Skip to main content

A lot of organizations manage their accounts (for employees) in (Azure) Active Directory and have a lot of security groups that contain people based on their organization structure.

Security group in Azure Active Directory

If that company also uses Office 365, they have to manage O365 groups.

In this article I will use both terms O365 groups and M365 groups. Microsoft decided early 2020 to rename Office 365 groups to Microsoft 365 groups.

With the current covid-19 crisis, a lot of organizations are moving to the cloud to use Microsoft Teams. They need to be able to create O365/M365 groups based on their security groups.

If you have a security group in AD called “HR”, you probably also want a O365 group “HR”.

O365 groups work with a lot of tools for people like Microsoft Teams, a shared email address, a calendar, …

If your AD security group are in sync with O365 groups, all people in the AD group will automatically have access to the team in Microsoft Teams. There would be ne no need to manually add a user to the team. If a new employee joins or someone leaves the company, this should be automatically reflected to O365 groups and the members of the teams in Microsoft Teams and the other tools that use Microsoft 365 groups.

You don’t want to manage two types of groups, the easiest would be that you manage everything in Active Directory and just update your Azure AD security groups when employees join or leave.

There is a lot of demand from the community to sync O365 groups with AD security groups:

Microsoft listened to the community and added it to their roadmap:

This feature will provide the ability for Group Owners to add a Security Group as a member of an Office 365 Group. 

In the meantime, some clever guy created a PowerShell script to keep Azure security groups in sync with O365 groups.

You can run this script every 6, 12, 24, … hours from an admin desktop or better on Azure Automation.

Leave a Reply