Dec 05 2017
10:52 AM
- last edited on
Jul 27 2020
06:26 PM
by
TechCommunityAP
Dec 05 2017
10:52 AM
- last edited on
Jul 27 2020
06:26 PM
by
TechCommunityAP
Is there any way to mail enable an azure ad security group? This group is built in azure ad to take advantage of the robust Dynamic membership capabilities, and we would like to mail enable it, but not make it an office 365 group. We do not want it to have a sharepoint or planner or any of the other stuff that comes with an office 365 group. We just want the dynamic membership capabilities of the azure security group, as well as mail delivery to the group members. When creating the group it only gave us a slider that said enable office features yes/no and I chose no.
Dec 05 2017 11:39 AM
SolutionNope, you cannot have it all. If you want it to stay dynamic and use it as security principal, it cannot be mail-enabled. If you scrap the dynamic part, you can create Mail-enabled security group in Exchange. If you can leave without the security part, create dynamic DG in Exchange.
Dec 05 2017 11:46 AM - edited Dec 05 2017 11:46 AM
Thanks @Vasil Michev. That is what I suspected. When going with the Dynamic DG in Exchange Admin Center I only have a couple of options, Company, State, Department to choose from. Any way for me to use the Office Location instead without copying it to a custom attribute?
Dec 05 2017 12:02 PM
Actually, I think I found the powershell commands.
New-DynamicDistributionGroup -Name "#Test2" -RecipientFilter {(RecipientType -eq 'UserMailbox'
) -and (OFFICE -eq 'TEST OFFICE')}
Dec 05 2017 11:00 PM
Yup, as usual the UI only exposes some options, if you want better granularity you have to use PowerShell. Office, department, "domain" even can all be used to create DDG. The problem with those however is that you cannot use them to delegate permissions - they are not a security principal.
Jan 31 2018 05:59 AM - edited Jan 31 2018 06:00 AM
Yes, this will be working. You can use OPATH filter in the -Recipientfilter.
Dec 03 2020 01:54 PM
@Vasil Michev Have there been any changes on mail-enabling dynamic Azure security groups? In our use case, we need dynamic mail-enabled groups to assign sensitivity labels and Exchange Dynamic Groups don't work for that and I don't want to create a Microsoft 365 Group with all of its trimmings.
Dec 05 2017 11:39 AM
SolutionNope, you cannot have it all. If you want it to stay dynamic and use it as security principal, it cannot be mail-enabled. If you scrap the dynamic part, you can create Mail-enabled security group in Exchange. If you can leave without the security part, create dynamic DG in Exchange.