Hide private groups from GAL by default
As soon as someone creates a private group, this should by default be hidden from GAL.
There are PowerShell CmdLets which allow administrators to hide/show the groups from the GAL. However this is a post-facto activity. With many users and groups this is very tedious and many times we don't even come know that a group has been created by someone somwhere.
We’ve completed work to hide groups from Outlook (GAL, left nav, and name resolution) that were created as a result of a new Team in Microsoft Teams. Additional Groups can also be hidden using the HiddenFromExchangeClientsEnabled flag. We’re now evaluating if there are additional scenarios that need to be supported.
Jan von Reith commented
Is there any update on this topic?
It's great that Office 365 Groups created via Teams do not show up in the GAL, but it's really inconsistent that Office 365 Groups created via SharePoint, Outlook, Planner, OneDrive etc.do appear in the GAL.
From my point of view it would be the best to make the default setting that the Office 365 Groups do not appear in the GAL and then give the administrators of the group the possibility to change this setting.
Microsoft - what happened to releasing this in 2016? And just use the same friggin attribute that already exists vs creating some sort of secret group.
@Vijay Nelson The is not need for secret groups. All Office 365 Groups created should hidden by default in GAL (Outlook). This includes both private and public groups. GAL is like an official address book for the employees and it should not be littered with user's tests, private mini groups, the groups which are mostly created temporary, like project groups, etc. etc. For example we are large enterprise and we have hundreds of groups like "email@example.com" . This group email has no value in the GAL.
The best solution would be to allow users to unhide the group, but dedicated administrators should confirm this change. Also it would be great to have O365 Groups in separate address list in the GAL.
Peter McDermott commented
Just found this... which shows it was complete.
Abdul Khan commented
Secret Groups are not good enough. We need a flag or attribute populated which can be called for exclusion from the address lists like the GAL, Distribution Lists, etc.
Right now there is too much garbage in there. Exchange Online is supposed to be an Enterprise product...
I fully agree with the poster who said, "User created groups of any kind should not show in the GAL."
In addition in cluttering the GAL, we recently discovered that since there are no naming controls, users can potentially create groups (public or private) that have the same name as an official mailbox (an office, department, or employee). Then they show up in the GAL because they are not hidden...
Do you realize what a HUGE security hole it is when any internal user can create an O365 Group called "Human Resources" or make one named after [Government Agency's] director in the GAL? When other users start to pick the wrong name in the GAL and now suddenly information is being sent to the wrong recipient(s)?
User created groups of any kind should not show in the GAL. The GAL is for organizing a companies contacts and distribution lists, not every single users whimsical fleeting ideas of group after group.
We need to be able to prevent users from making any sort of group.
We only have 80ish users and have been on Office 365 for 3 weeks and I am already looking for a way to stop users from making all types of groups. Our GAL is already cluttered with groups called "Test", "Trial", "Bob's Group", come on...
Not good enough! Secret groups will not solve the problem, which is that users are creating hundreds of needless groups with needless email addresses clogging up GAL's with JUNK! Most of the groups created by end users are simply for tracking or organizing work. People don't usually even WANT an email address, let alone know that it is being added to a huge company list. In fact, a better option than hiding the email from the list might be to not make an email address at all for the group, and make creating the email the optional part. I guarantee 90% of groups created would not check a box to use the email address. Please don't force people to use the produce the way you happened to program it and make it work the way people WANT to use it!
When is this happening? I just implemented O365 and the GAL is a mess with all these SharePoint & teams (etc.) groups.
Chris Adams commented
Microsoft, this is a very reasonable ask, we should be able to prevent private groups from showing up in the address book by default. Using a script after the fact is not a viable solution as the group still could still make it's way to the address book before a scheduled script is run.
Michele Green commented
It's disappointing that 2 years after the O365 Feedback Team responded here there's no update
We need private groups disabled from Global Address list.
Can't believe this isn't fixed yet as it seems like the most basic of functions. Why the #"$! would we want a bunch of random groups cluttering up the address book? I'm trying to find ways to disable Planner, Teams and SharePoint to avoid this problem altogether.
When you release this option, please allow admin to manage the options to allow users to create only secret groups across Organization or all 3.
We prefer the option like end users can create only Secret groups in my Organization and Admins can create Private or Public Groups.
Adam Janecke commented
Any updates on this O365 Feedback team? Our environment would have serious problems with the current options of public/private. Can you just change private to have the same settings as "Secret"? The "private" group setting is not that "private" if people can email that email address and it shows up in the GAL (I just had this happen today).
its 2018 now, this option is still not available. its not a big issue until firm wide MS teams adoption. Every group created by users in MS teams are (suppose to be O365 group, but its kinda not) showing in the Global Address list, creating mass confusion. MS support tech has given us a command to hide all O365 groups from Global Address list, however its not ideal since we need to run in periodically. Anyways, for those who are interested:
To hide all O365 groups from GAL
Get-UnifiedGroup -ResultSize unlimited | Set-UnifiedGroup -HiddenFromAddressListsEnabled $true
To enable specific O365 group in GAL
Set-UnifiedGroup -Identity firstname.lastname@example.org -HiddenFromAddressListsEnabled $false
would be awesome to hide groups from the GAL.
This is the only reason we haven't deployed this outside our IT group. If this goes on much longer I fear we'll be forced down the Spark path because of Microsoft's inability to create a legitimate admin console for Teams.
This has been in the plans for two years - will it be implemented?