Managing Office 365 Groups with AvePoint Cloud Governance

Post Date: 01/05/2017
feature image

Office 365 Groups are an amazing part of Microsoft’s ecosystem that add a key layer of collaboration to the platform. With recent updates, creating an Office 365 Group now also creates a team mailbox, task management tool, file library, team calendar, and notebook. By integrating the different ways of creating and sharing information across Exchange/Outlook, SharePoint Online, Planner, and OneNote, Office 365 Groups makes it that much more intuitive to collaborate on a single project across departments and Office 365 apps.

The Caveat: Managing Office 365 Groups

Managing Office 365 Groups as an IT administrator, however, is not as simple. Activating Groups in your environment is like a circuit breaker. This means once turned on, it’s easy for anyone to create and own a Group, share content within a Group, modify membership, or delete a Group. It’s also simple for users to accidentally create a Group, as a Group can be provisioned unintentionally when using a number of Office 365 apps (for example, making a shared Planner or a Microsoft Team will automatically create a Group).

Also, when administrators turn on Office 365 Groups functionality for their end users, the default for any provisioned Group is to be public. Unless a user chooses to make a Group they have created private, any content uploaded or added to that Group will be made public and appear in Office 365 search results. This means that if I share a sensitive document with access permissions to my public Group, any user in Office 365 will be also be given access. (There’s more to this story, but we’ll dive into that in a later blog as part of our Office 365 Groups Playbook).

As an IT administrator managing Office 365 Groups with only native processes, you’ll face three challenges:

  • Preventing a sprawl of Groups or redundant Groups from overtaking your environment,
  • Enforcing permissions and privacy policies on Group creation, membership, and sharing
  • Applying your information architecture to each Office 365 Group

managing office 365 groups

Managing Office 365 Groups with Cloud Governance

To address these challenges, Cloud Governance — AvePoint’s automated IT management solution (formerly Governance Automation Online) — uses simple self-service forms to strike that balance between enforcing governance over Office 365 Groups and getting your users what they need quickly. Here’s how:

1) Regulated Provisioning of Office 365 Groups

Each request is automatically routed through necessary approval processes — which can be anywhere from automatic provisioning upon request, or pending approval from IT and/or designated business users. By permitting Groups to be created only through a service request form, administrators can ensure that each Group is created with a specific business purpose and without redundancy.

Each Group is also provisioned with a lease to simplify the end-of-life process for a Group. At the end of the lease, a Group is automatically marked for deletion, archival, or renewal — it simply depends on your record retention service level agreements (SLAs).

2)     Comprehensive Permissions Management for Office 365 Groups

The Cloud Governance service request to make an Office 365 Group is visible based on the user’s business role. This offers more scalable and granular permissions management of who can create a Group. Office 365 Groups provisioned with Cloud Governance are also pre-configured with proper privacy settings based on who is requesting and the intended use of the Group, which will be specified by the user in the form.

Sample business user request form in Governance Automation Online.
Sample business user request form in Cloud Governance.

More importantly, every Group provisioned with Cloud Governance designates the administrator as the owner of the Group. This adds an important layer for managing Office 365 Groups, helping prevent business users from accidentally sharing content with unauthorized users or deleting an Office 365 Group.

managing office 365 groups
Sample report of an approved Office 365 Group in Cloud Governance.

You also have the option to set up additional service requests such as add new Group members, renew a Group, delete a Group, or make changes to a Group’s privacy settings. By using self-service request forms for these actions, administrators gain a clear activity trail on how a Group is used over time, who is requesting the changes, and why those changes are necessary.


managing office 365 groups
IT dashboard view for creating a new Cloud Governance self-service form.

3)     Reporting and Classification for Office 365 Groups

When building the Office 365 Groups self-service form, IT administrators have the option to apply custom metadata values to the request. This allows you to generate a catalogue list or export reports of how many Groups exist in your environment, how much space they’re taking up, and what classifications they have associated with them through a single pane of glass.

managing office 365 groups
Administrator dashboard where you can generate an Office 365 Groups Report
managing office 365 groups
Sample Office 365 Groups Report in Cloud Governance.

Try it Yourself!

Don’t just take our word for it. Try Cloud Governance free for 30 days!  As a 100% Microsoft Cloud-based SaaS solution, there is zero installation required. Simply connect your Office 365 account to get started.

managing office 365 groups

Learn more about Office 365 Groups

​Hunter Willis has been in web development, SEO and Social Media marketing for over a decade, and entered the SharePoint space in 2016. Throughout his career he has developed internal collaboration sites, provided technical and strategic advice, and managed solutions for small to large organizations. In addition, Hunter has served as a strategy consultant for many companies and non-profits in the Richmond area.

View all posts by Hunter W.

Subscribe to our blog