Modernize your SharePoint team sites by connecting them to new Office 365 groups
Published Jun 06 2018 09:00 AM 53.4K Views
Microsoft

SharePoint powers content collaboration in Office 365. At work, it is important for every team member to streamline efforts and stay on the same page. Group-connected SharePoint team sites provide a central location to manage team files, input and connect to important data, and share timely news. With insight into what drives the most engagement and value, people can course correct and optimize for greatest impact.

 

Users have been adopting modern SharePoint lists and libraries and creating modern pages. And now it’s time to bring the full power of SharePoint and Office 365 to all your sites. We’re excited to announce that you can now further modernize your existing (classic) sites by connecting them to new Office 365 groups.

 

It is easy to connect your existing SharePoint site to a new Office 365 group. [30-second looping GIF]It is easy to connect your existing SharePoint site to a new Office 365 group. [30-second looping GIF]

This connection also allows you to associate your site to a SharePoint hub site now that it has a modern home page, and the site will look and function better via the SharePoint mobile app.

 

Connect your existing SharePoint sites to a new Office 365 group

You can connect your site to a new Office 365 group from the user interface site-by-site, which might be good for smaller environments. However, larger customers often want to offer a consistent experience to their users, and therefore want to perform a bulk operation of their sites. Last month, we made tools available for admins to connect existing sites to new Office 365 Groups.

 

Being able to connect an Office 365 group to an existing SharePoint site is important if you want to modernize that site and provide additional group capabilities to all team members. In addition to using modern pages, lists and libraries already available in your classic sites, once you have connected your site to an Office 365 group, it can benefit from all other shared group-connected apps such as Outlook for a group inbox and calendar, Planner for task management, Microsoft Teams for real-time, persistent chat, and more.

 

Now, we are expanding this capability to site owners directly from the team sites they own and manage.  When enabled in your environment, it’s easy to get started.  As a site owner, you can initiate the group connection by selecting Connect to new Office 365 Group from the upper-right site gear menu. Note: if this does not appear, either your tenant does not yet have this capability as it takes several weeks to roll out to all customers, or you are not a site owner of that site.

 

From an existing (classic) SharePoint site, select "Connect to a new Office 365 Group" from the upper-right gear icon menu to start the process.From an existing (classic) SharePoint site, select "Connect to a new Office 365 Group" from the upper-right gear icon menu to start the process.

This will launch an experience that will guide you step-by-step through the group connection process, where you provide details for the new Office 365 group, including name, email address, members and owners.  Upon completion, you will be presented with a new, modern home page created for your site with a new, editable page with new web parts to get you started– including a site activity web part that highlights relevant content actions occurring within your site. The page also includes a new link to the group’s inbox in the left navigation and a header with relevant group information and membership. Plus, when you hover on the team site name at the top, you will see the new group card that gives quick access to other apps and shows more about the group and what’s happening beyond the site.

 

Rest assured that all your previous content remains in the site, and a link to the previous home page is also added to the site’s navigation. No site left behind, AND no content left behind. Just moving forward!

 

After stepping through a few wizard-driven steps to add members and owners and adjust settings if needed, you'll be presented with an updated site connected to Office 365 group apps.After stepping through a few wizard-driven steps to add members and owners and adjust settings if needed, you'll be presented with an updated site connected to Office 365 group apps.

Beyond your content, all existing permissions in the site remain the same as well.  This ensures that anyone that had access to resources in the site will continue to have them once it is group connected.

 

 

The updated Site permissions experience is available to site owners from the upper-right gear icon menu to allow inline management of site permissions and invite others to collaborate.The updated Site permissions experience is available to site owners from the upper-right gear icon menu to allow inline management of site permissions and invite others to collaborate.

 

Get started today!

There is no reason to delay. Start your modernization journey now.  Get the most out of the power of SharePoint and Office 365 Groups to boost people productivity across your company.

 

SharePoint powers content collaboration for the modern workplace, enabling teamwork with team sites connected to Outlook, Microsoft Teams, Planner and more. Whether you call this ‘site modernization,’ ‘groupify’ or ‘no site left behind’ - start connecting your existing SharePoint sites to new Office 365 groups today! You’ll jump for joyify for sure.

 

Thanks,

Mark Kashman and Tejas Mehta, SharePoint team - Microsoft

 

FAQs and additional, related resources below…

 

Frequently Asked Questions (FAQs)

Q: How can I expect connecting existing SharePoint sites to new Office 365 Groups to roll out to Office 365 customers?

A: The ability to connect existing SharePoint sites to new Office 365 Groups Communication sites will begin to roll out to all Targeted Release customers this week, and will be completed within 2–3 weeks. We then are targeting end of July 2018 for complete worldwide roll out into production.

 

Q: What types of sites can I connect to new Office 365 Groups?

A: You can connect top-level site collections that use the team site web template (also known as STS#0). You cannot group-connect subsites.

 

Q: What permissions do I need to have to connect my existing site to a new group?

A: Site collection administrators of the existing SharePoint site have the appropriate permissions to initiate the group connection process from the upper-right gear icon menu.  Global admins can use PowerShell cmdlet or API tools as well.

 

Q: What if my site has items with unique permissions?  Do they change?

A: The group connection process does not change permissions on items with unique permissions. 

 

Q: Can I limit the availability of this feature to just my global admins?

A: Yes, there is an admin setting that lets you control whether this feature is available for site administrators from the gear menu.

 

Additional resources

33 Comments
Steel Contributor

That's great @Mark Kashman.

 

A few questions:

 

  1. When do we get to have group members' permission as "contribute" to the site instead of "edit". This is a pain point. Anyone ends up fiddling with, tinkering and changing any page including the home page (either inadvertently by trying out the edit button, or intentionally to put their point). Our users want only the owners to be able to create, edit, or delete site pages (or designated multiple owners). Not every member of the group.
  2. Related to above - not sure then how news would work? News is pages. Can news be in a separate page library of its own, so that it's easier to manage permissions. Then members could then create/edit/delete their own news pages and not other's. And this will also help us having a specific content type associated with that library solely for news applying managed metadata which could be separate from regular site pages which may not really require metadata. The whole "promotedstate=2" is hidden anyway.
  3. How do we get to assign "visitor" / "read" permission to everyone on a private group's connected site? When we use the "site permissions" right-pane to share "everyone" with "only this site", that is added to the "visitors" group and everything works fine. But, after a few days that disappears and suddenly everyone gets access denied. Our use-case is that although some documents, collaboration and other activities of the group are private, but they may want to keep the site open for all to visit and read. Specific libraries and lists will then override inheritance and be available to only group members. Something like a hybrid between a team-site and a communication-site. 
  4. How do we select a particular managed path (teams or sites) for admin created modern sites? Our use-case being, for example IT has its team site for internal collab, but wants to have a communication site with the same name for wider dissemination. So, the path "teams" would make sense for the team site, and path "sites" would make sense for the comms site.
  5. How can admins create a modern team site without necessarily being forced to create an O365 Group behind it? Our use-case being, there are several sites that require fluid permission sets with lots of lists and libraries having unique permissions. Nested security groups works best in such cases. Moreover, our users don't want to clog up their Outlook with tens of groups when they don't need to converse at all. Yes, I could go with a classic site, but then it still would be "classic" which at some point in near future may get deprecated. The road-map is clearly modern, isn't it? We want to look ahead, but with flexibility.

 

 

Copper Contributor

Hi, thanks for the news.

 

What about the subsites?

Where do they go when we connect the top level site collection to a new office group ?

 

Thanks

Copper Contributor

When we connect existing SharePoint Team site to the O365 Groups, then do we get one more SharePoint Site which is associated to O365 group apart from the one SharePoint site which we are connecting?

Microsoft

Hi @prashant k No. The existing site becomes the group's site - so only one site, and it gets updated. The value is that it is brought forward with existing value and gets added value by connecting to Office 365 groups and associated apps. 

Microsoft

Hi @Matthieu SERVIEN. The susbites remain intact and still will be a part of your team site. And to be clear, the main page of each subsite will remain untouched, aka, it will not get modernized, but remain within the modern site.

Deleted
Not applicable

I would also agree with 

 

 

Copper Contributor

We have recently migrated from OnPrem to SPO, and are using AD groups to permission our sites.   What happens to those permissions when we connect to an O365 group?

Brass Contributor

Good news. Thanks for sharing.

 

Agree with @Abhimanyu Singh and others and we have the same concerns.  

 

And what happens to the primary/secondary Site Collection Admins? Do they still show as Site Collection admins somewhere, and can be reported in a report? This is important as they are the contacts for a site and have roles and responsibilities in managing a site collection. Too many site owners is problematic for RnR.

 

Regards

mk

 

Brass Contributor

Hi @Mark Kashman, thanks for this information and the additional rescources. There is just one point I am wondering about: if there is an O365 Group naming policy in place, will the groupify process follow this naming policy? Thanks for clarifying this!

Brass Contributor

Looking forward to hear some feedback from @Mark Kashman on this. 

 

But we have this O365 Group Naming policy in place now  to add a prefix to the name of the O365 Group, and when a modern team site is created it adds that prefix to the name the modern site and to the URL of the site. This is really annoying, and that prefix or suffix what ever is used for O365 Group naming convention should not be added to the site name and URL.

 

Copper Contributor

Hi @Mark Kashman,

 

I was under the impression that we'd be able to convert/connect our tenant's root site collection, however I get the following message when using the Set-SPOSiteOffice365Group cmdlet to do so:

 

Set-SPOSiteOffice365Group : The root site collection for this tenant cannot be connected to an Office 365 Group.

 

Is connecting the root site collection allowed or am I misunderstanding?

Deleted
Not applicable

Is there any ETA on connecting an existing SharePoint team site to an existing Office 365 Group?

Copper Contributor

When we use the "site permissions" right-pane to share "everyone" with "only this site", that is added to the "visitors" group and everything works fine. But, after a few days that disappears and suddenly everyone gets access denied.

@Abhimanyu Singh Are you still having this happen and/or have you come across a solution?  Just came across this issue and can't figure out why those permissions are disappearing.

Steel Contributor

@Jordan Aaberg Strangely the issue went out on its own! I've been watching a couple of sites, and suddenly the issue seems to be resolved. I don't really know how or when exactly, but as of now the "visitors" group is persisting with the "everyone" membership. I am keeping my fingers crossed, because I haven't heard back from @Mark Kashman or any one from the team on the 5 issues/requests I mentioned above. Can't rely on anything for sure, unless there is some confirmation of sorts from Microsoft.

Steel Contributor

@Jordan Aaberg The issue is back. Maybe I didn't check it regularly enough, but now it is getting annoying when several users are reporting the same.

 

 @Mark Kashman Need your help here!

We have same issue as @Abhimanyu Singh . 'Everyone' added to "Group visitors" group disappears from it within few days max. From log it's not clear why, that's only the records what 'everyone' was removed. At the same time if add 'everyone' as domain group  in permissions on the site it works fine.

Copper Contributor

Hi, I have exactly the same problem with adding "Everyone except external users" to the visitors group on a modern team site. The "Everyone..." group will stay in there for a few hours/days then will suddenly disappear. Anecdotally: previously, I have been through the cycle a few times, adding the "Everyone..." group back in after it has been removed, and eventually it seems to stick...

 

This is a real pain; as adding in the "Everyone..." group to a site usually ties in with releasing a site for the general user population to consume something. This may even be accompanied by an official email announcing the availability of the site; only for users to complain after some period of time that they cannot get to the new resource (makes us look a bit rubbish!)

Microsoft

Everyone except external users being removed from the Members or Visitors is by design. To workaround this you can create a separate sp group with the same permission role and add the "everyone except external users" there.

Steel Contributor

Thanks for the response @Bruno Aleixo 

 

Everyone except external users being removed from the Members or Visitors is by design.

I don't get it when you say "it is by design". I mean what could be the reason for that? Why after an indeterminate number of days? If it is by design, why not restrict it from happening in the first place so that the users don't get confused?

 

To workaround this you can..

Is this workaround a supported scenario? Or is it just a hack which can break anytime? (I am talking O365-Group-connected site here, to be clear)

 

...create a separate sp group with the same permission role

This makes no sense to me. If the three groups "owners", "members", and "visitors" are there already provisioned for the intended use, why is creating a separate group required? This is a problem and extra work. We will need to keep a tab on (and document) which sites an extra group was created and why.

 

Even the UI makes it very clear, that we are adding members to "site only" (not the O365-Group), and when "read" permission is given they get added to the "visitors" group. See this screenshot:

 

UI makes it clear that we are adding members to share site onlyUI makes it clear that we are adding members to share site only

 

Now, your response does not make it clear as to why it disappears after a few days? Is a cleanup timer job running somewhere? If it is shared for only the site, then what is the need to clean it up in the first place?

 

In short, I am not comfortable in creating another SP group just for this, when the appropriate group is already there.

 

And while we are at it, how can we get "contribute" permissions for members instead of "edit". This is another big gripe of mine with O365-Group-connected sites. I agree, the traditional sites too provision the "edit" permission on the OOTB "members" group, but the big difference is that we can change the permissions on that group without the fear of it getting reverted on its own. But here, with the O365-Group-connected sites, I am wary of changing anything lest a so-called cleanup-routine will run and undo all changes after an indeterminate number of days!

 

 

 

Copper Contributor

Hi @Bruno Aleixo,

Thank you for the information. on top of @Abhimanyu Singh's response:

Is there an official MS link which details how this process works? It's quite confusing as it is, as (from my experience and searching online) you *can* add stuff to the visitors groups and members groups, i.e. SharePoint doesn't stop you doing it or warn that you shouldn't.

Also, as I said in my last post: I have noticed that if you are persistent and keep adding the "everyone..." group into the site visitors group, then eventually it will stick and SharePoint *seems* to give up trying to delete it...(?)

As an aside, I also found a while ago that removing the members group (even if you add one back in with the same name) will break the security in the modern team sites.

It seems that there are lots of things you *can* do in modern team sites using the standard SharePoint interfaces, but it's difficult to know what you *should* do.

I found this "Sharing and permissions in the SharePoint modern experience" MS doc (https://docs.microsoft.com/en-us/sharepoint/sharing-permissions-modern-experience) which states that "[For a Team site] The advanced permission settings allow for more granular control of permissions but is not recommended for general team use cases as the permissions will not extend back into the Office 365 Group or its related services". This is not saying that you cannot use the advanced permissions in SharePoint modern team sites, but that the permissions will not be beamed back to the Office 365 group. I have (so far) found no resources which say that you cannot add the "everyone..." group to the visitors group, but I have found other postings recommending it, e.g.:
https://www.reddit.com/r/sharepoint/comments/9gkoz0/setting_permissions_on_a_modern_communication_si...

Any further links to official MS documents explaining what you should and shouldn't do would be greatly appreciated :)

Thanks again,

Paul.

Steel Contributor

@Bruno Aleixo,

 

Thanks you for bravely wading into this conversation about "Everyone except external users" being removed from the visitor group. Could you please explain the reasoning for this?

 

We have alot of scenarios that have a public/private component where we use an O365 group with Teams to manage the collaboration portions but want to allow the entire organization to view the information on the site. Project work is a good example. We want the communication and edit ability restricted to the Team, but want to allow anyone to view the documentation or other work products. We're using the same model for our User Group.

I'm very frustrated with the lack of documentation around some "features" of the modern sites. As site owners & admins, we're going to expect the sites to work as usual UNLESS YOU TELL US OTHERWISE. This isn't documented anywhere. The page on Sharing and Permissions in the SharePoint Modern Experience would be a perfect place to state that if you invite "Everyone except external users" to the visitor group, SharePoint will clear out the group eventually and then explain why.

 

FYI to anyone following - another tidbit on modern sites and permissions, as owner of an O365-enabled site, you can only make site-level columns that are text-based such as string, number, date, choice, etc. In order to make a complex site column like lookup, people or managed metadata, you must be added by name to the site collection admins.

IMHO, documentation is important but not enough. You may not read documentation, you may not read it carefully, you may understand it. Software itself shall alert somehow if you use wrong function. If 'everyone' shall not work it shall not work from the moment when you try to add it.

 

What is the current scenario - you add 'everyone'. Test behaviour with few users, it could take couple of days, everything works fine. On third day you deploy the change and announce to the company.  On next day after that someone requests access, you check - 'everyone' disappeared. Add it again since you know it worked and you know 'everyone' works for a long while on other sites (yes, on couple of our sites it works probably for months). After that you are asking other admins and owners who the hell removed 'everyone'. Nobody. In a while cycle repeats. Finally you check the log and see what the system removed 'everyone'. Start checking all your settings, nothing. Open the ticket? - but if they don't know the answer they ask to do all the tests they know and reinstall everything from scratch, plus it takes a lot of time. Let check on TechComm. Uh, I'm not alone and that is by design...

Microsoft

About this i´m expecting a kb article to be published. Once i have the link i will circle back.

 

Regarding other topics and suggestions my advice is 

1.if you find something is missing on documentation provide feedback directly on the documentation. There are experts that review all suggestions

2.if there is something in the behavior of the product that you would like to suggest an improvment uservoice is the best way as product group is always monitoring uservoice.

 

Thanks

Copper Contributor

Thanks @Sergei Baklan and @Bruno Aleixo 

 

Will look forward to the KB article.

 

I think this "feature" falls somewhere between something that should be documented (as it is intentional, but strange), or something that should be fixed (as it is broken). On that basis, it's difficult to know which forum to approach... That is where Techcommunity comes in I guess!

 

Thanks,

 

Paul.

Steel Contributor

@Sergei Baklanthat is exactly my scenario. We have a modern O365 group enabled site as our new O365 Collaboration Home. We use the O365 group to manage meetings, notes, communications, etc. for the User Group, but the site itself needs to be open to the entire organization as this is where we post governance, how to articles, tidbits and links to updates like this one. I announced it to the User Group last Tuesday and was getting ready to put it out on Yammer when I started getting access requests from visitors and discovered that "everyone except external" disappeared. Twice. I've spent 2 mos. building this site and can't publish it if it's going to randomly kick people out.

 

So if @Bruno Aleixo is going to have a KB article on this, does that mean this is intended/expected behavior and that Microsoft is not going to fix it? Is Microsoft expecting us to choose between public access in communication sites and group collaboration in team sites? 

 

Bruno, can you give us a hint please on what this KB article is going to say?  

@Bruno Aleixo Add me to the list of people who don't understand the rationale, and feel strongly that if this is a design decision it has been implemented very poorly.

 

If you don't want people to add "everyone" to the Site Visitors group in a Private Group site, then DON'T LET THEM ADD EVERYONE. Allowing people to add that via the UI and then to pull the rug out a couple days later is a terrible user experience.

Brass Contributor

@Mark Kashman Please update this and all other related Modernization stubs with a notice at the introduction stating that root level sites currently are not able to be modernized.  Currently the only way for an admin to come to this determination is to read through and attempt all of the site modernization efforts and fail, by being guided to:

  1. Connect to O365 through site settings failure (link),
  2. Scripting Set-SPOSiteOffice365Group and failing (link),
  3. Surrendering to the Modernization Scanner, which first requires:
  4. Configuring an Azure/SP App client and ID, then running the scanner,
  5. ONLY THEN to receive the O365 Group Connection Readiness.xlsx file, filtering to your root site, and seeing the */isTenantRootSite and the message that "the root site of your tenant can not be group connected".

This really needs to be much more prominent at the start of all the Modernization documentation - it currently isn't captured anywhere.

 

On that line, is there an ETA for a conversion option of existing Classic Tenant Root sites to Modern?
Thank you! 

Microsoft
Steel Contributor

@Bruno Aleixothanks for the update, but that doesn't actually provide much of an answer. Is there any explanation as to purpose behind this? What is the justification/rationale? Why would Microsoft care if we add everyone to a visitor group? And why does it work within Microsoft but not for the rest of us? Because this is the precise scenario used for the Intrazone podcast site - It's a private group-connected SharePoint team site that is open to all of Microsoft. Read the comments, when I asked @Mark Kashman about it, his answer was to Invite people > "Share site only" with "everyone except external" as this will add them to the member group.

 

Is it worth bothering to put something on SharePoint User Voice? 

 

Steel Contributor

Also, doesn't this defeat the purpose of the modern Site Permissions option? The whole point was for users to be able to see who a site is shared with to allow them to make good choices about what to post there. Now I have a site that APPEARS to be limited to the members, but in reality is open to everyone. How is this a good thing?

Microsoft

@Rachel Davis  UserVoice is the best channel to use. 

Brass Contributor
Hi,
I know a lot of customers who have O365 Groups and heavily use the sharepoint site and are not using MS Teams, they want to control access to the MS planner / mailbox (hence a private a O365 group) but they would like to give the organisation read access in general to the whole sharepoint site. What used to be a simple case of adding "everyone but external" in the visitor group now is no longer the case and MS have a batch job that removes it!? Ive tested this and yes its removed as per the KB article https://support.microsoft.com/en-us/help/4492201/everyone-except-external-users-group-is-removed
Q1. Id like to know the rationale behind this decision? Why was it done?
Q2. It would have been better if this was configurable at tenant or even better at the Group setting i.e. do you want to allow the everyone except external in the SP visitor group for the private O365 Group (or something a bit shorter and succinct!)
I now have to either create a new security group that mimics the "everyone but external" in Azure AD, or create a new SP visitor group with visitor permissions and hope the MS batch job doesn't scan my custom group,  and then do this for every new / existing O365 Group Sharepoint site... It is hard enough to keep up with all the changes and explain these things to simply to clients and now even i struggle to explain this decision
Brass Contributor

It is not acceptable that Microsoft get to make a call on who we add where in our companies.  Vote this up on uservoice.

 

https://office365.uservoice.com/forums/286611-office-365-groups/suggestions/37158241-manually-set-pe...

Version history
Last update:
‎Jun 07 2018 09:47 AM
Updated by: