Microsoft released a new feature called Groups. This article describes the anatomy of Groups, their architecture and their structures in the backend. At the end of the article you’ll learn how to create Groups and how to disable users from being able to create them.
This article will be useful for architects and IT pros who work with Azure Active Directory, Exchange (groups and policies) and SharePoint Online.
To read more information about the ideas behind Groups, check out this link: http://blogs.office.com/2014/09/25/delivering-first-chapter-groups-office-365/.
Structure of a Group
An Office 365 Group is made from several Office 365 components as shown in the figure below.
Groups in Azure Active Directory
Now let me talk about Groups and Azure AD. Groups use Exchange Online and SharePoint Online. So what kind of objects are Groups? The answer is that Groups are Azure AD objects.
As you can see from the previous figure (which is actually two screenshots stacked) there is a Groups tab in Azure AD and there we can find a list of all Groups. Navigating to my testgroup you can see settings and information, including the Objekt-ID, which is the unique identifier for the Group.
So Groups are not a SharePoint Online thing and also not an Exchange- or Outlook Online thing. Groups are located in Windows Azure AD and Groups are a feature of Office 365. Because of this, Groups can easily be used in all features belonging to Office 365 and the underlying Windows Azure AD. The blog from the Microsoft Office team I mentioned at the start of this post talks about “…In upcoming phases, we will add Yammer and Lync to the Groups experience to help you do even more”. Now we understand that this can easily be done based on the underlying Azure AD.
Groups are only available in Office 365 using Outlook Web Apps (OWA), so you may only access groups using the web client.
For every Group, you’ll see an overview page like this:
You can see all the conversations for this Group. Based on the “subscribe setting” during the create dialog, every post in a conversation will result in an email to all members of this Group.
You can also see that Groups share elements like calendar and files. Calendars are based in Exchange Online but files are based in SharePoint Online. Navigating to the Our files page of a Group redirects to the user’s OneDrive location for the Group where they see content from all Groups that they are members of.
But the user’s OneDrive location is not where the documents are stored. For every Group, a hidden Site Collection is created in SharePoint Online. You cannot see this Site Collection in SharePoint Online administration, but you can see the URL in the hover-panel of a document as shown in the next figure.
So in my example, the URL of the hidden Site Collection that is associated with my Group is: https://sharepointtalk.sharepoint.com/sites/produktabcgruppe/
A user cannot access this Site Collection directly. If you try to navigate directly to this URL, you’ll automatically be redirected to the Group Files overview page located in a user’s OneDrive. This is also true for every other sub-URL. So if you try to go to _layouts/15/seetings.aspx or to the _layouts/15/listedit.aspx to change a Document Library Setting, you will be redirected to the Group Files overview page located in the user’s OneDrive. The only way to manipulate Document Library settings is to use SharePoint Designer or use SharePoint Client Browser. I do not recommend that you change the hidden SiteCollection belonging to the Group. Microsoft Support won’t help you if you make a mistake.
Create an Office 365 Group (and disabling permission to create a Group)
You can create a new Group within OWA by navigating to the Groups tab and then click to expand Create group.
You’ll see a dialog box to collect the needed information including the name of the group, description, privacy settings, etc.
By default, permissions in Office 365 allow everyone to start a new Group. To change this you must use PowerShell.
First, connect to your Office 365 tenant -> Exchange Online as discussed in this article http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
Then you can use these PowerShell commands:
To disable Groups:
Set-OwaMailboxPolicy -Identity %YourDomain.com%\OwaMailboxPolicy-Default -GroupCreationEnabled $false
To enable Groups:
Set-OwaMailboxPolicy –Identity %YourDomain.com%\OwaMailboxPolicy-Default -GroupCreationEnabled $true
So what lessons have you learned from this article?
- Groups are not based in SharePoint Online or Exchange Online or Azure. Groups are an Office 365 feature that use several components from SharePoint Online, Exchange Online, and more.
- Groups are a new feature in Office 365 for communication and collaboration.
- The only Group frontend tool for the end user is actually OWA, OneDrive for Business and Calendars.