Naming Policy for Azure Premium Customers Only
In Microsoft's April update for Office 365 groups they mention the Azure AD naming policy is coming but only for Azure Premium customers. This should not be the case. Proper management of Office 365 groups should include naming policies. Without naming policies, there is a large potential for namespace collisions for folks who do not use the Azure AD premium service. This is something that should be available to all not just Azure AD premium customers.
Thanks for the feedback on this item. Azure Premium currently encompasses a broad array of features that span directory management for the entire organization.
Amen to this request. There are too many things that I consider to be "basic" security controls that are only available with higher licenses. To me, it seems like you are selling us a car, but if we want brakes and a seat belt we have to pay extra. My #1 criticism of Microsoft
We recently discovered that since there are no naming controls, users can potentially create groups (public or private) that have the same name as an official mailbox (an office, department, or employee). Then they show up in the GAL...
Do you realize what a HUGE security hole it is when any internal user can create an O365 Group called "Human Resources" or make one named after [Government Agency's] director in the GAL? When other users start to pick the wrong name in the GAL and now suddenly information is being sent to the wrong recipient(s)? We need to be able to control naming.
Mattias Lindgren commented
In the Office 365 Road Map there is a feature that has been under development for a long time: (Office 365 Groups: naming policy in Azure Active Directory, Feature ID: 14687). I assume that it is that feature this thread is all about.
I agree that this feature should not require Azure Active Directory Premium, but mots off all, am I interested in when the feature will be available? It has an Estimated Release: Q2 CY2017.
Anwar Mahmood commented
Being completely selfish, education tenancies have the "Azure Active Directory Basic for EDU" SKU (in PowerShell, the ServicePlan is called "AAD_BASIC_EDU". This naming policy is an ABSOLUTE REQUIREMENT and should be provided with this licence.
Aaron Thorn commented
The question is why would this not be built into the Office 365. Most organizations cannot afford the added cost .
Lewis Noles commented
I wholeheartedly agree that the Azure AD Naming policy should not require Azure AD Premium licensing. We have not implemented Office 365 Groups exactly because we could not restrict the naming. With our large user base, Azure AD Premium is extremely cost-prohibitive, especially since Office 365 for Education is billed as essentially a free service for education.
I agree. I work for a large university that operates Office 365 in a hybrid environment. We simply cannot enable groups for our students, faculty, and staff until we have a solution for preventing naming conflicts with our on-prem accounts. Also, we would like to prevent our users from creating an email address such as firstname.lastname@example.org. While having the Azure AD premium service is certainly desirable; I believe it is cost prohibitive for many public universities.