cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Office Group as Security Group

Dean Gross
Silver Contributor

‎Feb 22 2018 12:02 PM - last edited on ‎Feb 06 2023 03:20 AM by

‎Feb 22 2018 12:02 PM - last edited on ‎Feb 06 2023 03:20 AM by

Office Group as Security Group

@Tony Redmond on Page 535 of you book it says " cannot use an Office 365 group as a security
group". I'm confused, SharePoint online uses the Office Groups owner and member attributes to assign accounts to the SharePoint Owner and Member groups which are used for security purposes.

 

Can you expand on the statement in the book to help me understand what was written? 
  
 

Labels:
6,015 Views
0 Likes
6 Replies
Reply
6 Replies
best response confirmed by VI_Migration (Silver Contributor)
Tony Redmond

‎Feb 22 2018 12:43 PM

‎Feb 22 2018 12:43 PM

Solution

Re: Office Group as Security Group

Office 365 Groups can't be used in the same way as an AAD security group. For example, you cannot use an Office 365 Group as the basis for the RBAC permissions as deployed inside Exchange Online. But SharePoint Online has special code to allow it to use Office 365 Groups to manage membership for a site collection through the groups that you mention (a surplus of groups). These groups are a construct specific to SharePoint and do not appear when you look at Groups through the Office 365 Admin Center as they are not AAD groups. I guess to make SharePoint work, there's an internal mapping between the membership links exposed in Office 365 Groups to the owner and member groups for the site collection.

 

 

1 Like
Reply
Steven Collier

‎Feb 22 2018 01:02 PM

‎Feb 22 2018 01:02 PM

Re: Office Group as Security Group

The different group types are such a clossal pain, there are three types and it seems like every app is allowed to randomly pick 1 or 2 of these not to support.

 

For example

  • Skype call queues will use Unified or Mail Enabled Security Groups, but not Security Groups.
  • PowerApps only seems to like Mail Enabled Security Groups
  • Flow can update the members of Security Groups, Unified groups but not Mail Enabled Security Groups

It's time there was only one type of group, and collaboration features were options on each.

1 Like
Reply
Tony Redmond

‎Feb 22 2018 01:15 PM

‎Feb 22 2018 01:15 PM

Re: Office Group as Security Group

Not to mention the places where you can select a distribution group from a picker, but not an Office 365 group...

0 Likes
Reply
Haider Ali

‎Jun 22 2018 05:21 AM

‎Jun 22 2018 05:21 AM

Re: Office Group as Security Group

Is there a work around to this limitation? Maybe a dynamic security group that auto updates itself based on changes to Office 365 group?

0 Likes
Reply
Haider Ali

‎Jun 25 2018 12:23 AM

‎Jun 25 2018 12:23 AM

Re: Office Group as Security Group

Well. That worked. I created a dynamic security group based on a common variable and viola.

1 Like
Reply
Hannes_L760

‎Jan 28 2019 02:40 AM

‎Jan 28 2019 02:40 AM

Re: Office Group as Security Group

Hi,

could you further explain how to achieve this?

There is no variable like "memberOf" in the dynamic group membership settings.

 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Tony Redmond

‎Feb 22 2018 12:43 PM

‎Feb 22 2018 12:43 PM

Solution

Re: Office Group as Security Group

Office 365 Groups can't be used in the same way as an AAD security group. For example, you cannot use an Office 365 Group as the basis for the RBAC permissions as deployed inside Exchange Online. But SharePoint Online has special code to allow it to use Office 365 Groups to manage membership for a site collection through the groups that you mention (a surplus of groups). These groups are a construct specific to SharePoint and do not appear when you look at Groups through the Office 365 Admin Center as they are not AAD groups. I guess to make SharePoint work, there's an internal mapping between the membership links exposed in Office 365 Groups to the owner and member groups for the site collection.

 

 

View solution in original post

1 Like
Reply