users are used to the inability to do it themselves, so I think we'll be ok with continuing this level of control.
May 14 2017 08:13 PM
May 14 2017 08:19 PM
We have limited the ability to create Groups to the members of a Security Group in the O365 Admin portal (a process described already here and I think also in Tony Redmond's excellent and must-have book). We have also limited the ability to create SharePoint sites in the SharePoint Admin portal. This means that the option to 'Create Site' from the SharePoint portal is not there for end users, and they also don't get the option from Outlook.
The bit that I'm less certain about right now is how the DL to Group process is going to work, but I assume that I will be able to convert the DL to a Group, that it won't be automatic. We expect that our SharePoint model will change once we have more Group-based SharePoint sites replacing previous DLs plus a separate SharePoint site.
May 15 2017 11:09 AM
Based on what the majority of responses here I will say our approach was different. Our organization is about 9,000 people and we are global. That adds a big layer of complexity for us, that said, we opted to allow users to create groups on their own. We are still very early in adoption stage (marketing, promoting, educating) an considering the amount of groups created so far (less than 200) our users seem to be conservative about group creation so that is a good thing for now. There is a little bit of anxiety over what will happen once people start heavily using groups but we hope to mitigate this with continous education and governance. The one area that is grey for us is management of groups (i.e. activity/usage etc.) not sure if others have a better way of managing groups but we think usage of groups will be trigger for us to delete unused groups in an effort to keep things clean.
May 15 2017 11:12 AM
May 15 2017 11:32 AM
Yes, I understand! Lack of resources are always a challenge. Although we have a talent development team,we are not engaging them for this. Instead, we decided to get a little creative (since we also faced limited resources) and we decided to go with the following training plan:
I'm interested in hearing if others have used a similar training plan or something better I am definitely looking to improve the model as we move forward.
May 15 2017 11:34 AM
Interesting. That looks doable and could be effective. Thanks for that :).
May 15 2017 11:48 PM
hello lillian
you said:
"...The one area that is grey for us is management of groups (i.e. activity/usage etc.) not sure if others have a better way of managing groups but we think usage of groups will be trigger for us to delete unused groups in an effort to keep things clean."
What plans do you have in regards of analyzing the activity and usage of your O365Groups ?
Are you thinking of using the existing Group activity API + Compliance and Security API for parsing the logs + some sort of powershell code?
or would you prefer a 3rd party solution (covering all of these elements in a dashbaord), in case such solution exists ?
May 16 2017 08:59 AM
Hi Stefan,
For now, we are going with managing through API/powershell codes to track activity, usage, security ect. but I am open to adjusting the strategy as things evolve. What is your company doing to manage groups?