O365 Groups: Are you in control?

Reading Time: 6 minutes

If you work in O365 and have enabled the Groups feature for your tenant you are likely starting to see groups crop up and being used in “real world” scenarios. If you are a First Release user/tenant by now you will have also noticed a full SharePoint Team Site being provisioned alongside each Group. (Microsoft Announcement)

I’m an O365 Consultant/Adoption specialist which means I work alongside businesses to help roll-out and adopt new capabilities as they are being introduced across their tenants. Part of my role is to help ensure staff are aware of the new tools and equipped with the knowledge to use them effectively to get their job done. The ultimate goal? The right tools are being chosen intuitively for the day-to-day collaborative work across (and outside of) an organization.

I think Groups are a tremendous value-add as a collaboration option within O365 and I fully expect to see more features added in the coming months and years. There are, however, a few aspects of Groups I think may cause organizations some angst from a governance/risk perspective. I’ll identify three hot zones for O365 groups and the mitigations for each in the remainder of this post.

  1. Who can create a group?
  2. What does it mean to be a Group owner?
  3. Is Information being managed?

Circle4#1 – Who can create a group? Although there may be some organizations that will allow/encourage their users to create groups at will, many won’t. This concern has to do with the governance of group creation and how if left unchecked could result in Group site sprawl. There are a few controls in place for an organization to limit this however. You can either disable the creation of groups entirely at the tenant level if you aren’t ready to roll-out groups just yet OR configure a setting in Azure Active Directory to limit group creation to members of a particular Azure AD group.

Check out this great post by Drew Madelung (@dmadelung) explaining how to do this – Managing Office 365 Group Creation

TIP: An organization could set up a business workflow process for staff to submit a request for a group allowing for some process and governance to be placed around when a group will be created. Great idea for a Power Apps and Microsoft Flow application by the way. 🙂

Circle15#2 – What does it mean to be a Group owner? I recommend providing a primer to the O365 Group Owners on what it means to be one.

Remember, these are not solely IT folks. (as groups span across an organization most owners will in fact likely not be in IT) An owner of a group has A LOT of power and without sufficient training, guidelines and support may “shoot themselves in the foot”. It is our responsibility to set them up for success.

Here are a few suggestions for things you may want to communicate to your Group owners:

  • as an owner you have access to invite others to your group, delete people from your group and make someone an owner of your group
  • as an owner you can add guest users (people from outside your organization) if this option has been enabled for your organization. (Link)
  • when setting up the group an owner can automatically subscribe members to receive group conversations in their inbox. If this option is not selected, members will have to individually modify their email notification settings to change them (choices are ‘replies’, ‘replies & events’, ‘all’, ‘none’).
  • as of November 2016 if you delete your group, there is no way to get it restored.  I.e. Be careful!  (Note: according to the FastTrack Roadmap items identified later in this post, the ability to recover a deleted Group is currently in development)
  • you can delete conversations from the group (even ones you didn’t start or add)

TIP: have a general “best practice” on the number of owners you want for a group and communicate to the group owners. My opinion right now is 2, maybe 3. Remember, they all need to be trained on what being an owner means.

Also, within the SharePoint Team Site provisioned for the group, the Group Owner is automatically a member of the “Team site Owners group” which means they have Full Control of the site.

I will not provide prescriptive guidance on what training to provide for the SharePoint site owners. You may want to initially leverage what you already have in place for team site owners in your regular SharePoint environment (if you have one). That, however, may not be the exact training you give Group owners – for example the type of content and/or type of customization you will allow in a Group site may be different from what you would allow in a traditional Team site. Also, you may not allow non-IT staff do be a site owner in your regular SharePoint environment.

My recommendation?  Understand the organization you’re working in (culture, IT support model, capabilities) and then build the governance plan and training/support material based on those parameters.

Circle12#3 – Is Information being managed? This is a big topic and in my opinion is definitely something that will keep Information Management and Records Management teams in an organization up at night. The traditional world of Records Management does not translate well to the O365 collaborative world.

Some things to consider:

  • Do you have a plan in place to handle the content living in Groups strewn throughout your organization? Some of the content will have long-term business value (i.e. records) and I can guarantee this will be a concern for the Information Management teams in your organization. Ideally, an organization should have policy in place to address this type of content.
  • What is the process for these records? Will they be moved out of the group into a more permanent home before the group is deleted? How will you control this? You need to have these answers defined, particularly if you are in a regulated industry.
  • You can configure site columns/content types/policies in the SharePoint site provisioned for an O365 group. Will you be utilizing any of these Information Architecture features?

You can create a custom classification system for an O365 Group during provisioning that will appear as a label in the header of the site and group pages and serve as a reminder to users how they should use and share information on the site. Although this is good, ideally we need to enforce these guidelines for the content in an automated way. To that end, you can programmatically access this site classification to apply additional security policies if required.

From What’s new in O365 Groups Administration June 2016 Update Data Classification and Extensible Policy: You’ll be able to create a customizable data classification system for Office 365 Groups that allows separation of groups by policy type (e.g., “unclassified,” “corporate confidential” or “top secret”). In this manner, your groups can exhibit the policies of other content in your organization. Extensible policy allows your organization to configure an endpoint that is called whenever a group is created or changed—and you can then implement your own policies for group creation or change.

Roadmap for O365 Groups

From the FastTrack Office 365 Roadmap, there are 3 items in development (as of November 2016) related to Information Management in O365 Groups. Clearly, this is an area of focus from Microsoft:

  1. Office 365 Group: deletion recovery
    • We’ll allow end users and administrators to undelete an Office 365 Group and its contents in one action
  2. Office 365 Groups preservation and deletion policy
    • Create and manage preservation and deletion policies that affect Office 365 Group mail and files in one step using the security and Compliance Center
  3. Advanced Data Governance
    • Advanced Data Governance in office 365 will intelligently bring this information overload under control and support our customers’ ability to achieve organizational compliance. By leveraging machine assisted insights we will help organizations stay compliant and reduce risk by finding and keeping what’s important while leaving behind redundant, obsolete and trivial content (ROT).


This is only the beginning of the O365 Group journey.  The sooner you can develop an adoption strategy and put a training plan and policies in place the better positioned you’ll be to stay ahead of the curve. You need to be willing to adapt and change your plan over the coming months and years as new features are rolled out. Is this challenging? Yes, but its a necessary step to be able to successfully ride the collaboration wave coming at us.

Are you using Groups in your organization? If so, are you in control?

Thanks for  reading!



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.