Exploring Office 365 Groups

If you’ve been around Exchange for a while, you might imagine that you have a reasonable handle on groups, or distribution groups – or even distribution lists as they once were. But then something comes along to disrupt the settled state of the world, which is what we find with Office 365 Groups, which now appear in the set of resources exposed by Outlook Web App (OWA) and in Office 365's "People" tab.

In some ways, Office 365 Groups behave like traditional email distribution groups in that you can send a message to a group and have it delivered to all the group members. But the problem with distribution groups is that if you’re not a member, you don’t get the information. And when you join, you don’t gain access to previous discussions. However, with all their acknowledged and well-known flaws, distribution groups remain the preeminent method used to share information inside many corporations.

An Office 365 group is a more persistent entity than an email distribution group because while you can use a group like a regular distribution group, it also stores discussions for new members to discover when they join. It’s kind of like an Office 365 Group is a cross between a distribution group and a public folder, a mechanism that has been used to host group discussions for many years. And like a distribution group, an Office 365 Group is instantiated as a group object in the directory - in this case, within Azure Active Directory.

Perhaps a more accurate comparison is to a combination of a distribution group and a site mailbox (or even a traditional shared mailbox) because when we look under the hood, we find elements of Exchange and SharePoint mixed together to deliver the collaborative potential that Microsoft envisages for Office 365 Groups. Recent comments by Microsoft indicate that groups are preferred to site mailboxes if you need a collaboration platform for a new project, probably because site mailboxes have been less than successful since their debut.

Time will tell whether Office 365 Groups deliver a collaborative platform that will make companies more productive, interesting, and innovative. I’ve been taking a look at how the new Groups work to figure things out for myself. Hopefully these notes will help you understand Office 365 Groups a little better too.

Setting up Groups

Office 365 Groups are only available to specific plans (E1-E4, A1-A4, G1-G4 plus Business Essentials and Business Premium plans, Business, Small Business Premium and Midsize Business plans and Kiosk plan) or basically a large swathe of the total Office 365 base. AS noted above, if your tenant has access to Groups, you should find a "Groups" entry in the left-hand resource tree displayed by OWA.

No limit is placed on the number of groups that can exist within an Office 365 tenant. A special form of Exchange mailbox provides the physical embodiment of a group. The mailbox is used to store group content up to a maximum of 50GB, including posts, messages, and calendar entries. The mailbox is linked with a document library that is apparently created within OneDrive for Business but really is a document library in a SharePoint site with some special UI to make it seem like it's OneDrive. The document library is intended to provide storage for any other type of content shared within the group. The properties of the group mailbox indicate to Exchange that its membership can be used for routing purposes. Mail sent to the group will be delivered to all members. As such, you can think of a Group as being like an Exchange distribution group with storage (the mailbox).

Linking two products and presenting a common interface to both through a client has been done by Microsoft before. As mentioned above, the connection is similar to that which exists in a site mailbox where a mailbox is used for email activities and a SharePoint document library for document storage. The client is the big difference between the two implementation. Site mailboxes depend on Outlook 2013 and a behind-the-scenes synchronization process between SharePoint and Exchange to present a single unified picture. By comparison, all access in groups is web based so they are able to use OWA as the client. Selecting OWA means that you’ll be able to work with Office 365 Groups using OWA for Devices too.

Public and private

So far I have found three places where you can create a new Office 365 group: through OWA, by clicking on the Groups option in the Office 365 navigation bar, and in OneDrive for Business. Because people are likely to spend most time working in OWA, it's likely that this is where they will create Groups, so I'll use that option for the purpose of this explanation. To begin, go to the Groups section in OWA and click the plus sign or the "Create new group" option, which then displays the screen shown in Figure 1.

Figure 1: Creating a new private Office 365 Group

Groups are either public or private. You select the group type when the group is first create and cannot (for now at least) change a group from public to private or vice versa afterwards. As the type implies, anyone can join a public group, so this is the best type of group for topics such as company-wide information, best restaurants in an area, and so on. Users don’t have to join a group or be added by an administrator before they can contribute or view group contents as they can always email the group to start a new conversation or contribute to an existing debate. Access to the content held in a private group is restricted to its membership. The user who creates a group is automatically added as a group administrator. Users who wish to join a private group can send a request to the administrators to join and the request must be approved before they can access the group.

Even though you might assume that someone who is not a member of a private group cannot post to it, that's not actually the case. Anyone who belongs to a tenant can send email to a private group and that email will show up as a post in the conversations view. When I first saw this happen I thought it was a bug and reported it to Microsoft. The response was interesting because it outlined two scenarios when it is desirable for non-members to be able to post to a private group. First, it might be a good thing for non-members to make a contribution to a group that's used for problem reporting. In this scenario, the actual members of the group are responsible for processing problems but anyone should be able to contribute. Second, it might be a good thing for a group member to invite external parties to contribute to a conversation, perhaps to provide feedback to a project plan or a similar discussion. They can do this by asking the non-member to send email to the group.

To facilitate this access, all groups appear in the directory (including the Exchange Global Address List and Offline Address Book). This could be an issue if you use Groups to support sensitive conversations such as “HR layoffs 2015” or “Corporate acquisitions” or the “Super Confidential: Project Autofill” group shown in Figure 2.  Curiously, you can’t update a group mailbox to hide it from the GAL (the same is true of site mailboxes). A more private repository that can be hidden from casual browsing would be a better choice to host truly private discussions until Microsoft provides the ability to hide private groups from address lists.

Figure 2: Browsing available groups to discover some interesting things

The number of different options now available in Office 365 to share information is obvious from the screen shot of the OAB for my tenant (Figure 3). You can see icons and entries for dynamic distribution groups, Office 365 groups, normal email distribution groups (including a "rooms" variant), and even mail-enabled public folders. Obviously some thought needs to be given as to which methods are right for use within your company.

Figure 3: Sharing options revealed by the OAB

Some administrators will be concerned that they can't change the SMTP address for a group once it is created (you can edit the suggested address when you create the group), possibly to obscure the address so that it cannot be easily guessed by an external person. Groups are automatically protected against external access unless you update group properties to select the "Let people outside the organization” option. You have to edit this setting after the group is created as it is not available in the original setup screen. OWA doesn’t allow you to add external people to the membership of a group, even if they are in the directory as mail contacts. Any attempt to add an external person results in a polite “The group can’t be saved right now” error message with no further explanation as to why the group can’t be saved.

Accessing Group Content

From a user perspective, groups are easy to use. You can browse the Groups directory to find new groups to join. Access to public groups is immediate and you can opt to browse through groups to discover what they contain, to participate in conversations, access the group calendar, or share files. The natural entry point for a group is the conversations view, shown in Figure 4. You can see the various conversations that exist in the group, how a discussion develops within a conversation, and an indication that some new activity has occurred in the group. 

Figure 4: The conversations view of a group

Groups support the notion of favorites, which allow users to mark out specific groups that they want to follow, as well as subscriptions, which means that users receive email updates when new content is added to a group. It’s also possible for users to visit public groups on an ad-hoc basis to check out what content is available – or to add content, which they can do without joining a group.

In terms of the types of content that can be added to a group, the editor provided to contribute to conversations is simple – very simple. No formatting options are available to do the most basic of text operations such as bolding or underlining. If you tire of plain text, you can cut and paste from other applications. I was able to add various different types of formatted text from Word, Outlook, and Excel including screen captures to conversations. You can also post attachments. The attachments are either distributed to group members via email or kept in OneDrive for Business with a link sent instead. I expect that Microsoft will update the conversations editor to provide for a more graphic experience, much like they upgraded the editor available in OWA.

One thing I missed when browsing through conversations is the lack of a right-click context-sensitive menu. Perhaps this is because limited interactions are supported with items. For example, you cannot edit a contribution that you have made (you can always delete it and repost). The lack of ability to manipulate conversations is surprising but perhaps these options will come in future updates. Once an item is selected (and appears in the reading pane), you can forward it via email, but outside of reading it, that’s the limit of what you can do with an item. Accessing the group calendar is a very familiar experience to anyone who has used OWA’s calendar. You can opt to show the group calendar alongside your own, which helps to find suitable time slots for meetings and if you have access to calendars belonging to other users they can be displayed too, to create a colorful if somewhat confusing matrix.

If you don't care to use the Groups interface, you can interact with groups via email, in which case all you’ll see is new content delivered to your Inbox as it is posted to the groups to which you belong and have a subscription to receive updates. One feature that I missed is the ability to receive a digest of posts to a group. Receiving a separate message (Figure 5) for every post to a busy group creates a lot of traffic into a mailbox.

Figure 5: Receiving a group contribution via email

Speaking of OWA, it’s interesting to observe the ongoing evolution of its user interface. You can easily see the impact of new sources of information in Figure 6, which shows OWA's resource tree as seen by an Office 365 user (left) compared to what an on-premises Exchange 2013 CU6 user sees (right). Originally only mailbox folders were present. You could add public folders too, but only the modern variety and only by adding them as a “favorite.” Site mailboxes have never been supported by OWA. But now OWA displays People View and Groups, which does not leave much screen real estate for mailbox folders. New sources of information do need to be displayed and fitting them into OWA's resource tree is as good an approach as any, but it might also reflect the ongoing effort to make mailbox folders less important to OWA. After all, if you have People View to tell you what mail has arrived from your most important correspondents, Clutter to remove the daily rubbish from your new mail, and search to find anything you want, do you need folders?

Figure 6: OWA Online (left) and OWA on-premises (right)

Well, the answer is probably "yes," at least until your company has sorted out their collaboration strategy. If so, you might want use the OWA folder pin (Figure 7) to instruct OWA to display the traditional view of favorites followed by the full set of mailbox folders. Once Groups are ready and you want to see them, you can click the pin and OWA will then display only your favorite folders leaving space to list Groups.

Figure 7: The OWA folder pin

Group Management

All of the problems associated with the management of collaborative repositories are burned into the brains of Exchange administrators after 18 years of trying to manage public folders. Although Office 365 provides more administrative reports about mailboxes and databases than are found in on-premises products, the information and analysis provided in the reports never quite gets to the heart of the matter. Perhaps it’s because Microsoft has so much storage available within Office 365 that no one cares whether petabytes are occupied with the long-obsolete ramblings that group discussions can become.

By default, any user can create a group. We have been down this path before with public folders and know that allowing users to create collaborative entities without control is a disaster waiting to happen. Groups will be created with no rhyme or reason; they will be used for a day or so and then ignored; and users will forget about them and lose interest. In short, many groups will become unwanted holders that clutter up the corporate directory. Microsoft does not provide any facilities to automatically age-out groups or even to remove content after a certain period so the work to maintain groups is entirely manual and needs to be done by administrators. The lack of reporting features that might highlight groups that have not been recently accessed or who have inactive members doesn’t help either.

The only way to control groups spreading like weeds is to implement a restriction through OWA mailbox policies where a new parameter (GroupCreationEnabled) dictates whether users can create groups. You can apply an immediate block by amending the default OWA mailbox policy as follows:

Set-OWAMailboxPolicy –Identity “OWAMaiboxPolicy-Default” –GroupCreationEnabled $False

Alternatively, you can create a new OWA mailbox policy that has the GroupCreationEnabled setting disabled and assign that to specific users. For instance:

Set-CASMailbox –Identity ‘John Smith’ –OWAMailboxPolicy ‘OWAMailboxPolicy-NoGroups’

You can also edit the properties of OWA mailbox policies through EAC but the GroupCreationEnabled setting is not yet visible through that interface. Note that OWA caches settings so it can take an hour or more before the restriction becomes effective. The OWA UI disables the option to create a new group once the policy restriction is applied, but in the intervening period it is possible that a user will be able to attempt to create a group. In this case, they see the charming message shown in Figure 8, which no doubt leads to many strong words being said to “the person who manages your email.”

Figure 8: Whoops… something happened!

Obviously it is best to have appropriate OWA mailbox policies in place before users get to play with Groups but the nature of Office 365 is that features like Groups appear without administrative intervention.

You can also manage Office 365 Groups through the "Groups" section in the Office 365 Admin Center (Figure 9). Here you'll find that the new groups are mixed in with old-style mail distribution groups and security groups. It’s entirely logical that this approach should be taken as it would be silly to have multiple places where groups are managed. Some work is still needed on the UI though because the text discusses security groups rather than Office 365 groups and if you create a new group, it is a security group rather than an Office 365 group or a distribution group. If you want to create an Office 365 group, you have to do so through the People section or OWA. At least the admin center advises that EAC is the right place to create Exchange distribution groups!

Figure 9: Different types of groups viewed through the Office 365 Admin Center

As you’d expect, the Office 365 admin center masks the differences between the various types of groups and presents appropriate fields to be completed depending on the type. For example, if you select a mail distribution group, you can access Exchange properties and change details such as the group name and SMTP email address. However, if you select an Office 365 group, you are only able to update its description, name or group membership.

Some deployment issues

Groups are still in an early development phase and Microsoft isn’t providing a full set of cmdlets to control and maintain groups. Whereas you have cmdlets like Get-GroupMailbox to play with, the lack of cmdlets to add a new group or to delete a group is notable. Forcing administrators to use the Exchange Administration Centre (EAC) to perform these tasks won’t be popular, especially in large deployments where scripting is used to automate common tasks.

No migration facilities exist to move content from other Microsoft collaboration repositories such as site mailboxes, public folders, or Yammer groups into Office 365 Groups. You can’t even drag and drop items from a mailbox folder or public folder to create a group conversation.

Microsoft has done a lot of work to implement compliance features within Exchange over the last five years or so. It’s therefore surprising that you cannot apply retention policies or holds to group mailboxes. Although it’s true that attempts to hide material by moving items from personal mailboxes into a group will be detected by in-place holds, the lack of support for compliance features seems like an oversight that needs to be addressed soon as otherwise many companies will not be able to use Groups.

On a positive note, although the picker used to add mailboxes to an eDiscovery search does not allow you to select Groups, eDiscovery searches will locate content because both SharePoint and Exchange support the Search Foundation and items added to the OneDrive for Business document library or group mailbox is indexed and uncovered by searches. In Figure 10, you can see how an item posted to a group is included in the search results preview. Two copies have been found, probably because two of the mailboxes specified as sources for the search are members of the group containing the conversation. In addition, if conversations are distributed by email, the messages containing the conversations will be found in the mailboxes of group members if they have not been deleted.

Figure 10: Reviewing eDiscovery search results that include some group conversations

One disappointing point is that you cannot recover a group that is deleted by accident as Office 365 does not currently offer a restore method. These things do happen and saying “sorry, but that’s it” is not a great answer for an administrator who has just deleted an important group by accident.

Another issue that you might face is the lack of offline access for content added to group, unless of course they are distributed by email and end up in mailboxes. Files placed in the OneDrive for Business site can be synchronized, but I bet some customers will look for full and seamless synchronization of mailbox, calendar, and files.

No information is available as to how scalable groups are if they become the collaboration fulcrum for large organizations. The mailbox should not be a bottleneck as current software is designed to handle very large quantities of items and gross storage (over a million items amounting to over 100GB). In addition, Microsoft has had recent experience of scaling up public folder mailboxes to deal with large numbers of concurrent connections, so that should help too. Still, no one really knows how a group will work after it has been in use for a year or so and accumulated 50GB of contributions from thousands of users. Real-life performance characteristics and planning guidelines are aspects of Groups that will only become clear in time.

On-premises anyone?

Microsoft has given no indication when they might create a version of Groups that can function in an on-premises deployment. This isn’t altogether surprising because of the amount of integration necessary to knit together Exchange, OWA, and OneDrive for Business to present Groups, which is the kind of complexity that proved most enjoyable when a similar effort was required to deploy site mailboxes. Microsoft takes care of all the heavy integration and interconnectivity lifting within Office 365 and users see pure functionality, which is why they’ve been able to develop and roll out Groups with no effort on the part of tenants.

Getting new functionality is good. What isn’t so good is the growing functionality gap that is developing between on-premises and cloud software. Office 365 has added major features like Groups, Office Delve, and People View over the last few months and Clutter is soon to appear. On-premises software remains pretty static waiting for the next major versions to appear in late 2015. The speed of evolution in the cloud and the difficulty on-premises customers have in deploying new software is becoming more apparent every day.

Moving forward

I began by comparing Office 365 Groups to standard email distribution groups but that doesn’t accurately describe what Office 365 Groups can do. Sure, you can certainly set up groups to replace some email distribution groups and you will get the desired functionality. Those who use Outlook and other clients rather than OWA will be able to participate in conversations, share calendars, and access the OneDrive for Business document library. They won’t be able to see the conversation view or search for previous contributions, but they will be able to participate and collaborate in a richer fashion than is possible with a standard email distribution group. 

Although Outlook doesn't support Groups now, you can play games with URLs to force Outlook to show what might be possible. Take the example illustrated in Figure 11 for instance. It shows the folders in the shared mailbox used by an Office 365 Group displayed in a web page. The magic here is to associate the URL for the group with a folder so that Outlook will access the URL whenever the folder is opened. In this case, I used a URL of the form https://outlook.office365.com/owa/[email protected]/?offline=disabled#path=/mail to have Outlook 2013 open the group. You can see some of the same content as accessed through OWA's full interface illustrated in Figure 4. It's an interesting experiment but in no way anything like what you would expect from a full integration, something that is unlikely to come along until Microsoft delivers the next major version of the Office desktop applications in late 2015.

Figure 11: Outlook 2013 displays the folders in the mailbox for an Office 365 Group

Overall, Groups look like a nice addition to the collaboration capabilities available in Office 365. I have some concerns about some aspects of their manageability, especially in large organizations, but I expect that Microsoft will work on these issues and that we will see a more rounded implementation appear over the next year or so.

Follow Tony @12Knocksinna