Forum Discussion
How to manage O365 Group membership through AD Security Groups and/or nested O365 Groups?
I have two issues concerning management of membership in Groups:
1. In the Outlook Widget, I see that I can add another O365 Group as a member in an O365 Group. But what does it mean? It seems like I am then adding the individual members from the other groups as members, not the Group as such? Or is the meaning of this that I should be able to manage individuals for instance in a "mother" group, and then add the group itself to another group as a nested group? Why don´t I then see the group in the membership list?
2. Security Groups and mail-enabled security groups seems to be a better way to manage a company or department team on a regular basis. But it does not seem that I am able to add an AD Security Group as a member in an Office 365 Group. Am I missing something, and/or is this on the roadmap?
I've read some other posts about this issue and there seems to be a core misconseption from MS of how larger organizations utilize Security Groups (Yes, they still have a purpose). If Microsoft's mindest is 365 groups being used in the cloud for a small organization, there is no reason for linking to security groups. But larger organizations need security groups on prem, and as other posters have mentioned, there are likely to be many 365 groups with the same members. Let's pretend we have a group called "accounts_payable". The group has access to ERP system assets, File servers (yes, not all files moved to SP yet), BI systems and then a 365 group is created for their team. Then a few other 365 groups are created for projects for that team. Now we're managing users in multiple groups that all should have the same membership? This type of mindset simply doesn't work at the enterprise level. I keep seeing examples like this that make me wonder if 365 is designed for cloud only Small Businesses.
Does anyone have suggestions or examples on how they're managing and tracking their security + 365 groups? A spreadsheet? The thought makes me nauseous.
Share you concern.
I am not sure what's your definition of Enterprise. We are a 60 people company and need the nested membership feature as desparately as you do. Hoping to see something sooner than later.
- You may find this amusing. We actually have a List on SharePoint that is a manually edited list which contains entries from the Office 365 Admin UI and the ECP so that people that are not Admins can see the groups and the members. Whenever we make a change to either one we have to update the others. Takes too much time when we hire new staff (or staff leave) that is in multiple DL, Shared Mailbox, or Security groups. Now we have to deal with O365 groups?
- 1. Nested Groups are not supported in Groups so what you are seeing is correct: when adding a Group, you are adding the Group members and no the group itself
2. AFAIK, you cannot add security to Groups to an Office 365 GroupI would love to see this feature added.
Or maybe as a compromise, as part of the Dynamic list membership, add some kind of rule to say "if you are a member of this other group..."
Thanks for your comment jcgonzalezmartin! Even if I do´nt like the answer:). If this is the case, I will then have no easy way to manage a membership list, based on a company, department or interest level, and thereafter add them as a group to an O365 group. Dynamic membership will for many not be a good solution as it will require an AD (and HR system) with almost 100% quality, will be out of reach for a lot of companies, because of the price tag put on Azure AD Premium and nor will cover all use cases. To me, nested O365 groups and / or the possibility to add security groups to O365 groups should be the way going forward. Can anyone from Microsoft help to illuminate this issue, for instance danholme?
- cfiessinger
Microsoft
1- what do you mean by "Outlook widget"? Once you add a DL to an Office 365 Group it will automatically expand all the members and add each individually (there is no tie to the DL).
2- For organizational group, Azure AD dynamic membership will help and understood that there is a cost associated with it.
- This is crazy. How can you use O365 groups to apply permissions and not support nested security groups.
When can we expect this feature. It has been over 2 years now.
Technically there's nothing that can't be done, but MS nudges you to the next tier constantly.
- SharePoint (which is everything on the back end) will let you go so far as to add synced security groups without write-back.... but you need O365 Business Premium for that.
- Teams will let you import a security group into a teams security group, but no sync there, so you're managing two groups (but at least you have the import). You also need O365 Business Premium, so why not just stick with SharePoint unless you're using the Skype integration (TBR).
- Groups won't let you do squat other than add members. Have fun with that.
- Write-back? OMG... AAD P1 pricing is ridiculous.. at almost $8/user/month, you're looking at over $55k/yr on a 300 user compliment, just for full sync! Sick. So you're now being nudged to M365 E3 since you may as well be getting more out of it than just AD syncing. (All M365 offerings nudge to enterprise).
I used to complain about trims on new cars, or cable TV packages... but MS just took the cake.
Hi all
ist there somethin new regarding using AD groups as members of Office 365 groups? It is really function which I can appreciate. I was able to add security group to office grooup at azure portal - or to be more correct it looked like it worked (confirmation message informed me that group was successfully added) but unfortunatelly when I checked group membership, there was no change :(.
Thank you for info.
Michal
- cfiessingerWe haven't delivered anything, so nothing new. Office 365 Groups are not tied to security groups
is there a plan to add this feature?
it is a deal braker for us, so i will really like to see it.
I also want to add my vote for this feature we really need it.
Has anyone tried adding an AD group into the Office Group site collection administrators?
I too would like to add to this. An absolute pain in adding members .
Absolutely nothing available for Hybrid set ups. Having to replicate everything in two places is just ridiculous.
I too would like to add to this. An absolute pain in adding members .
No simple powershell available for Hybrid set ups. Having to replicate everything in two places is just ridiculous.
Had this very discussion today on a client site - large EDU customer. Now we do have AAD P1 licenses so can avail of Dynamic Groups in Azure. Seems sensible therefore to base membership off of the Department attribute - but, with this client they tell me that Department names often change so we'd end up with complex membership generation rules.
I can only assume the thinking here by Microsoft is that on-premise AD Security groups, manged by Admin, continue to secure local resources and that Office 365 Groups are managed, not by Admin but by the end users. So yes, we end up with two sets of groups essentially.
Not a great end result.
I've been following this for a while now. If anyone hasn't already, please go vote for this idea here: https://office365.uservoice.com/forums/286611-office-365-groups/suggestions/33942997-add-security-groups-to-office-365-groups
