The ability to restore deleted groups only covers Microsoft 365 groups. That’s an odd situation to be in given the different types of groups in Microsoft 365, and the reasons why things work (or don’t) the way they do is down to history and different teams within Microsoft. It’s logical that customers assume they can restore any type of deleted group. Microsoft needs to do some magic to make that assumption real.
Office 365 Connectors bring data from external sources into Microsoft 365 apps like Teams and Outlook. Workflows and Power Automate are replacing Connectors for Microsoft 365 Groups (Outlook groups) and SharePoint Online. Connectors are still available in Teams but for how long? No one knows, but it does seem like Microsoft is rationalizing no-code automation around Power Automate.
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I’ve worked on since 2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous ‘not recognized as a valid datetime’ problem, so another update was needed. All good, clean fun.
This article describes how to block welcome messages for new members of Microsoft 365 groups using a resource behavior option (a group setting). This is an immutable setting that prevents the Groups service sending welcome messages to new members. You might want to take this approach when creating team-enabled groups.
Microsoft suggests that allowing every user to create new Microsoft 365 groups. That’s mad. Controlling group creation through policy settings is the only way to go. It will avoid group sprawl (or team sprawl) and avoid a lot of administrative effort that will otherwise be devoted to cleaning up the mess of unused and unwanted groups. This article explains how to update policy settings to control group creation using cmdlets from the Microsoft Graph PowerShell SDK.
This article explains how to use PowerShell to create dynamic Microsoft 365 groups (and teams) based on the departments assigned to Entra ID user accounts. Creating a new group is easy. The trick in team-enablement is to wait for the synchronization between Entra ID and Teams to finish before you go ahead. After that, it’s plain sailing.
It would be nice to report that Microsoft’s new My Groups page delivers great user-centric group management portal, but it doesn’t. My Groups can’t deal with distribution groups (lists), which is surprising because distribution lists are a valid Azure AD group type. What’s worse is that the OWA option to manage distribution lists doesn’t work any more. There’s little evidence of Microsoft joined-up thinking here.
Container management labels apply settings to the Microsoft 365 Groups to which they are assigned. This article describes how to generate a report about the container management labels assigned to groups. The report highlights groups that don’t have labels and those that don’t have owners.
The Microsoft 365 Groups Report (membership of groups and teams) originally used the Azure AD and Exchange Online PowerShell modules. Now its code uses only cmdlets from the Microsoft Graph PowerShell SDK. It’s an example of the kind of update that many organizations are going through due to the upcoming deprecation of the Azure AD and MSOL modules.
A November 3 announcement says that Microsoft will deprecate the bulk distribution list migration feature in the legacy EAC on February 1, 2023. Although no one will probably be surprised by the news, it’s disappointing that all Microsoft can suggest is a manual conversion process for those who want to move (simple) distribution lists to Microsoft 365 groups. Is it too much to ask to have a PowerShell script to do the job?
Hidden membership is supported for Microsoft 365 Groups and distribution lists. Hidden membership means that no one except members and admins can see who’s in a group. It’s a useful feature if you don’t want people poking around to find out who’s in a group or distribution list. One thing to be aware of is that once a Microsoft 365 group has hidden membership, it has it forever. Distribution lists on the other hand can flip between hidden and visible membership.
Like all apps, the Azure AD Admin center has its own quirks and inconsistencies. In this article, we cover issues creating groups when the admin center doesn’t apply sensitivity label container management settings properly, and group-based license management, which only works if the group’s security enabled property is set correctly.
A new preview feature supports the creation of dynamic Azure AD groups based on the membership of other groups, including dynamic groups and distribution lists (aka nested groups). It’s a nice feature that adds value, even if dynamic groups require Azure AD Premium P1 licenses.
Despite the advent of shared channels in Teams and the wonders of Azure AD Direct Connect, the chances are that Azure AD B2B Collaboration (Azure AD guest accounts) will remain the predominant method for external collaboration for the immediate future. That’s not so bad, as long as you maintain good guest hygiene!
Teams supports external access through guest account membership in teams and external sharing of shared channels. Sometimes, things go wrong and sharing can’t happen. In this article, we explore some common reasons and explain the solutions. And the need for patience!
A new feature for Azure AD access reviews allows Microsoft 365 tenants to check for inactive guest accounts in group memberships. It’s useful functionality if your Microsoft 365 groups are used for Teams rather than Outlook groups. Email activity is ignored by these access reviews, so all guest members are deemed to be inactive!
The Microsoft Graph SDK for PowerShell includes cmdlets to create Entra ID Groups and manage those groups afterward. The cmdlets work and in some places they are screamingly fast compared to Exchange Online or Azure AD cmdlets. In other places, the cmdlets are a tad bizarre and expose a little too much of their Graph underpinnings. Oh well, at least after reading this article, you’ll know where the holes lie.
It seems like it should be possible to transfer a membership rule from an Exchange dynamic distribution list to a dynamic Microsoft 365 group/team, but it’s not. Different directories, schemas, properties. and syntax conspire to stop easy conversion. It’s a pity, but that’s the way life and technology sometimes go…
This article explains how to create a new Microsoft 365 group and team using the membership and properties of an Exchange Online dynamic distribution list. The process is reasonably straightforward, but as always with PowerShell, there are some interesting turns and twists that must be navigated en route.
The Microsoft 365 Groups and Teams Activity report is a PowerShell script which tries to work out if groups and teams are inactive by checking various usage indicators. Because it’s written in PowerShell, tenants can change the script as they like, perhaps even adding some extra turbocharging to the ideas we’ve incorporated into the code.
The Microsoft 365 group expiration policy can remove inactive groups after a set period. This helps clean up Azure AD, but the removal of a group might come as a surprise. To help remind administrators when groups will expire, we can use PowerShell to create a report of groups within the cope of the expiration policy and their next renewal dates. And to speed things up, we can turbo-charge matters with a Graph query.
A new List Teams API is available in the beta version of the Microsoft Graph. In time, the new API might replace the existing methods used to fetch sets of teams for processing. For now, there’s no need to update any code as we wait for Microsoft to fully bake the new API. Maybe it will be more performant and functional in the future!
It might seem like a small thing, but some users are upset when they don’t receive copies of their messages sent to Outlook Groups in their Inbox. A new setting allows users and administrators to control if they receive copies of messages from groups, but only when the user is a subscriber to groups (Follow in Inbox is turned on). In this article, we explore how to set the EchoGroupMessageBackToSubscribedSender control via OWA options and PowerShell, and how to sign up to be a group subscriber by yourself or with a little help from an Exchange administrator.
The SharePoint Online admin center displays an insight card for the number of unlabeled sites in the tenant. For some reason, many of the labels assigned to Microsoft 365 Groups and Teams had not reached SharePoint. Some PowerShell does the job to fetch the sensitivity label information from Exchange Online and update sites with the missing label information.
Microsoft is preparing to enable lightweight plans soon. The new plans are managed via the Planner app and should turn up in Teams meetings as a fluid component to allow meeting participants to capture tasks assigned during calls. It’s a neat way to use a plan that isn’t associated with a Microsoft 365 group. We’ll see what happens in September/October when the functionality lands. Also, a new cmdlet is available to export Planner data for a user. You never know where this might be useful.
Azure AD administrators should be able to assign a reserved alias to a new group. At least, that’s what the documentation says. As it turns out, this isn’t strictly true as there are places where administrative interfaces (GUI and PowerShell) block any attempt to use reserved aliases. Does this matter? Probably not, unless you like consistency… which we do!
Controlling the creation of Microsoft 365 Groups might seem complex, but it’s not as complicated as it might seem. Make sure Azure AD allows group creation, and then you can either allow everyone to create new groups or restrict the right to a limited set of accounts (a capability requiring Azure AD Premium licenses). And don’t forget OWA, because it’s got its own mailbox policy with a group creation setting. All good, clean, honest fun.
Microsoft has updated the creation settings for security groups and Microsoft 365 groups in the Azure AD admin center. The changes impose consistency over administrator creation of these groups and probably won’t affect tenants, but it’s good to check. The change makes us ponder why Microsoft doesn’t improve the GUI for other group controls, like those controlling who can create new Microsoft 365 Groups.
Many PowerShell scripts which access Office 365 data could do with a speed boost. Replacing cmdlets with Microsoft Graph API calls is one way to get extra speed. In this article, we take a PowerShell script to report the memberships users have of Microsoft 365 groups and replace some important cmdlets with Graph API calls. The result is a big speed increase.
New teams created using Teams clients are hidden from Exchange Online, but those created using administrative interfaces are not. The result is potential confusion. in this post, we describe a PowerShell script to find any team-enabled Microsoft 365 Groups which are visible to Exchange and hide them. It’s easy scripting, but you need to run the script periodically to update the settings for new teams.
Sometimes it’s wise to give PowerShell scripts a turbo boost. This is certainly true for the Groups and Teams Activity report script, where a large amount of PowerShell processing has been replaced with speedy Microsoft Graph API calls. The result is much faster processing, which means that the script is more useful in large tenants. I still wouldn’t try to run it against 100,000 groups, but anything smaller should be OK. I think!
Blocking domains through the Azure AD B2B collaboration policy stops group owners adding new guest accounts from certain domains. It does nothing about existing guests from those domains. Fortunately, it’s relatively easy to check the guest membership of Groups and Teams to find guests from the blocked domains. And once you know those problem guests, you can decide what to do up to and including removing guest accounts from the tenant.
SharePoint site owners can teamify (team-enable) their site, which is nice, Now you can create channel tabs based on site resources during the team enablement process. It’s a nice new feature but you must remember that a new team only has a General channel, so site resources will end up in a place where they might necessarily not end up in the long run.
Organizations can choose to control updates of user photos by policy in their Microsoft 365 tenants or allow users to go ahead and use any image they like. In this article, we explore the value of having a user photo for every Office 365 account (and Teams and Groups too) and the choices organizations must make when they decide whether to control user-driven updates.
The Microsoft 365 admin center UI to manage group memberships might look pretty, but it’s not as functional as it could or should be, especially for large groups. The lack of search, sorting, and filtering capabilities is OK when a group has fewer than 50 members, but once past that number these features matter. It’s time for some TLC for group management.
There are many examples of PowerShell scripts which create reports about the membership of Microsoft 365 Groups. Most are slow. This version is faster because of its per-user rather than per-group approach to processing. The output is a nice HTML report and two CSV files containing a list of memberships in Microsoft 365 Groups and summary data for each user in the tenant.
Microsoft has announced that recordings of Teams meetings stored in OneDrive for Business will be blocked for download by anyone except the owner. The change will roll out in mid-April and should be complete by mid-June. Microsoft’s post draws attention to the fact that you shouldn’t use channel meetings to discuss confidential topics. It’s all to do with the Microsoft 365 Groups membership model.
Many people want to print off membership details of Microsoft 365 groups, which makes it curious why Microsoft doesn’t support the option in Teams, OWA, or other applications. Fortunately, it is very easy to extract and report membership with PowerShell. Here’s how to generate a HTML report with a CSV file on the side.
The inbound webhook connector used by Teams and Microsoft 365 Groups to accept information from external sources is getting a new format. Existing connectors must be updated by April 11, 2021. If not, data will stop flowing into the target channel or group, and that would be a bad thing.
You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.
