Challenges with Office 365 group naming policy

%3CLINGO-SUB%20id%3D%22lingo-sub-747276%22%20slang%3D%22en-US%22%3EChallenges%20with%20Office%20365%20group%20naming%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-747276%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20planning%20to%20implement%2C%20group%20naming%20policy%20for%20Office%20365%20groups%20in%20our%20tenant.%20Before%20we%20enable%20the%20policy%20wanted%20to%20know%20few%20things.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20How%20many%20number%20of%20prefixes%20are%20allowed%20to%20use%20in%20Policy%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EEx.%20I%20want%20to%20use%20prefix%20GRP%20for%20some%20groups%20and%20O365GRP%20for%20others%20like%20wise.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20If%20we%20are%20enabling%20policy%20based%20on%20attributes%2C%20how%20many%20conditions%20we%20are%20allowed%20select%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EEx.%20IF%20Country....IF%20State...IF%20Depart....IF%20Office%20like%20wise%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E3.%20How%20this%20will%20affect%20the%20existing%20groups%3F(we%20have%20around%2020k%20existing%20groups.)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E4.%20How%20this%20will%20affect%20the%20Exchange%20groups%20or%20others%20like%20Security%2C%20Distribution%20list%2C%20Group%20mail%20boxes%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E5.%20Are%20there%20any%20consequences%20of%20naming%20policy%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3Eex.%20Performance%2C%20Maintenance%20etc.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks!%20I%20would%20really%20appreciate%20the%20help.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20already%20referred%20below%20links%3C%2FSPAN%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fadmin%2Fcreate-groups%2Fgroups-naming-policy%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fadmin%2Fcreate-groups%2Fgroups-naming-policy%3Fview%3Do365-worldwide%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-naming-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-naming-policy%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Foffice-365-groups-naming-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fwww.petri.com%2Foffice-365-groups-naming-policy%3C%2FSPAN%3E%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-747276%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EO365%20groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748396%22%20slang%3D%22en-US%22%3ERe%3A%20Challenges%20with%20Office%20365%20group%20naming%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748396%22%20slang%3D%22en-US%22%3E%3CP%3EThose%20policies%20only%20apply%20to%20Office%20365%20Groups%20(modern%20groups)%20object%2C%20no%20DG%20or%20other%20group%20types.%20It's%20not%20applied%20to%20any%20existing%20groups%2C%20but%20if%20a%20group%20is%20edited%20via%20any%20of%20the%20clients%20that%20support%20policies%2C%20it%20will%20be%20updated%20to%20conform%20with%20the%20policy.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20only%20have%20a%20single%20policy%2C%20as%20the%20underlying%20DirectorySettings%20object%20doesn't%20support%20multiple%20instances%20of%20the%20same%20object%20type.%20You%20can%20use%20multiple%20attributes%2C%20combine%20different%20types%2C%20but%20the%20total%20length%20is%20limited%20to%2053%20chars.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20is%20no%20performance%20penalty%2C%20and%20the%20management%20overhead%20depends%20on%20how%20well%20versed%20with%20PowerShell%20your%20IT%20staff%20is%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-748872%22%20slang%3D%22en-US%22%3ERe%3A%20Challenges%20with%20Office%20365%20group%20naming%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-748872%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BThanks%20for%20your%20response%20and%20appreciate%20the%20information%20provided%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20see%20this%20MS%20article%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-naming-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-naming-policy%3C%2FA%3E)%3C%2FP%3E%3CP%3EPara%3A%20T%3CSPAN%3Ehe%20naming%20policy%20is%20applied%20to%20creating%20or%20editing%20groups%20created%20across%20workloads%20(for%20example%2C%20Outlook%2C%20Microsoft%20Teams%2C%20SharePoint%2C%20Exchange%2C%20or%20Planner).%20It%20is%20applied%20to%20both%20the%20group%20name%20and%20group%20alias.%20If%20you%20set%20up%20your%20naming%20policy%20in%20Azure%20AD%20and%20you%20have%20an%20existing%20Exchange%20group%20naming%20policy%2C%20the%20Azure%20AD%20naming%20policy%20is%20enforced%20in%20your%20organization.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20It%20says%20group%20created%20across%20workloads(ex.%20Exchange)%2C%20does%20that%20include%20Group%20mailboxes%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIt%20also%20says%2C%20if%20there%20is%20existing%20Exchange%20group%20naming%20policy%2C%20then%20Azure%20AD%20naming%20policy%20will%20override%20this.%20I%20am%20not%20much%20familiar%20with%20exchange%20groups.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20Exchange%20group%20naming%20policy%20is%20applicable%20to%20which%20groups%3F(Group%20mail%20box%3F%20O365%20groups%3F)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E3.%20Is%20it%20possible%20to%20use%20different%20prefix%20for%20different%20groups%3F%20Like%20can%20we%20have%20multiple%20prefix%20in%20the%20policy%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-749263%22%20slang%3D%22en-US%22%3ERe%3A%20Challenges%20with%20Office%20365%20group%20naming%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-749263%22%20slang%3D%22en-US%22%3E%3CP%3EI%20already%20answered%20those%20above.%20No%2C%20you%20cannot%20use%20different%20prefixes%2C%20it's%20one%20tenant-wide%20setting.%20If%20you%20want%20different%20prefixes%2C%20you%20have%20to%20write%20your%20own%20provisioning%20method.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20article%20you%20are%20citing%20applies%20to%20only%20Office%20365%20(modern)%20groups%2C%20across%20all%20endpoints.%20The%20Exchange%20policy%20applies%20to%20%22traditional%22%20DGs%20as%20detailed%20for%20example%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients-in-exchange-online%2Fmanage-distribution-groups%2Fcreate-group-naming-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients-in-exchange-online%2Fmanage-distribution-groups%2Fcreate-group-naming-policy%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are planning to implement, group naming policy for Office 365 groups in our tenant. Before we enable the policy wanted to know few things.

1. How many number of prefixes are allowed to use in Policy?

Ex. I want to use prefix GRP for some groups and O365GRP for others like wise.

2. If we are enabling policy based on attributes, how many conditions we are allowed select?

Ex. IF Country....IF State...IF Depart....IF Office like wise

3. How this will affect the existing groups?(we have around 20k existing groups.)

4. How this will affect the Exchange groups or others like Security, Distribution list, Group mail boxes?

5. Are there any consequences of naming policy?

ex. Performance, Maintenance etc.

Thanks! I would really appreciate the help.

I have already referred below links

3 Replies
Highlighted

Those policies only apply to Office 365 Groups (modern groups) object, no DG or other group types. It's not applied to any existing groups, but if a group is edited via any of the clients that support policies, it will be updated to conform with the policy.

 

You can only have a single policy, as the underlying DirectorySettings object doesn't support multiple instances of the same object type. You can use multiple attributes, combine different types, but the total length is limited to 53 chars.

 

There is no performance penalty, and the management overhead depends on how well versed with PowerShell your IT staff is :)

Highlighted

@Vasil Michev Thanks for your response and appreciate the information provided here.

 

Please see this MS article (https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-naming-policy)

Para: The naming policy is applied to creating or editing groups created across workloads (for example, Outlook, Microsoft Teams, SharePoint, Exchange, or Planner). It is applied to both the group name and group alias. If you set up your naming policy in Azure AD and you have an existing Exchange group naming policy, the Azure AD naming policy is enforced in your organization.

 

1. It says group created across workloads(ex. Exchange), does that include Group mailboxes?

It also says, if there is existing Exchange group naming policy, then Azure AD naming policy will override this. I am not much familiar with exchange groups.

2. Exchange group naming policy is applicable to which groups?(Group mail box? O365 groups?)

3. Is it possible to use different prefix for different groups? Like can we have multiple prefix in the policy?

 

Highlighted

I already answered those above. No, you cannot use different prefixes, it's one tenant-wide setting. If you want different prefixes, you have to write your own provisioning method.

 

The article you are citing applies to only Office 365 (modern) groups, across all endpoints. The Exchange policy applies to "traditional" DGs as detailed for example here: https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-distribution-groups/c...