This is my compilation of the something out of everything you need to know about the M365 Groups.
Over the course of time Microsoft brought different types of groups to manage users and computers. In all those scenarios, the group was capable of performing one task or 2 maximum.
Act as a Security Group or an Exchange Distribution List or both at once.
Microsoft 365 Groups for the win
As you know already, it’s latest iteration is Microsoft 365 Groups and this has been in the scene for quite a while now. Office 365 Groups, familiar?
But what does it do when you create one? What are it’s capabilities and how it helps you to bring all Microsoft 365 aspects under one group and mainly single identity across Microsoft 365 resources
Check the Microsoft 365 Groups Posters
A few places to manage a M365 Group
This is mainly because of the fact stated above. M365 group will be the back-bone of many services that’s involved. So from each service, there is a way to access it to complete it’s requirement
- M365 Admin Center > Groups
- AAD Portal > Groups
- Exchange Admin Console > Recipients > Groups
- SPO Admin Console > Sites > Active Sites
- Teams Admin Console > Manage Teams (if Teams has been enabled)
- PowerShell > get-unifiedgroups or get-azureadgroups
1. Places where a M365 Group is getting created automatically when,
- You create a Team
- You create a SharePoint Team site
- You create a planner
- You create a Yammer Community
- You create a Shared Outlook inbox
- You create a Stream
and the list goes on….
Quick facts
2. Importance of the Owner being a member of a Group
Group owner can pretty much see everything that is happening in the services that are attached to the M365 group and mainly the owner can manage the group. Add/ remove members, delete the group etc.
However, for an example the owner to be able to search items in Teams, create a Planner inside a Team for an example, that Owner also should be a Member of that specific M365 Group.
Go to Admin Center > Groups > look for the Group in Active Groups > Members > click on View all and manage members
3. Setting M365 Groups with an expiration
This is ideal for groups thats created for a specific project that you know you’ll no longer needed after sometime. This will also eliminate the hassle of housekeeping work for Groups after sometime.
Steps: Create the M365 Group from the Azure AD portal
Set expiration
Azure AD portal > Azure Active Directory > Groups > Expiration
Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and Power BI.Group lifetime (in days)
3. Controlling the Group creation feature
This option may come in handy for a medium or larger organization to control over Groups. This feature is recommended to have ON so only the IT admins can create the Groups as required. This can eliminate the duplication and user creating the Group and then forgetting about it.
**Blocking this function will take the user’s ability to create a Team, Planner, SharePoint Site for an example and only a selected group can perform such task**
**To manage who creates groups, the following people need Azure AD Premium licenses or Azure AD Basic EDU licenses assigned to them**
Rather than re-inventing the wheel, I will direct you to the Official Microsoft Docs page as it has the required steps. Please check here
It’s important to go to Azure AD Portal > Azure AD > Groups > General under Settings
Switch NO to Users can create Microsoft 365 groups in Azure portals option and press Save
4. Deletion and Restoring a M365 Group
A group deletion will make it to go to a Soft-Delete state where you are able to recover it within 30 days.
To recover: Go to Admin Center > Groups > Deleted Groups > Select the deleted group and click Restore Group
Use the below command to permanently delete the Group and this WILL NOT go to the Deleted Groups section as it’ll be permanently purged.
to do this, Get the previously soft-deleted Group’s Object ID.
Get-AzureADMSDeletedGroup
Purge the Group
Remove-AzureADMSDeletedDirectoryObject -Id <object ID>
5. M365 Groups Naming Policy
Naming convenstions to manage objects is always a good thing and the best practice. This can bring uniformity and if this can be adopted from the begining its a win.
Set Blocked words if required
Azure AD Portal > Azure Active Directory > Groups > Naming Policy
Group Naming Policy
This will allow you to add prefixes and suffixes according to the requirement. It can be either a String or an Attribute that comes from the AD. This will take effect if a user creates a M365 Group.
6. Retention Policies for M365 Groups
If you are already using Retention Policies, this can come in handy where you can retain the mails and files in the M365 Groups
- Login to https://compliance.microsoft.com
- Go to Information governance
- New Retention Policy
- Name the policy
- Set the time period
- Keep the switch ON only for Office 365 and select the Groups
- Review and create the policy
7. Convert Exchange Distribution Lists to M365 Groups
This is another good and a quick fix (not a workaround) to convert the traditional DLs to M365 Groups.
Creating a Team will involve creating a M365 Group which predominantly require the same set of users as members.
Converting the current DL can cater this feature and this will still preserve the DL functionality as well.
Some useful info from the official Microsoft doc pages
Process to convert
- From Exchange Admin Center
M365 Admin Center > Exchange Admin Center > recipients > Groups
Click on the New button
This will show the upgradable DLs
Select the DL and click on Start Upgrade button
Once the upgrade is done, it’ll be available in the Upgraded DLs section
2. PowerShell
**People with global admin or Exchange admin rights can run the below commands after connecting to EXO on PowerShell**
Single DL
Check eligibility
Get-DistributionGroup \<DL SMTP address\> | Get-EligibleDistributionGroupForMigration
Upgrade
Upgrade-DistributionGroup -DlIdentities <DL address>
Few DLs at once
Upgrade-DistributionGroup -DlIdentities <DL1 address>, <DL2 address>, <DL3 address>
Get the upgreadable DL list
Get-EligibleDistributionGroupForMigration | Foreach-Object{ Upgrade-DistributionGroup -DlIdentities $_.PrimarySMTPAddress}
8. Hide a M365 Group from the Global Address List (GAL)
Why do you need this option?
This is not needed if you need to let users be able to send emails to the groups so they’ll be visible in the GAL.
Run the below commands if you need to hide them from GAL
Set-UnifiedGroup -Identity -HiddenFromAddressListsEnabled $true
9. Use M365 groups for modern work
Example, when you have one M365 group for the department, without creating another group, the same M365 group can be setup for,
Group Based Licensing,
Conditional Access Policies
10. Last but not least, PowerShell
Run the below command to get the full gist of info on the M365 Group.
This basically gives you info regarding all of it’s services that’s connected to at the moment that I’ve elaborated earlier.
Get-UnifiedGroup -Identity <displayname>
Eg: Get-UnifiedGroup -Identity Test-Team-2_c782b9817-ea6a-0000-d481-123cc222222a |fl
Summary
You still might need to consider Security Groups for certain operations . For an example, M365 Groups can’t support NTFS permissions, hence it can’t be used to grant permissions for Azure Files.
Hope this will be helpful you to manage and plan the modern groups in the environments in a meaningful manner.
EMS Route - Shehan Perera 
One thought on “Microsoft 365 Groups Cheat Sheet”