Search User Login Menu
Tools
Close

Office 365 Groups Explained

Doctor SharePoint
/ Categories: Office 365, Administration

Office 365 Groups Explained

This blog post is for us SharePoint administrators.  Recent interactions with different clients about how to handle security and groups showed me the need for an article explaining what Office 365 Groups are and how they are used.

“Back in the day” we only had to concern ourselves with SharePoint Security Groups.  These are the default security groups that are created when a SharePoint site is created.  For example:

  • Site Owners – Full Control
  • Site Members - Edit
  • Site Visitors – Read

These groups can also be manually created by selecting “Create Group” from the toolbar when managing permissions for a site.

SharePoint Groups do have a couple limitations:

  • You cannot embed a SharePoint security group inside another SharePoint security group
  • You cannot embed a SharePoint security group inside any other security group in Office 365

Its best practice to assign users to a SharePoint group and not directly to a SharePoint site.

Office 365 Security Groups pick up where SharePoint groups leave off.  Office 365 groups are great for centralizing security in Office 365.  These groups are created and managed from the Office 365 Admin Center. Here are the benefits of Office 365 Security groups:

  • You can embed an Office 365 Security Group inside a SharePoint Group.
  • You can embed an Office 365 Security Group inside another Office 365 Security Group

There is one limitation:

  • You cannot embed an Office Security Group inside a Distribution list, Mail-enabled security group, or an Office 365 Group

Office 365 Security Groups are an ideal sync partner for an on-premises Active Directory.  You can synchronize Active Directory groups to Office 365 (which is Azure AD in the background).  This will automatically create the necessary Office 365 Security Groups in your tenant.

One of the choices that an administrator will see when creating a new group in the Office 365 Admin Center is the Distribution list.  To be clear, this is NOT a security group.  It is just a mailing list containing a group of users.  This group is available in Outlook just like other groups.  External users can also email this group.  Below is a summary of what you can and cannot do with Distribution lists:

  • You can embed a Distribution list inside another Distribution list
  • You can embed a Distribution list inside an Office 365 Security Group or Mail-enabled security group
  • You cannot embed a Distribution list inside a SharePoint group
  • You cannot embed a Distribution list inside of an Office 365 Group

This group is best used when you have a group of users who have the need for a mailing list, but do not need the list to define access to SharePoint.

Mail-enabled security group is also one of the options available when administrator creates a new group.  You can think of this group as a combination of distribution list and an Office 365 Security Group.  When created you will get a distribution list for email and a security group for site security.  Below is a summary of how this list can be used:

  • You can embed a Mail-enabled security group inside a SharePoint group
  • You can embed a Mail-enabled security group inside another Mail-enabled security group
  • You can embed a Mail-enabled security group inside an Office 365 Security group or a Distribution list
  • You cannot embed a Mail-enabled security group inside of an Office 365 Group

Similar to Distribution list, this group is best used when a group of users need a mailing list, but also need the group to define access to a SharePoint site

The Office 365 Group is the new type of security group available to be created and this is where there seems to be the most confusion around.  First, it is more than just a security group.  The best way to explain it is to compare it to a SharePoint Security Group.  With a SharePoint Security Group, you would first create a SharePoint site and then the SharePoint groups.  With an Office 365 Group, it is the complete opposite.  When you create an Office 365 Group, it creates a security group with a relationship to other Office 365 apps such as Planner, SharePoint site, Teams and Outlook.  Below is a few points showing what you can and cannot do with an Office 365 Group:

  • You can embed an Office 365 Group inside a SharePoint group
  • You cannot embed an Office 365 Group inside of another Office 365 Group
  • You cannot embed an Office 365 Group inside and Office 365 Security Group, Mail-enabled security group or a Distribution list

This group is great when you need to create Office 365 assets with the same security settings.

Print
527 Rate this article:
No rating

Theme picker

Back To Top