All About Office 365 Groups

I’ve been collecting some notes on Office 365 Groups for my classes for a while. Here’s what I’ve got so far. Keep in mind that this feature is still evolving. Please post any corrections or updates!

Which Group?

SharePoint frequently reuses terms, which often makes conversations and forum posts a lot of fun. There’s at least three “Groups” in Office 365:

Active Directory Groups: Groups at the AD level. Outside of SharePoint. Useable across all site collections, and other applications. A “Sales Managers” AD group can be created once, updated in one place and used across all site collections in the tenant.
SharePoint Groups: Collections of users (people) and AD groups. Scoped to a single site collection. A “Sales Managers” SharePoint group would need to be created in each of the site collections and all updates repeated across all of the site collections.
Office 365 Groups: A new collaboration option! A combination of a mailbox and a site collection. Not a group useable for managing access to SharePoint sites.

Office 365 Groups

Office 365 Groups are a combination of an Exchange email account with the group’s name that is used to store conversations, and a “OneDrive – like” site collection to store files.

A collection of Office 365 Groups facts:

Internally, to distinguish traditional groups from the new Office 365 Groups, Groups are called “Unified Groups”. Externally they should be called “Office 365 Groups”, not “SharePoint Groups”.
Creating a Group creates an AD Distribution group, an email address and a “hidden” SharePoint Site Collection. The site collection is not visible in the tenant admin pages. The AD group is not manageable from Azure AD, only from the tenant admin Groups pages. (You can see members in Azure AD, but cannot edit them.)
Groups can be created from:

Outlook (OWA).
A user’s OneDrive.
The “GROUPS” page in the tenant Admin site. Here you can create both “Office 365 Groups” and “security groups”.

Conversations are stored in Exchange inboxes and files are stored in SharePoint Site Collections.
Groups are defined and managed in Azure AD. (Which explains why the PowerShell cmdlets for Groups are not in the SharePoint Online cmdlet library.)
Each user may create up to 250 Groups and can be a member of up to 1,024 Groups. There’s no limit for number of Groups per tenant.
Emails can be sent in the name of the group by members. (Requires a PowerShell based change.)
Groups will not be deleted if the Group’s owner is deleted.
Groups use a OneDrive for Business site under the covers. (Template: GROUP#0)
URL for the files site collection looks like a normal team site instead of a OneDrive site: https://yourdomain/sites/groupsitename
If there is a URL conflict, a number is appended to the name: https://yourdomain/sites/groupsitename51
URL for the mailbox is “guessable”: https://outlook.office365.com/owa/#path=/group/yourGroupName@yourDomain.onmicrosoft.com/people
Groups site collections are not (currently) displayed in the admin Site Collections page. You may discover their existence when you create a new site collection that has the same name as a group site. “The site collection already exists. Please enter a different address.”
PowerShell:

Get-SPOSite does not return Groups site collections, but you can access a Groups site by URL.
Get-SPOUser does not return users for Groups sites.

Groups file storage is counted against the tenant quota. It’s not considered to be a personal OneDrive. There is no “user” for the Group OneDrive. The mailbox can store up to 50GB of messages, posts and calendar entries. The SharePoint Site Collection has a max of 1TB.
Search: There is a search box, but it opens the Search Center in a new window/tab and searches all of SharePoint, not just the Groups file site.
The document library in the Group site is very much like a OneDrive for Business library. No ribbon, no custom columns, no metadata and no Content Types. The Groups library is very limited:

Only one library, and it’s not customizable.
Can’t check out/in. (I saw this listed as a feature, but it’s not in my tenants.)
Versioning is enabled (Major only)
Cannot add/delete columns (i.e. use any custom metadata that might be useful to search or eDiscovery.)
Cannot use workflows.
Cannot audit security from the browser.
No branding. Cannot be opened by SharePoint Designer.

The Site Collection is VERY limited.

Almost all of the links for site or list maintenance are redirected to the home page.
There is no Settings page.
There is no Site Permissions page, so there’s no Site Permissions page or 2nd tier recycle bin.
You cannot create new lists or libraries.

Library Sync: The Sync button works with the new OneDrive for Business sync client. So, keep in mind that group members of easily offline all of the content.
Recycle Bin:

There is a recycle bin, but you can only access the user level.
If you share a file with a non-member with “Edit”, they can delete the file, but get “Sorry, you don't have access to this page” when they click the Recycle Bin link.
There is no Site Collection recycle bin page available. The Groups “owner” can’t recover files deleted by members.

Can be administered and reported on from PowerShell as part of the Exchange Online cmdlets.
https://technet.microsoft.com/en-us/library/jj200780(v=exchg.160).aspx
cmdlets: Get/Set/New/Remove-UnifedGroup and Get/Add/Remove-UnifiedGroupLinks
https://support.office.com/en-us/article/Use-PowerShell-to-manage-Office-365-Groups-aeb669aa-1770-4537-9de2-a82ac11b0540
Groups can be disabled for all users. (PowerShell)
Groups can be disabled for a subset of users. (Requires PowerShell.)
Security:

New groups default to “Public”. Everyone has access. You must remember to choose Private when you create the group.
I can’t find a place to change Public/Private status after the group has been created.
The names of groups are not private. They will be seen in “Send to”, “Share” and other places where user names can be seen. All groups, public and private, are listed in the “Browse Groups” screens. (Train your users not to use group names that reveal confidential data. You know, names like “IT Layoff Planning Group”. :-) )
Files can be shared with the “group”. They will be listed in the “Shared with us” tab.
Files that are shared with the “group” will be visible to all users even for Private groups! (I think this is a bug!) (The user must know the URL to the Files site.)
Files can be “reshared”. Sam has a site named “My Private Group”, which is Private, He shares a file with Robert (with Edit or View). Robert can only see that one file in the group site. Robert shares with Susan. Susan can then share with………
Users who guess the URL to the file site can see the site, but no files, or only files shared with them. They can see the list of “members” and who the owner is.

Recent Changes:

(coming soon) Rule based dynamic group memberships based on user properties. (Kind of like Audiences.)
https://azure.microsoft.com/en-us/documentation/articles/active-directory-accessmanagement-simplerulegroup/
New PowerShell cmdlet to set quotas
Set-SPOSite –Identity https://contoso.sharepoint.com/sites/<groupname> -StorageQuota 3000 -StorageQuotaWarningLevel 2000
https://support.office.com/en-us/article/Use-PowerShell-to-manage-Office-365-Groups-aeb669aa-1770-4537-9de2-a82ac11b0540?ui=en-US&rs=en-US&ad=US

One of the more detailed articles on Office 365 Groups:
http://windowsitpro.com/office-365/exploring-office-365-groups

An Ignite 2015 session on groups:
https://channel9.msdn.com/events/Ignite/2015/BRK3114

And for fun… a less than positive view of Groups:
Office 365 Groups: The Duck-Billed Platypus of Collaboration Tools
https://futuretechnologygroup.wordpress.com/2015/08/11/office-365-groups-the-duck-billed-platypus-of-collaboration-tools/

Groups vs. Team Sites

	Groups	Team Sites
Can add lists/libraries	No	Yes
Can add pages	No	Yes
Can add columns/metadata	No	Yes
Can use Content Types	No	Yes
Can hide membership	No	Yes
Can brand	No	Yes
Can be fully managed with PowerShell	No	Yes

See a pattern?

Mike Smith's Tech Training Notes
SharePoint, PowerShell and .Net!

Pages

2/14/2016