Aug 03 2020 07:02 AM
Hi,
I'm posting to try to get an idea of how other people are approaching the problem of assigning permissions in the Modern SharePoint Online world.
Since we now aim to build sites composed of many site collections (rather than subsites), managing permissions needs to be centralised in Office 365, otherwise we end up managing permissions across many site collections.
So, the approach we've been taking is to create Office 365 security groups and add these groups to SharePoint permission groups. Sometimes, the security groups are nested. So far so good.
However, I'm running into real problems with the reliability of this approach. For a start, there's a long delay on adding users to the Office 365 security groups and the user getting access to SharePoint - presumably some timed sync happening behind the scenes. Secondly, the "Check Permissions" function in SharePoint is either massively unreliable or some permissions are not getting added at all. No matter how long I leave it, some users added through security groups never show up as having permissions.
This leads to users being temporarily dropped directly into SharePoint groups, and hence security governance takes a hit.
Has anyone else encountered this? Do you have any advice to give?
Aug 03 2020 07:37 AM
Aug 03 2020 07:49 AM - edited Aug 03 2020 07:53 AM
All our customers use security groups in Azure AD rather than Microsoft(Office) 365 groups. Never had a problem using AD security groups as you mention.
EDIT: Re-read your question, in Azure AD or Microsoft 365 Admin portal you can create a Microsoft 365 group or a security group, assume you are creating Microsoft 365 groups, if so, try Security group.
Aug 03 2020 07:53 AM
Aug 03 2020 08:13 AM
What you talking about is the same thing, terminology Microsoft now use is Security Groups and Microsoft 365 Groups. Both of which can be created in the Microsoft 365 Admin portal or Azure AD Portal.
Do you have an on-premises AD that is synced to Azure AD? Where/how are you adding the users?
Aug 03 2020 08:18 AM