I’ve been working with SharePoint for a long time, longer than I’d like to admit some days. During my entire relationship with SharePoint I’ve been on the administrative side of things. And while SharePoint was my first love, you couldn’t be a good SharePoint Server admin without being able to hold your own with some of the other ancillary Microsoft products. You had to understand Active Directory, Windows Server, IIS, SQL Server, DNS, web clients, and even Office clients. It was a lot to master, but it separated the good SharePoint admins from the great ones.
Understanding New Office 365 Technologies
As we’ve made our march to the cloud, a lot of those technologies are no longer in our purview. We don’t have to tweak web.config files anymore or worry about collation settings for our databases. We can just focus on SharePoint, right? Not so fast. While we don’t have to worry about the underlying technologies, our concerns have moved up the stack. To be a good SharePoint Online administrator we have to understand the other Office 365 technologies that it interacts with.
Instead of worrying about Windows Active Directory, we have to understand Azure Active Directory, for example. On top of that, these technologies are changing fast. We don’t get 3 years between release cycles to get our heads wrapped around the new version of SQL. To add insult to injury, not only do the products get updated more frequently, but Microsoft keeps adding new products to the mix, too. Sometimes it feels like they’re doing this just to mess with us.
Two of the newer technologies to have come onto Office 365 and have wormed their way into SharePoint are Microsoft Teams and Office 365 Groups. While neither is SharePoint, and SharePoint can function happily without them, a good SharePoint admin would be remiss to ignore them. In this blog post, I’ll cover each of them a bit and how they relate to each other, and our beloved SharePoint.
Let’s Start with Microsoft Teams
Microsoft Teams is one of Microsoft’s newest big additions to the Office 365 suite. It is the successor to Microsoft’s real-time communication family. It takes up the mantel from Skype for Business and Lync. Since it’s a product like SharePoint or Exchange, you can find it on the front page of Office.com or on the waffle.
It handles all your real-time communication needs, whatever they are. You can use it for text chats, be that between two people or a whole group, including productivity-enhancing giphys. It does audio also, and again with one-on-one or a whole bunch of people. And if you really want to rachet up the collaboration, Microsoft Teams even does full video conferencing.
But Teams didn’t stop there. Like the 1970’s hit from Andy Gibb, Teams wants to be your everything. It’s not content just being your real-time collaboration weapon of choice. It can also host files for your team to share with each other. It’s not above hosting wiki pages either. And if the built-in functionality isn’t enough for your company, Teams has an API that allows it to integrate with 3rd party apps by adding them to additional tabs. Microsoft is putting a lot of development resources into Teams. Having said all of the above, Microsoft Teams is an ideal tool for both in-house and remote work collaboration. If your organization isn’t adopting Microsoft Teams yet, it should be on your roadmap, and not too many exits away.
Now A Few Words About Office 365 Groups
Another newer Microsoft technology you’re going to have to add to your Office 365 arsenal is Groups. You may see them referred to as Unified Groups, or Office 365 Groups, or even Office Groups. They’re all the same thing. Groups are not a product, so you won’t see them on the waffle (okay, okay the Office 365 App Launcher). They’re busy doing all their work behind the scenes.
When I’m talking to IT Pros, I like to explain that Groups are a lot like the Active Directory Security Groups we’ve been using in on-prem Windows for decades. They’re a security principal, so they can be given access to resources. And their power comes from the fact that you can quickly give consistent permissions to these resources by putting users in these groups. See, just like Active Directory Groups.
Creating a New Office 365 Group
But Groups have a trick up their sleeves. When you create one, not only does a security principal get created in Azure Active Directory, but little automated robots scurry off into Office 365 and start building things for the users of that Group to use. These robots build SharePoint sites, Planner plans, a shared Inbox in Outlook, and, you guessed it, a Team. And those files that Teams stores for us, they’re actually stored in the Group’s SharePoint site.
When you add a user to a Group, they get access to all of the resources in that Group, the site, the inbox, the Team, all of it. If you remove a user from a Group, they lose access to it all. Groups make correctly securing resources much easier. And best of all, this is available to users, so they can easily manage resources without needing to get IT involved.
The topic of Groups gets pretty large and won’t fit in this single blog post. I haven’t gotten into all the fun governance rules IT can put in place, what happens when you delete something in a Group, or how in the world you keep track of them all. If you’d like to hear more about it, let us know below. We love Groups as much as you do and would love to talk about it even more.
How Do Teams and Groups Fit Together?
Like I said above, when you create a Group, several Office 365 resources are automatically created and assigned to that Group. Which resources get created? That depends where you create the Group. If you create it in Outlook or Teams, you get a Team. If you create it in Yammer, you don’t. My advice is to create the Group in whatever platform will be your group’s primary method of communication.
A Team is normally created with a Group, but not always, as we’ve seen above. And a Team can be created outside of a Group and have its own permissions and management. The same goes for SharePoint, and the other products. While they can use Groups for permissions, and they should use Groups for permissions, they don’t always do. It can be a lot to wrap your head around.
To further confuse the issue, a SharePoint site that was not created with a Group can be “Groupified.” This is a process, a lot like medieval alchemy, where a non-Group SharePoint spawns a Group based on its current members and turns into a Group connected Site. You can only do this by creating a new Group. These members then get access to that Group’s resources. You can’t connect an existing SharePoint site to an existing Group. That’s like mixing oil and water, it defies the laws of nature.
If you have a non-Group connected Team there is a similar, yet completely different path for you. You can “Teamify” (I didn’t make these words up, I promise) an existing Group that you own in the Teams interface. Like I said, this is some pretty confusing stuff to master.
How to Keep Track of your Groups and Teams
Fortunately, SysKit has a tool that can help. SysKit Security Manager gives you one convenient place to keep track of the Groups and Teams in your tenant. It also has all the searching, sorting, and filtering that you could ever imagine. Download our free trial if you don’t believe me. You’ll be glad you did.
Dear reader, we have decided to replace SysKit Security Manager with a brand new tool. Check out SysKit Point, a cloud-based Office 365 governance solution that offers even more functionalities!