Microsoft 365 Groups: Everything you need to know
Microsoft 365 Groups serve as the basis for various Microsoft services such as Teams, SharePoint, Outlook and Planner and thus represent a central function for collaboration in companies. The aim is efficient collaboration between departments and project teams. However, M365 groups can quickly lead to uncontrolled growth, unclear responsibilities, data leaks and other security risks. A clear strategy for managing Microsoft 365 groups is important here.
IT administrators face the challenge of effectively managing Microsoft 365 groups, enforcing security policies and managing the lifecycle. Governance automation tools such as Teams Manager can be used to automate governance rules and reduce the workload for IT admins. In this article, I’ll tell you everything you need to know about Microsoft 365 groups, how to manage them and how to ensure optimal Microsoft 365 and Microsoft Teams governance with Teams Manager.
What are Microsoft 365 Groups and how do I use them?
Microsoft 365 Groups are a central feature of Microsoft 365 for managing permissions and collaboration within Microsoft 365. Teams and departments are organized by shared resources in Microsoft 365 Groups. Members of a Microsoft 365 group then automatically receive access to services such as SharePoint libraries, team calendars or shared mailboxes and can work on them together.
Why use Microsoft 365 Groups?
Many companies use Microsoft 365 Groups to organize their teams and optimize work processes.
Microsoft 365 Groups can bring the following benefits:
- Automatic assignment of permissions: as soon as a user is added to a group, they are given access to the associated resources without the need for an administrator to intervene.
- Centralized collaboration: Groups provide a unified platform for sharing information across different Microsoft services.
- Better traceability: As all relevant resources are managed in a central location, it is easier to find documents and conversations.
- Increased security: Clear authorizations and governance guidelines prevent unauthorized access.
Connection between Microsoft 365 Groups and Teams
When a new team is created in Microsoft Teams, an associated Microsoft 365 group is automatically created in the background. This group then manages the memberships and authorizations for connected services such as SharePoint, OneDrive and Planner. Owners of a Microsoft 365 group can also use an existing Microsoft 365 group when creating a team.
Note:
- Every team has a Microsoft 365 group, but not every group automatically becomes a team.
- Group membership determines the access levels for SharePoint sites, team chats and shared files.
- Deleting a team can lead to the deletion of the associated Microsoft 365 group if no protection policies exist.
Group Memberships
When a member of a team is added or removed in Microsoft Teams, it is also added or removed in the Microsoft 365 group. The team and channels are immediately removed from the Teams client and permissions are quickly updated.
If team members are added or deleted outside of Teams (e.g. via the Microsoft 365 Admin Center or Microsoft Entra), it can take up to 24 hours for permissions to be updated.
There are two main types of memberships:
- Static memberships: Users must be added and removed manually. This requires regular maintenance by administrators.
- Dynamic memberships: With the help of Azure AD dynamic rules, users can be automatically assigned to groups based on certain attributes (e.g. department, location or position in the company). Find out more here: Creating and configuring the rules for a Microsoft Entra dynamic group.
Automatic Licensing
In Microsoft Entra ID, security groups can be configured so that users automatically receive the required licenses when they join a group. This is referred to as group-based licensing. This eliminates the manual assignment effort for IT departments and ensures that all members have the correct authorizations.
Find out more here: instructions to configure group-based licensing for an Azure security group.
Restrictions
The following limits apply to Microsoft 365 groups:
| Maximum number | |
|---|---|
| Owners per group | 100 |
| Groups that a user can create | 250 |
| Groups an administrator can create | There are no group-specific limits for Microsoft 365. There is a general Microsoft Entra object limit that is specific to each organization. |
| Number of members | More than 1,000 possible, but only 1,000 can access the group conversations at the same time. |
| Number of groups a user can be a member of | 7,000 |
| File storage | 1 terabyte + 10 GB per subscribed user. An unlimited amount of additional storage can be purchased. |
| Size of the group mailbox | 50 GB |
The available functions and tools within the groups also depend on the Microsoft 365 plan used, the Azure Active Directory functions and the assigned licenses. Generally, Business Essentials and Business Premium as well as Enterprise E1, E3 and E5 support Microsoft 365 Groups, but the specific management and security options depend on the subscription and organizational structure.
How do I create Microsoft 365 Groups?
There are different ways to create your Microsoft 365 groups. The most common methods include creating Microsoft 365 groups via Microsoft Teams, the Microsoft 365 Admin Center, Azure Active Directory and PowerShell. Depending on your requirements and technical knowledge, you can choose the right method for you:
Microsoft Teams
You can create a new team in Microsoft Teams (this automatically creates a Microsoft 365 group with all the associated resources) or add Teams functions to an existing Microsoft 365 group. This method allows you to create new groups directly within Microsoft Teams quickly and easily.
Microsoft 365 Admin Center
You can manage and control Microsoft 365 groups centrally via the Admin Center. You can also configure additional settings such as privacy policies, group names and permissions.
Azure Active Directory
If you have advanced governance requirements, you should use this method. In Azure Active Directory, you can create and manage groups dynamically using automated rules.
PowerShell
If you want to manage large numbers of groups or automate recurring tasks, PowerShell is the right choice for you. With the help of scripts, you can create, update or delete groups in bulk.
While Microsoft Teams and the Admin Center are particularly suitable for simple group structures, Azure AD and PowerShell give you more control and automation options for larger organizations. However, you should be aware that these standard methods can often lead to uncontrolled group creation.
Teams Manager provides a structured and secure way to create Microsoft 365 groups while enforcing governance policies. This allows you to ensure that only approved groups are created and that they are provided with the correct settings.
Who can create Groups?
By default, any user can create groups. However, you should be careful here, as this can lead to uncontrolled group creation. I therefore recommend limiting Microsoft 365 group creation with governance policies and, for example, only allowing certain users or roles to create new groups.
How do I manage Microsoft 365 Groups?
What can I manage?
You have these options in the administration:
- Members and roles: Who belongs to the group and what permissions do they have?
- Naming guidelines: Uniform specifications for group names prevent duplicate or confusing groups.
- Confidentiality labels: Protection of sensitive data through access levels.
- Lifecycle management: Automated archiving or deletion of inactive groups.
Who is responsible for managing M365 Groups?
Usually, IT administrators are responsible for administration, but some tasks can also be delegated to team owners.
Here is an overview of the group roles and their responsibilities:
- Group owner: Moderators of a group. They can add or remove members and have special permissions to adjust the group settings, such as name, description or guidelines.
- Members: Regular users of the group who have access to resources but cannot make administrative changes.
- Guests: External users who have been invited to a group. Guests can be added by any group member without restrictions by the administrator.
Risks and Problems with Microsoft 365 Groups
Without a well planned governance strategy, various problems can arise. These are typical challenges that companies face:
Uncontrolled group creation
If every user can create Microsoft 365 groups, this can quickly lead to a confusing environment. This leads to duplicate or orphaned groups that are difficult to manage. Without guidelines, the number of groups continues to grow uncontrollably and inefficiency is the result.
Security risks
Without regulated access control and regular checks, sensitive data can be unintentionally shared with external users and former employees or unauthorized persons can have access to confidential information. This increases the risk of data breaches and security gaps.
Data chaos
Unstructured group creation results in scattered files, duplicate documents and confusing shares. Employees quickly lose track of things and work less efficiently and quickly.
Lack of a lifecycle strategy
Groups that are no longer used remain, even if they are no longer needed. This leads to a confusing environment and superfluous data and significantly increases the administrative workload for IT administrators.
Without well organized Microsoft 365 governance, the use of Microsoft 365 Groups can cause more problems than benefits. It is therefore advisable to implement a clear strategy for the management and control of Microsoft 365 groups. The Teams Manager offers an ideal solution for introducing automated processes.
Automated Governance of Microsoft 365 Groups with Teams Manager
With Teams Manager, you can ensure that Microsoft 365 groups are managed in an organized, secure and efficient way. The governance tool allows you to automatically enforce governance policies and centralize control over group management.
How Teams Manager helps:
- Control over group creation through defined approval workflows
- Automatic lifecycle policies to avoid orphaned groups
- Standardized naming guidelines for a better overview and more clarity
- Automatic reports to monitor usage and security
Create and manage Microsoft 365 Groups with Teams Manager
With Teams Manager, you can easily create new Microsoft 365 groups with predefined rules, lifecycles, naming conventions and approval processes. This ensures that only approved groups with the right permissions and policies are created.
Approval workflows allow groups to be created only after approval by a responsible person. This prevents uncontrolled group creation.
With Microsoft 365 and Microsoft Teams lifecycles, you can prevent unused groups from remaining in the system and taking up resources. With Teams Manager, you can set groups to be reviewed regularly or automatically archived or deleted after a certain period of time.
Naming conventions ensure a uniform group structure and make groups easy to find. You can define prefixes and suffixes, check and avoid duplicate names and categorize groups.
With predefined templates when creating Microsoft 365 groups, you can ensure that every newly created group complies with company policies.
FAQ about Microsoft 365 Groups
Everything you need to know about Microsoft 365 Groups in a nutshell:
What are Microsoft 365 Groups?
Microsoft 365 Groups are an authorization model in Microsoft 365 that connects users to shared resources and automatically grants them access to services such as SharePoint, Outlook, Teams and Planner.
Who can create Microsoft 365 Groups?
By default, all users can create groups. We recommend restricting this through policies and setting approval processes.
How can I create Microsoft 365 Groups?
Microsoft 365 groups can be created via Microsoft Teams, the Microsoft 365 Admin Center, Azure Active Directory or PowerShell. Each method has its own advantages.
How can I manage Microsoft 365 Groups?
Microsoft 365 groups can be managed via the Microsoft 365 Admin Center, Azure AD or with governance tools such as the Teams Manager. Teams Manager offers simple and automated administration.
What are the limitations of Microsoft 365 Groups?
Microsoft 365 groups are subject to certain restrictions, e.g. maximum number of members, owners or storage limits. You can find a complete overview in the article.
Why use lifecycles for Microsoft 365 Groups?
Without policies, Microsoft 365 groups can grow uncontrollably and remain unused. Lifecycles help to archive or delete orphaned groups and keep the environment clean.
Why use naming policies for Microsoft 365 Groups?
Naming conventions ensure a uniform structure. Teams Manager supports the automatic enforcement of such rules.
What are security risks with Microsoft 365 Groups?
Microsoft 365 groups can grow uncontrolled, unauthorized users can gain access and missing controls increase the risk of data leaks and compliance violations.
What advantages does Teams Manager offer for Microsoft 365 Groups?
Teams Manager automates approval processes, enforces naming and lifecycle policies and ensures clear group management.
Microsoft 365 groups are essential for collaboration in modern organizations, but require clear governance rules. Teams Manager helps you to manage Microsoft 365 groups automatically and reduce administrative effort.
Head of Marketing & Sales at Solutions2Share – Florian Pflanz has 6 years of M365 experience and has been involved in numerous projects concerning Microsoft Teams governance. In over 200 workshops, he has collected extensive knowledge and best practices regarding Microsoft Teams and companies’ management requirements.
