Add security groups to Office 365 groups
I need a way of making security groups part of an Office 365 group. I want to be able to add users to a security group and then they are automatically a member of a Office 365 group.
Dynamic group membership only appears to work for user attribute values and not their group membership.
Hi! As we announced during Ignite this year, we are releasing an open source tool by the end of the year that can be used to pull in one or more security groups (nested or not) into the membership of large Microsoft 365 Groups. The membership will be pulled in as a flat list and kept in sync with the security group membership. Having Azure subscriptions is a pre-requisite to using this tool. The successful deployment would require support from personnel that have experience in building, deploying and managing Azure services, so you can get through the installation smoothly. If you have an urgent and immediate need for the tool, please reach out to GMMSupport@service.microsoft.com for a download link. Microsoft is releasing the tool without support, other than answering questions about how we use it internally.
Jakob Nøtseth commented
Implementing for education, I see most already have and use Microsoft Identity Manager to create user objects and security groups in local AD from SIS and HR combined. Microsoft has come up with the SDS for creating O365 groups based on SIS alone. We need a better route to go from local security groups to O365 groups. Most practical would probably be to make it possible to manage from Microsoft Identity Manager / AAD Connect, and not use SDS. I rather not have duplicate groups, one security, one O365 with the same members. I suggest to exclude OU-s with class/enrollments security groups from AAD Connect, and then get a Azure AD Connector able to write O365 groups and education specific attributes in place of SDS in Microsoft Identity Manager.
Amazing this is not there.....O365 is such a pain to manage. This is such a basic feature that is missing. So much for best practices using security groups.
Use case: In my large company, I want all members of the Project Management team to have access to multiple teams - PM Community, Finance Hub, Portfolio Updates. When staff changes happen, manual updates are required to each Team individually. We are trying to achieve role-based access control - please help! Using attributes like Title or Department and dynamic groups is not flexible enough and open to risk of unauthorised access as these fields are driven from our HR system and get changed when position and position descriptions change.
'leverage existing group to drive membership' means what exactly...
If you aren't going to update this thread, and you aren't going to fix the Problem, get rid of Microsoft 365 Groups. These are a nightmare without real feedback and information from more recently than 15 months ago. Users are going crazy making groups all over the place, and you are leaving us admins to clean up their mess and explain why this 'feature' no one asked for is poorly implemented.
How about an update....
Eric Miller commented
Please fix this soon, it makes MS Streams unusable for us at this point.
Matt Farley commented
This is vital functionality for adoption of Teams as a core Enterprise tool. Managing access to private teams is already becoming a headache, reminiscent of the early SharePoint experience.
Richard Cooke commented
Why is this not available? Microsoft advice years ago was to use groups instead of individuals when granting access for easier administration. I set up groups for the various teams and roles in our organisation, I want to add new users to the team and role groups and be done. Not have to go hunting around every SharePoint site and Team to find out which ones a new user should access. Admin nightmare!
How is this functionality still not available? This would make administration so much better!
Mike Heath commented
Any update on this request? We'd really like the ability to more easily manage our org-wide Team!
When will there be an update on this request?
Julian Thornley commented
Over a year later & no update....
The admin response is unclear and broad. Currently in O365 Groups, you can "add" another O365 Group which strips out the usernames and not the retain Group itself. The issue with this approach is if new users are added to the other O365 Group, the change is not reflected in the current group. Unless MS plans to redesign AAD framework/architecture to O365 Groups, adding SG/UG is best .
Lets do this. Managing Teams and am creating RW and R only groups and would like to make this easy... For instance the whole school should have Read-Only with small group having Read-Write to a team
How about an update Microsoft?
Let’s get them! People let’s leave comments until they hear us!!!!!
Yearsss to do this ..
This script (explained in German) Maybe helps some of you as a workaround: https://vznet.ch/verschachteln-einer-security-gruppe-in-eine-office-gruppe-im-azure-ad-via-powershell/
Anand Makhecha commented
Wow, I have been waiting for this missing feature since 2016. Dumbfounded that 4 years on and still no real progress, Come on MS please make it happen, it really can't be that difficult ?
We need this ASAP. Governance and security management nightmare. Products should have been rolled out with this capability in the first place.
In need of this.. not sure why this is not a thing, had to convert a distribution group into an office 365 group so I could add out of office to a group. However this DG had other DG's added in it. Pain..
voted for a S400 customer!!