Office 365 Groups naming policy reaches public preview

16 Replies

Hasn't it been in Preview for ages now? Or was that Private? :)

Any idea why I'm getting the following error when I try the sample code ? i have AzureADPreview 2.0.0.154 installed

 

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
Get-AzureADDirectorySetting : Cannot bind argument to parameter 'Id' because it is null.
At line:1 char:44
+ ... Setting -Id (Get-AzureADDirectorySetting | where -Property DisplayNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureADDirectorySetting], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.GetDirectorySetting

@Dean Gross, your sample works fine for me. I guess you can simply run it like this instead:

 

Get-AzureADDirectorySetting | ? {$_.DisplayName -eq "Group.Unified"}

Thanks, I tried yours and i'm not getting an error, but as you can see, I'm not getting any results.

 

PS C:\Scripts> $setting= Get-AzureADDirectorySetting | ? {$_.DisplayName -eq "Group.Unified"}
PS C:\Scripts> $setting.values
PS C:\Scripts>

You're connected to Azure AD - right? It could be that the quotation marks surrounding Group.Unified are printer's quotations rather than the straight quotation marks required by PowerShell. That often happens when you cut and paste commands from articles.

 

What does running the command below show? You can see my complete policy...

 

PS C:\temp> Get-AzureAdDirectorySetting | ForEach Values

Name                          Value
----                          -----
CustomBlockedWordsList        Sexy,Stupid,Giggles,Funny,CFO,CEO,**bleep**,Payroll,Supercalifragilisticexpialidocious,Silly
EnableMSStandardBlockedWords  false
ClassificationDescriptions    General Use:Anyone can access,External Access:Available outside the company,Internal Only:Must not b...
DefaultClassification         Confidential
PrefixSuffixNamingRequirement O365Grp-[GroupName]
AllowGuestsToBeGroupOwner     False
AllowGuestsToAccessGroups     True
GuestUsageGuidelinesUrl       Http://office365itpros.com/GuestUserGuidelines.html
GroupCreationAllowedGroupId   12cb915b-2365-4bed-baf6-6257b3543273
AllowToAddGuests              True
UsageGuidelinesUrl            Http://office365exchange.com/GroupGuidelines.html
ClassificationList            General Use,External Access,Internal Only,Confidential
EnableGroupCreation           False

 I 

It's now public, but I thought it was pretty public when Microsoft revealed the policy at Ignite 2016 (announcement) and then discussed its operation in depth at Ignite 2017. What has changed is that Microsoft call this an AAD naming policy now... maybe to help justify the need for AAD premium licenses.

 

https://www.petri.com/office-365-groups-naming-policy

Yes, i'm connected, at least according to Get-AzureADTenantDetail is returning an object id with the correct verified domain.
When I run your example i don't get any results
PS C:\Scripts> get-azureadDirectorySetting | ForEach Values
PS C:\Scripts>

Did you ever create an Azure AD policy object to store custom settings for the domain? From Chapter 15 of "Office 365 for IT Pros":

 

[PS] C:\> $Policy = Get-AzureADDirectorySettingTemplate | ? {$_.DisplayName -eq "Group.Unified"}
[PS] C:\> $Settings = $Policy.CreateDirectorySetting()
[PS] C:\> New-AzureADDirectorySetting -DirectorySetting $Settings

I made the assumption that you already had a policy...

Thanks, I was actually trying to determine what a customer had configured and it appear that they have not done this, which does not surprise me. Nowhere on the instructions at https://docs.microsoft.com/en-us/azure/active-directory/groups-naming-policy does it state that a directory needs to be created in order to get the settings.

I'll add a comment to that page and go read your book again :)

This is why I have a book and why I update it all the time. It's impossible to keep track of all the bits and pieces that happen inside Office 365 and the devil is in the detail, so I write it down so that I can get back to it when I need...

I think i need to just keep your book open in my pdf reader and only close it to get the updates. There is so much good content in it that I need to get more familiar with. 

I need to keep the book open all the time to remember what's written in it...

is there a time delay on a change like this?  I've confirmed these settings are in place (almost 6 hours ago), and they don't seem to be enforced yet.

Hi!

 

We would like to implement a naming policy that adds custom attribute number 14 from Azure AD as a prefix. Is that possible? What is the syntax for fetching that custom attribute?

 

Would you say it is safe to add the naming policy in a production environment even though it is still in Public Beta and not GA?

AFAIK, the Azure AD naming policy doesn't take a custom attribute into account when it constructs names. This would be easy to do with PowerShell by updating the DisplayName attribute with whatever's in CustomAttribute14 after a group exists.

And it is safe to use the policy. All it's doing is making sure that the DisplayName attribute is correctly populated. You can do that yourself or let the policy do it.