By default, every user in your organisation has the right to create a group Office 365 . This is a big advantage for collaboration, but an even bigger headache for management.
Imagine: everyone creates groups without standardisation or consultation with others?
If you want to avoid all the chaos and manage your groups without stress, read on and find our list of best practices.
No. 1 Configuring the Group Naming Policy Office 365
It is recommended that you use a group naming policy to enforce a standard naming policy. Setting up a naming policy will help your users to identify the group's function, its members, its geographical region or the group's creator.
There are two naming strategies, described below:
1. Prefixes and suffixes
The simplest way to define your naming conventions is to use prefixes and suffixes. These can be fixed strings, such as '_Name', or user attributes, such as [Department], which will be substituted according to the group creator.
For example, let's imagine a company that operates worldwide and has several marketing departments. If a Swiss user wants to create a group called "Promotional content", it would be wise to define a strategy similar to this one:
Policy = " [Department] [Country] [Group name]".
In this case, the attributes Azure Active Directory (AAD) of the group creator will be:
Department = "Marketing Country = "CH
This would lead to the creation of a group with this name:
Name of the group = "Content Marketing of Swiss Prom".
With a simple glance at the group name, you can identify the location and function of the group.
Some important points to note
- This feature requires a AAD Premium licence.
- The user attributes supported in AAD are as follows: [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title].
- All other user attributes are considered fixed strings, for example, "[Postcode]".
- You cannot add extension attributes or custom attributes.
- You can write up to 53 characters in suffixes and prefixes.
2. Blocked words
For reasons of security or decency, you can create a list of blocked words ( separated by commas) that cannot be used for group names. A common scenario is to block profanity and obscenities, or specific words that you want only certain users to be allowed to use. For example, if a user in a human resources department wants to enter the word "Payroll" without an administrator's permission, the group name will fail because that administrator has restricted the use of that word to Finance users.
Things to bear in mind
- This feature requires a premium license AAD.
- Blocked words only work as an exact match.
- Blocked words are not case sensitive.
- You can block up to 5000 words.
Replacement of the administrator
As a general rule, a select group ofadministrators are exempt from these rules and are allowed to create groups with any naming conventions they wish, even with blocked words. Administrators who can generally be exempted from these policies include:
- Global admin.
- Level 1 partner support.
- Partner support level 2.
- User account admin.
- Writers' directory.
Check out how to configure the naming policy with Azure AD PowerShell.
No. 2 Configuring the Group Expiry Policy Office 365
Before Office 365, only administrators were allowed to create groups. Now, by default, every tenant user can automatically provision a new group with a few clicks. This can increase the number of groups in your tenant, potentially making them almost impossible to manage. At some point you will need to clean up the mess and delete some of your groups - groups that may no longer be in use or duplicate groups. A simple method is to use an expiry policy to remove your unwanted groups. Deleting unnecessary groups will also clean up storage and save you money.
What is an expiry policy?
Administrators can specify an expiry period after which the group will be deleted. Group owners will automatically receive an email before the expiry allowing them to renew the group for another expiry interval. When a group expires, it is deleted in software, which means that you can restore it for up to 30 days.
Who can set it up?
There are three levels of permissions for the Expiry Policy. The global administrator ofOffice 365 can create, read, update or delete the expiry policy settings of groups Office 365. Group owners can renew or restore groups they previously owned.
How can they set it up?
Expiration is disabled by default. Therefore, if you wish to use it, the administrator must enable it for your hosted client. To enable it, do the following:
- Open the administration center Azure Active Directory ( AAD) .
- Access the groups;
- Under Settings, click on the Expiration option.
Here you can set the default group lifetime and specify how far in advance you want to trigger the first and second expiry notifications. The group lifetime can be set to 180 days, 365 days or a custom value that you specify.
No. 3 Configuring the list of authorisations / group blocks Office 365
Allow guest users
Suppose your company has a partnership or regularly collaborates with another company. You can add the partner company's domain to your control list so that your users can add these guests to their groups.
Blocking guest users
If you do not want your users to add people from certain domains, such as private email, to their groups, you can add those domains to the red list. For example, you can add the domains of Gmail.com, Yahoo.com or other popular email providers to your ban list.
Important points to note
- You cannot set up the authorisation and block lists for a single group. By default, any domain that is not in the authorisation list is in the block list and vice versa.
- This feature is only available with a AAD premium license.
- You can currently only define one authorisation/block list per organisation. However, you can update the existing list countless times.
- An authorisation/block group list operates independently of an authorisation/block list SharePoint.
- The list does not apply to guests already added to the group, but you can remove them viathe script or using our permissioncontrol tool
Would you like to delegate this task to us or do you have a simple question or suggestion? We will be happy to answer them by email or telephone.