A detailed tutorial on how to set up rule-based membership or Dynamic Membership for Office 365 Groups.
Microsoft has recently announced a couple of new Changes for management of Office 365 Group supporting rule-based membership, quota management and sending e-mail on behalf of O365 groups. In a Nutshell, “Administrators can now create groups with rule-based memberships using the Azure Management Portal. Group membership is updated within a minute as users’ properties change. This allows easy management for larger groups, or the creation of groups that always reflect the organization’s structure.”
The ability to Create & Administer Groups in Azure is around for a while now. The New Rule-based Memberships however allows Groups Created within any Office 365 app, such as Planner or OneDrive for Business to follow the dynamic membership options that you can use for Azure AD or on-prem groups as well.
Update (5/10/2016) You now have an option to select the group privacy – Public or Private for an existing Office 365 Group from the group properties. See the blog post Office 365 Groups – Set Group Privacy, Invite Guests and specify domain for details.
For this demo, I am using my already added Office 365 Active Directory in Azure. See the steps to do that @ How to add Office 365 Active Directory Users in Azure Directory. You need to do that in order to list your Office 365 groups in Azure Management Portal.
Now once you have the Office 365 users all setup in Azure, Before you start with rule-based or Dynamic Membership, you would need Azure Active Directory Premium License assigned to the global admin account for enabling the dynamic management on the groups. If you don’t have an Azure Active Directory Premium License, you can use the trial for now.
Let’s look at how to Create Rule Based or Dynamic Membership for Users.
1. Login to your Azure Account and Navigate to list of Active Directories.
You can select the option Number# 3 to Get Azure AD Premium -> Try it now.
Next, Choose to Install it.
and then wait for it…
Refresh it to see the results. Notice there are no Licenses assigned. We need to do that so the Active Directory Administrator can Create and Manage Group Rules.
2. To assign the Azure Active Directory Premium License to an Active Directory Administrator navigate to Licenses under Active Directory.
3. Next to enable Group specific Features, go back to the Azure Active Directory Premium and the select “Enable directory Features”.
Scroll down to “Group Management section” and then select settings as I did below :
4. Once we are all set up, navigate to the Office 365 Groups.
Select “Groups” and see if any Office 365 groups are listed. My Groups from OneDrive for Business were already listed.
Select your group and then Select “CONFIGURE“.
Under Configure, select “Enable Dynamic Memberships” as below.
NOTE : The existing User permissions to the group will be removed (if they don’t match the Rules that we will set below).
Select OK at the message “Enabling dynamic membership will remove any current members of this group that do not match the rule you configure.”
Next, setup the filter. Select the user property and set the filter on it. You can also add an advanced filter by selecting the second option.
I have set the filter so any user with jobTitle -eq to “o365 admins” gets added in “a” Project Group which is my office 365 group as member.
you need to Save the settings to see the updating message (like above).
That’s it! Now lets test this.
5. We will use two users a) “Isha Kapoor” who has “o365 admin” job Title in Office 365 AD and b) A “Test” user.
a. As per the Dynamic membership rule user “Isha Kapoor” is added as a member of “a” Project Group.
b. Next, we assigned “Test” user Job Title of “o365 admin”.
c. “Test” user becomes the part of “a” Project Group as per the rule.