By default, every user from your organization has the right to create an Office 365 Group. It’s a big plus for collaboration, but it’s an even bigger headache for management.
Just picture it: everyone is creating groups without any standardization or consulting with others. It’s like in that Old McDonald song: Groups here, groups there, everywhere—groups!
It’s a good practice to use a group naming policy to enforce a standardized naming strategy. Having in place a naming policy will help your users identify the function of the group, its membership, geographic region, or the group creator. There are two naming policies, which we describe below.
The easiest way to define your naming conventions is to use prefixes and suffixes. These can be either fixed strings, like ‘_Name’, or user attributes, like [Department], which will get substituted depending on the group creator.
For example, let’s imagine a company that operates all around the globe and has multiple marketing departments. If a user from the US wants to create a group named “Promo content”, it would be a good idea to set up a policy like this one:
Policy = “[Department] [Country] [GroupName]”
In this case, the group creator’s Azure Active Directory (AAD) attributes will be:
Department = “Marketing”Country = “US”
This would result in a creation of a group with this name:
Group name = “Marketing US Promo content”
With just a quick glance at the group name and you can identify the location and the function of the group.
Some important things to note:
For safety or decency reasons, you might want to create a list of blocked words—separated by commas— that cannot be used for group names. A common scenario is to block the profanities and obscenities, or specific words you want only certain users to have the right to use. So, if a user from an HR department wants to enter the word “Payroll” without permission from an admin, the group name will fail because the admin has restricted the use of that word only to users from Finance.
Usually, a selective group of administrators will be exempted from these policies and are allowed to create groups with any desired naming conventions, even with blocked words. Administrators that may typically be exempted from these policies include:
Check how to configure the naming policy with the Azure AD PowerShell.
Before Office 365, only admins had a right to create groups, but now, by default, every tenant user can auto-provision a new group with just a couple of clicks. This can increase the number of groups in your tenant, potentially making their management almost impossible. At some point in time, you’ll need to clean up the mess and remove some of your groups – groups that may not be in use any more or duplicated groups. One easy way to do this is to use an expiration policy to delete your unwanted groups. Removing unnecessary groups will also clean up storage and save you some money.
Administrators can specify an expiration period after which time the group will be deleted. Group owners will automatically get an email before the expiration that allows them to renew the group for another expiration interval. When a group expires, it is soft-deleted, which means you can restore it for up to 30 days.
There are three levels of permissions regarding the expiration policy. Office 365 global admin can create, read, update, or delete the Office 365 Groups expiration policy settings. Owners of the groups can renew or restore groups they owned.
The expiration is turned off by default, so if you want to use it, the administrator will need to enable it for your tenant. To enable it, follow these steps:
Here you can set the default group lifetime and specify how far in advance you want to trigger the first and second expiration notifications. The group lifetime can be set to 180 days, 365 days or to a custom value that you specify.
Let’s say your company has a partnership or collaborates regularly with another company. You can add the partner company domain to your Allow list, so your users can add those guests to their groups.
If you don’t want your users to add people from certain domains, like private emails, to their groups, you can add those domains to the Block list. For example, you can add Gmail.com, Yahoo.com, or other popular email providers’ domains to your Block list.
Important things to note:
Syskit Point can help you manage your Office 365 Groups and avoid clutter. With this tool you can:
