This is shopar i'm kristoff all
The way from sunny redmond, it's definitely a pleasure to talk to
A topic dear to our heart. What are we going to talk about
For the next 75 minutes? first we are going to talk about
What is office 365 groups. We want to clarify
Misconceptions and confusion that we've seen or heard
Out there.
Why is group such a key teamwork in office 365.
The bulk of presentation this being night much of you assuming
It professionals or task to manage office 365 will talk
About how do you manage groups at scale in a secure way.
We will be doing plenty of demos and showing things that are
Available today and more importantly things that are soon to be released.
That's also where we will cover roadmap.
The last thing we want to cover is product innovation that we
Are working hard day in day out, but there's also other things
That you need to consider to get started on that journey and that
Will be the last section of the presentation. This is a 200 level session so i
Want to apologize in advance, you know, we are not going to do
Extensive power shell command lift and stuff like that, we
Will be plugging in at the end of the session, we have a deeper
Dive session that will go into a lot more detail.
Think of this as part one. I highly recommend everyone
Tomorrow could back for part two tomorrow.
We will give the session code. With that let's get started.
Again as i mentioned we had quite a bit of questions around
Office 365 groups. Groups was launched over three
Years ago. We have tens of millions of
People using it, day in day out to get work done and we want to
Clarify a couple things. First i'm assuming you have
Attended the keynote on monday and there has been multiple
Sessions yesterday as well, but at the high level think of
Microsoft 365 providing a tool kit for teamwork.
Sometimes i tend to joke that collaboration is the new
Currency or collaboration is the new way or teamwork, but the
Companies that can get work done, that can collaborate are
The companies that are going to succeed. There's a lot of statistics and
Numbers that we share in some of those key notes on how we tend
To collaborate more and again the company that collaborates
More are the ones that tend to succeed and survive whatever
Industry you are in. The other point that i want to
Make on this slide is we don't think one size fits all for collaboration.
Maybe 20 years ago when kristoff entered the workforce there was
Only one way to get work done, a one page memo and if everything
Is signed then kristoff can go and write specs or whatever he
Is working on. In this i think a there's
Different tools for different jobs. That's what you see in the top
Part of the slides. Hopefully familiar apps that
You've been using for years or that have been recently launched
Like teams. All those apps, that tool kit to
Get work done is sitting on what we call an intelligent fabric
And that fabric is what we're going to talk about in the rest
Of the session and that fabric is made of azure 365 groups, the
Graph which is intelligence portion and all that in a secure
Way. We will be double clicking on
Office 365 groups in the rest of the session.
Now, the next question that we get quite often is, okay, chris
Off, you get a tool kit, but i'm still confused and specifically
Where should we start a conversation to get work done?
That's what these slides try to clarify.
Where do i start a conversation to get work done?
And typically you need to think about what are you trying to achieve?
Are you collaborating with your direct report?
Is it a practice, is it a project? that will define the type of
Conversation you need to do. For instance, we have the inner
Loop. Think of people collaborating on
A project, they get clear deliverable, they need that
Immersive experience, day in day out, whatever they're trying to
Ship, whatever product they're trying to solve, whatever the
Task, the folks in the inner loop i know the ten people
Working with me to achieve that common goal.
The best rule for that, that's microsoft teams. On the opposite you get what we
Call the outer loop which is think of a test or practice, in
That case i need to reach out across the company, i need to
Tap the collective knowledge and find the experts that help me
File a patent or unblock me on whatever issue.
I don't necessarily know everyone but i know this is the
Place where potentially someone will help answer my questions
And that's the tool for that that is suited for this type of
Conversation is yammer. And then last
But not least for targeted conversation the ub
Quity of e-mail, it's a tool that has been tried and true,
Has been around, we continue to believe in that mode of
Conversation to get work done. Now, all those three
Conversation options that you get are using a common fabric.
Whether it's a project using team or a team using -- a team
Collaborating on a project, whether you are interested in
Yammer or whether it's a group of folks collaborating in
Outlook, all the content, for instance, should be in a single
Repository and that's what sharepoint gives us, all those
Things we are going to be creating needs to be secure and
That's what sharepoint gives us. At the bottom, again, the glue
On all those apps is office 365 groups.
Now, to drive the point forward we have a third slide on this
And hopefully we will qualify what is office 365 groups.
So, again, like was mentioned in a couple slides think of it as a membership service.
A group is a group is a group, it's an object in azure active
Directory and that's it. Obviously i'm simplifying it but
It's got a couple properties that make it special.
It's got that one definition of a team.
One place to manage membership. One place to manage ownership.
One place to manage specific attributes. As you will see number so of the
Demos the other benefit of groups is we have this notion of
Resources and loose coupling. Wherever you create a group, for
Instance, you create a team or go in yammer and create a group
On yammer we are going to end a sharepoint team site.
That's done automatically, end users don't need to think about
That. What's the flow on users, it's
Typically an end user is growing in the app of choice to get work
Done, to do teamwork, they will create a group and then on the
Back end we -- they will type in a name, description, maybe put a
Little picture avatar, define a set of members, all that
Information is actually being pushed to azure active directory
Which is the master for that group. And then on the back end, like i
Say, we add additional services, all that transferring to the
Users and in seconds, obviously the end users doesn't need to
Know about azure directory.
To drive the point further on how group is important to
Teamwork there are nine applications if you like that
Are built on groups today and that first slide only shows a glimpse.
Outlook and sharepoint has been the first ones but some that
Weren't in the prior slide's planner, right, that launch
About a year ago, microsoft stream that we've launched in
The spring, staff if you've never heard of it think of shift
Scheduling for retail or if you are in the hotel business, that's every time you create a
Schedule you create a group, an office 365 group.
Obviously on power bi those work loads have been using groups
Also for a while. The point i want to make is
You've hopefully a lot of us on the journey to 365 but what i
Want to stress is anything that requires more than one person to
Collaborate it's built in using office 365 groups. So hopefully that first section
Clarifies that. I will do a quick demo and then
We will dive into how do you manage office 365 groups
At scale.
So to illustrate that notion of a membership service i will do a
Demo that we started showing yesterday that a lot of you have
Been asking which is historically i might have lots
Of sharepoint team sites with valuable information that help
Me graduate into this vision that you have for teamwork where
I want modern team sites. I want more than just a team
Site, i want maybe conversations, i want maybe planner for task management,
Maybe i want an easy -- a central place to manage
Membership, et cetera, et cetera. So i'm going to be showing you
As i'm going to -- what we call group ify i'm going to upgrade
An existing site collection map
To groups. What you are looking for is
Standard team sites and it's as easy as a couple
Clicks. Here i'm the owner of that site
Collection, so here is a new button connect to office 365
Group, i click on that button and there is a wizard that
Reiterates the benefit of upgrading that site to one
That's tied to groups and it's got a simple field, maybe i will
Make that site private initially, connect to groups, i
Can add additional owners, i'm not going to do that and just
Hit finnish. What it does is it converted to
Modern team site as you can see it's got the modern web part,
Connectivity, all the documents, all the glory, all the
Investments that the sharepoint team has been doing in seconds.
Certainly i've got this, but guess what i have a lot more.
So let me show you the back end. This fuel reps north america
What i'm going to do is prove it to you that the membership is
Now an office 365 group. What i did is i switched to
Azure active directory, the portal, and in there was a way
To manage groups and you will see us do that a few times
During this session. You will just refresh the screen
And pull out all those objects for contoso
And let me scroll to if we can find fuel
Reps north america
And voila. There is just one user but i
Wanted to prove it to you that membership has been elevated
From being managed at sharepoint
Ctory. To prove it to you that it's not
Just upgraded or modern team sites, if i click to
Conversation -- i guess it's not quite ready, but anyway, you
Would get to, for instance, in this case the shared inbox that
Comes with the group. We still have a little work to
Do but hopefully you get the idea that in seconds i took my
Team to the 21st century so they can do teamwork.
Ins i'm talking about sharepoint one thing that you've always
Been asking us is make it easier to manage team sites that are
Mapped to groups and i'm also happy to be doing a demo on how
We improve the administration. The share point team has been
Working hard to deliver a new admin center to help you manage
Sharepoint team sites at scale and in this flight you see this
Is the sharepoint admin center, here i have a link toe top, try
The sharepoint admin center. Here
Is the new view and if i go to site management here is all
The team sites, the regular ones are the ones being managed at
Groups. Yes, you can continue to use
Power shell if you like but we brought it in a user friendly website.
There is a dedicated session on sharepoint center tomorrow morning.
So that concludes this first demo to illustrate the notion of
Grouping a membership service. Now, let's switch gears and talk
About managing groups at scale.
The first question before we jump in that typically has been
Causing some angst and some push back or question from
Administrators is this notion of self-service.
What i mean by that is groups by default everyone can create a
Team in teams, a plan in planner, a group in outlook, et
Cetera, et cetera. The question is why is this so
Important and how do i do it at scale. Here is two
Statistics that our marketing team just published,
But at the high level 80 of employees admit to using
Non-approved software as a service application.
In this industry we also call that shadow it.
I don't know if that's the case for everyone here in the room
But it's just a reality. There will be some shadow it in
Any organization because in this day and age kristoff the young
Graduate from university, i've got a mobile phone and if i'm
Not given the tools to collaborate i can easily install
The app du jour on my phone and voila.
My patience, is only going to go so far.
I'm not going to wait two months or four days to get a place to
Collaborate with my team. So the companies that have
Enabled cell services, like i say, groups has been around for
Over three years, they have fallen into two buckets, yes,
You can do self-service, that's what we call the open bucket,
But do it in a controlled way. Put around some plans and
Checks. Yes, you want to create groups
But those groups should be classified. The rye minder of good usage and
Groups. That's what we call the open.
For instance, we were just earlier a session from our
Microsoft it colleagues that we are talking managing groups at
Scale at microsoft. Microsoft we have enabled
Self-service but we've definitely put a lot of
Governance to make sure everything abides by our
Internal policies. The second bucket which is troll
Which is that's companies that disable self-service for the
Organization and typically the use case is on that journey to
The cloud let me maybe do a pilot, let me maybe do a
Prototype with marketing and only enable folks in that
Organization to be able to create groups.
And typically as companies are graduating as we are boarding
People to the cloud, as we are learning, celebrating successes
Then we start expand to go more and more users.
The idea overtime is you completely remove the block and
Go back to the first bucket where it's self-service in a
Controlled way. Last but not least.
Red bucket is again based on the people that are using groups
Today, those are common things regarding where you fit in,
Whether you enable self-service or control who gets to create
Group there is a common set of things you should be doing.
There's processes you need to put in place with your ticketing
System and help desk. If kristoff accidentally deletes
A group how can he open a ticket to get it restored?
If kristoff leaves the company abruptly how do we make sure
That that group that didn't have an owner is assigned a new owner.
Et cetera, et cetera. So during the next 45 minutes or
So we're going to go deeper into all the things you need to config to do all those things
Successfully. Back to you.
>> Thanks, kristoff, for starting us off.
As kristoff mentioned, the importance of self-service to organizations.
It is by far the only way that you as organizations can utilize
The full power of the microsoft 365 tool kit.
So let's talk about that for a bit. It's one thing to enable self-service but how are you
Going to sustain it at scale? that is the key problem that all
Of you are facing today and the rest of the session here is
Talking about what are the tools and capabilities that we have
With office 365 groups that help you manage and sustain keeping
Self-service enabled for your all right. So the first policy that we have
Is group creation permissions. I know it's contradicting the
Statement i just maed to say, hey, you have to keep
Self-service open, which is the ideal case that we want
Everybody to reach, but we do understand that there is a
Practicality to the situation based on where your cloud
Journey is today. Perhaps you haven't completed
All of your deployment, perhaps you haven't rolled out all the
Guidance that you need and during the course of which you
Want to restrict or control group creation and allow only
Certain people in your organization to create groups.
It's possible today and we will be giving you a demo shortly as
Well about it. But the key part here to note is
That there is -- you know, you can use a security
Group, for example, there are schools where
They want only teachers to be able to create groups, they do
Not want students to create groups.
The way you would manage that at scale would be to create a
Security group, add all the teachers in there and use that
To manage how they will control group creation for you.
Better yet, do it with a dynamic group.
So that when new teachers come into your school they are
Automatically given the permission to create groups and
It will help you scale. One thing to note here, please,
Is if you restrict a user from creating groups, this user is
Restricted from creating groups across outlook, sharepoint,
Teams, et cetera. So this feature here is at an
Aad level so please be aware of it.
We've seen cases where people are restricting group creation
But forget about it. So please take the time to
Revisit this policy once you go through your cloud
Journey. >> Naming policy.
I want to hear some noise for this feature, come on. [ Applause ]
>> So we're happy to announce naming policy at ignite.
This is currently in preview. Please let us know if you are
Interested in participating. But this is one of the most top
Requested features by all of you and it's there, it's alive and kicking.
So two things here that i wanted to mention, clarifying.
We always have the ability to create naming policies when you
Create groups in outlook, but what happens when you go to
Create a group from planner, when you create a group from
Sharepoint, those naming conventions are not applied.
So with this feature what we do is we elevate the naming
Conventions at the aad level so now you can enforce all your
Naming conventions --
>> Sorry. >> Sorry.
So you can enforce your naming conventions at an aad level and
It enforce it is across all work loads, be it sharepoint, be it
Teams, be it outlook.
There are three things here naming policy that you need to
Be aware of, there is the suffix, there is the prefix and
Blocked words. For example, if you want to, you
Know -- there are schools in a particular district, there is an
English 101 class in this school, there is another english
101 Class in another school. So there is an english 101 class
In this school and there is another english 101 class in the
Other school. So how do you differentiate
Between the two or how do you tell them apart?
You could use naming conventions to clearly identify which
Classroom or which class is associated with school.
Similarly, if you want to think about, hey, how do i find out
What are the groups that my management department is
Creating, our marketing department is creating,
Similarly you can use the naming conventions there.
Blocked words. For example, you don't want hr
At contoso.Com to be taken up as any of your users so you could
Use that as blocked words so that users are not able to claim
That. For example, even
Satya@microsoft.Com we don't want that to be a group that i
Am, right? from a guidance perspective
Please think about it while you enforce these policies, keep it
Short and simple. Think about it from a users perspective.
If you have really long names and each you when you are
Looking through a laundry list of all these groups in your
Organization, it's going to be rather difficult to tell one
From the other if you don't have clear guidance on how to name
Them. Expiration policy, yet another
One that you guys have been requesting time and again, time
And again, yes, you got the [ inaudible ]. Come on, let's do this.
And happy again to announce this at ignite.
This is in preview currently. So what does expiration do for you?
It helps you keep the resources that you need and do away with
The ones that you don't. For example, when you have
Self-service enabled for a lot of users projects change, people
Move on to different things and lifetime of the project is done.
You want to make sure that whenever these
Resources are --
>> The reason you can manage the set scale is because the way
Once you set a group for expiration and you can onboard
It based on time periods -- [ no audio ]
[ No audio ] >> -- you've sent a notification
To groups who have owners, what about groups that do not have
Owners, either the last owner has left the company, something
Has happened, a group can get ownerless. We also have the ability for you
To set an e-mail address -- [ no audio ]
>>> -- For the ownerless groups will be received and we will
Show that to you in a minute in the demos.
This is how microsoft it has onboarded and been using
Expiration for a bit and we are seeing some really great usage
And feedback coming out of it. Some things to note here based
On guidance that we've been working with companies around is
Please be sure to send out some kind of notification to your
Users before you onboard this policy.
Just to set expectations with them to say, hey, this is
Happening, we're doing this. Please look for this kind of
Notification because, you know, when suddenly all of a sudden a
User sees an e-mail they don't understand what's going on, et cetera.
Please do that. The other aspect here was also
Around partnering with your help desk teams.
Many times we've seen where, you know, an owner has gotten a
Renewal e-mail, they are off on vacation, they come back after
Some time, uh-oh, the group has expired. What do we do now?
Or they don't understand where this expiration e-mail is coming from.
They typically call help desk and you don't want them at the
Taj where they don't understand what to do so please partner
With them as well. For all those oops e-mails as we
Said i might need that one last bit of information from the
Expired group, et cetera. We have the soft delete and
Restore. So life is giving you a second
Chance here. If a group is deleted so it
Remains in the soft deleted state for 30 it days from there
When you restore the group all of its content can be restored,
Not only the active directory object or the members but at
This point you are restoring the conversations, the files, the
Chat, et cetera. Whatever is associated with the
Group, everything comes back to life. After 30 days it is hard
Deleted. Like i said, please do
Communicate the restoring process with your users.
We have seen a lot of oops
All right. Enough talking let's get to a
Demo, then. Okay.
So this is your familiar azure portal, azure active directory
Portal, if you are not familiar with it then please do
Familiarize yourself.
This is your top level node and you have something called a
Group settings here that you can
Go to.
We're talking about the expiration feature here, so you
Can see there is the expiring tab, click on it and it says
Clearly it's in preview. All right. So here is where you set the
Lifetime on, you know, which groups after which time do they
Want to expire. This is a place where you can
Select the names for where the e-mail for the ownerless groups
Need to go to. You can either set expiration
For all the groups or you can onboard particular groups based
On name. Let's try and
Do that. Simply select it and these are
All the groups that have been set for expiration.
Now let me cut to the chase and show you the wrong renewal
E-mail -- no, the right one this time. So this is what an owner
Typically gets when groups are onboarded on to the expiring
Engine, they get an e-mail like so which tells them exactly that
The group is going to expire and a call to action to please renew
The group letting them know that if the group expires then all of
The content is gone as well. Clicking on the
Renew button gives us success and that's
That. For the ownerless groups, like i
Said, this is a very similar e-mail.
I had put my e-mail i'm megan for the session so i put my
E-mail in there as you can see.
And so megan gets this e-mail and because gault has left the
Company and hence the group has become ownerless for this group,
I get the same e-mail and i can renew it right from here.
Now, let's go to soft delete and restore.
Give this a minute. The point here is that soft
Delete and restore you can do that restoring capability of a
Group, you can do that from your eac itself.
No need of knowing power shelf for this.
You can just come to the ui and get
That going. You can see there is a status
Call and there is -- it clearly
A not saying groups are deleted and then you have a button here,
Right from here to restore.
Continue. Yep.
Oh, okay. But trust me,
It works. All right.
I will wait for you, kristoff. >> Okay.
The first demo i will go over is this motion of controlling who
Gets to create group and in this case the persona is lee and lee
Unfortunately didn't make the cut to be able to create groups.
As you can see i want to be very clear. Disabling creation doesn't
Prevent the users from being a member and actively work in a
Group, whether it's in teams in outlook and so forth.
So let me put it to you that lee cannot create a group, i go here
In for instance in outlook, i troo to click create group and
It says the ability has been turned off and, you know, let's
Try to -- let's try a back door, let's try to add a team in teams
And i don't have that option. Let me try to do the same thing
In planner and same thing it's been disabled.
The point sieve' talked to a couple customers early on.
Yes, in the group there was a policy in exchange only but i
Was only blocking from creating groups from the outlook endpoints.
If you really want to truly block group creation across all
The apps, those nine applications that i listed it's
In azure active directory that you need to do that.
Let me show you a glimpse of what i did in this demo.
Let me switch to alex who is the administrator for contoso.
Back in azure it's a well documented process but we've
Created a security group, in this case i wasn't too creative,
But basically it's called hello to create groups and in this
Case to make it a little smarter that security group the member
Sieve is actually a dynamic membership. The dine row is, again, maybe
It's it, maybe it's marketing, maybe in the case of education
It's staff or teachers. You don't want to manually
Manage how many teachers do i have in my school district and
Every time someone joins add them to the active directly
Like, again, from a -- the theme here is how to manage group at
Scale. You the administrator do not
Want to beat a bottleneck, you don't want to be managing every
Time someone joins or leaves. Here i have set up a dynamic
Membership, because i was having fun on the demo i say everyone
In the u.S. Can create a group except for the poor lead that i
Prevented. You get the idea. The recommendation, obviously
Create a security group but don't just manually put the ten
Of you in it, put a dynamic membership. Okay.
And the -- that leads into the next demo which is naming policy.
So in this case since i cannot create a group with lee i need
To show it to you a naming policy being applied from a
Different persona. In this case i'm patty, again,
That wonderful contoso and patty
Is going to start creating a group from in this case outlook
On the web and i'm going to type some letters and
You can see here
That g 1 has been prefixed by three letters, grp and then
Suffix with operations. Basically what we did we put a
Hard coated spring as a prefix and as a suffix we put the
Department of the users creating a group.
So again i get a glimpse, you know, before creating a group,
But guess what, let's create a group in sharepoint.
Patty is going to go in sharepoint, create a team site
And maybe we can go g 2 not being very creative.
Again, not naming policy, it's showing me in green what it's
Going to look like and i can hit next and voila -- maybe not.
Anyway, i will keep going. And to show it to you last but
Not least let's create a team in teams. So i create a team and in this
Case i will go g 3 and you can see --
[ No audio ] >>> when i hit next grp for
Group, the name i gave and the department of the user creating the group.
Ct-[ no audio ] [ no audio ]
>> What's going on, right? so definitely think of the end
Users and don't go too crazy on prefix and suffix.
And then the second thing i want to mention that i learned way
Back down in engineering school, garbage in will equal garbage out.
If you're doing dynamic attributes aka the department
Of -- [ no audio ]
>> -- Guess what, it's just going to be blank names so it's
Not really going to leverage the naming policy that you apply.
So you've really got to groom your attributes in active
Directory at the user level to make good use of that if you get
Dynamic attribute. Let me show you briefly those
Settings -- i know i said i wasn't going to show you partial
But i couldn't resist. I wanted to prove it to you --
Actually, no, i'm going too fast.
One mortem mow. I've shown prefix and suffix.
The other thing we've done with naming policy is block words.
Maybe patty is on a roll and patty is going to use some very
Bad words in french and -- it's not working.
Okay. Let me try -- let me try here in outlook.
So the other thing we've done is not just prefix and suffix but
Blocked words. Here i'm typing some letters, i
Will let you figure out what this means, but the point is
This beautiful french word in the name cannot be used, right?
Now, it doesn't have to be a french word and nothing against
French words, i try to say i'm french but, again, think are reserved words.
Just like satya nadella, you don't want someone to prevent to
Be the ceo to get confidential e-mails.
You don't want create to create sales at contoso, you want it to
Be a reserved name for your sales team or something.
Think of blocked words not just blocking bad words but also
Blocking reserved names so you have law and order.
Okay. I've showed you blocked words.
The last thing i wanted to show you is, again, how did we do all
Those i think so this. Again, plug in for the session
Tomorrow that mike and dj will be doing at 12:30.
They will give you the inside out. Basically we've done a couple
Things through partial. We've set those custom block
Ward lists, you see that word here that i blocked, you can
Also see here the naming policy with the hard coded prefix, here
Is the group name of the user and more importantly the
Department of that user. And then the last but not least
To show you that this was real to control the creation policy
Here you give it a good, so global unique identifier of that
Security group that you created and use dynamic membership.
This is how you do all those settings. Let's switch gears and let's go
Back to the slides. So the next topic we have
Hopefully given you a couple -- a couple starting points to
Manage groups at scale. Obviously the second question
That's top of mind day in and day out is how do i keep everything secure.
And it's not just secure, i'm sure based on where you operate,
What industries, what country you have on internally you will
Have a set of governance and regulatory policy that you need
To abide by, right? if you are a bank, if you have
Traders working on wall street in the u.S., You have to retain
That data, i think it's five years.
If you are in healthcare, same thing. You might have to retain data.
Or internally if you're filing patents to protect your values
Assets your legal team might have specific guys to protect
Those documents or conversation. If the company is in sued you
May need to put some in discovery, et cetera, et cetera.
That's the next couple slides i'm going to talk about related
So this is a pretty busy slide but let me try to give you the highlights.
We do have a mechanism to set governance at groups.
At the very top typically what we recommend is set what we call
Usage guidelines, i will be demoing that later.
We are all humans. Yes, self-service is great but
Let's remind kristoff how groups should be used and how they
Should not be used. Let's remind kristoff that if a
Group has confidential information it should be private.
Let's remind kristoff that if a group has maybe customer
Information we cannot have guests enabled for that group
And that list goes on and on. I'm sure you will have a digital
Charter that your human resources department has that's
Published on your internet, same thing applies to groups, let's
Remind the users of good news and bad news.
The second thing that you should be setting is what we call classification.
We know to the all groups are created equal, are not used same
Way and have different shades of sensitivity.
For instance, us and microsoft we are basically three tier,
Low, medium and high. If a group is high, that means
Typically like i said it contains customer information, financial information, blah,
Blah, blah. If it's high and it should be
Private and guest access meaning inviting folks outside of the
Directory should be disabled but the list goes on, right?
You can imagine all the policy that apply based on the taxonomy.
Basically you want to set that up front at the self-service
Moment you want the users to start applying or classifying
The groups in the right way. The next thing you want to set
Is what we call retention policy.
Now, again, there is actually full track and a lot of great
Sessions this week about that, but again based on regulation or
Based on what your legal teams has asked you to do you might
Have to keep information for a certain number -- period of
Time, whether it's one year, one day, seven years or
Indefinitely. And it goes beyond that.
There's also industries where it's the opposite.
You need a deletion policy where you don't want to retain
Information older than x, x is a day, x is a year, whatever it is.
And then the last thing that you've got to canner this notion
Of labels. Labels is something we've
Introduced back in april in 365 and think of it as a mechanism
At the granular level to tag information, let it be an e-mail
Or a document and you can do that manually or automatically
But the idea is when you tag let's say a conversation or
Maybe a document for a patent, that label is then going to be
Tied to a policy, for instance, a retention policy.
If this e-mail is about a patent we're filing, if this document
Is about a patent we're filing those two should be retained
Let's say for seven years. Again, there's extensive content
This week and we forgot to mention all the slides by the
Way i see a lot of people taking pictures, you can download them.
Highly recommend in all the slides there is extensive link
To the documentation with respect to all those topics.
Labels you're going to see it's a long scroll.
Definitely read up on that and see if it fulfills your
Regulatory or government's needs. The next thing i want to talk
About with respect to governance is guest access.
Again, guest access is something we actually demoed at ignite
Last year in atlanta and we've delivered over a year ago that
Millions of people are using and the reality is very simple, you
Have to stay on edge, collaboration is the new
Currency but there's always that project where you need to bring
Someone from the outside, you need to bring benjamin from
Montreal because he is the expert and the one who is going
To help me on my project. I into he had to bring that
Event person who is going to be setting up a booth at a
Conference in orlando. Et cetera, et cetera.
But you needed to do that in a controlled fashion and that's
What we've done based on the feedback we heard from a lot of you.
Can you white list or black list specific domains? yes.
Can you block adding guests at a group level?
Yes. Can you enforce [ inaudible ] so
That when benjamin was added every 30 days i need to confirm
That he need needed to access that information? yes.
And the list goes on. So again, absolutely leverage
Guest access but definitely think based on your policies
About putting some of those mechanisms so again you don't
Have things leaking and you are doing things in a controlled fashion.
Again, extensive documentation on that topic.
And the last thing i want to do before i jump to demo is this
Notion of reporting. I'm going to repeat one more
Time like self-service is great, but you as i.T. You audit to be
On top of your games. Let it be -- let's see what
Groups are being used most, let's see what groups are
Potentially being to be running out of storage or just making
Sure that i stay on top of what my users are doing.
Why is shopa deleting 20 groups? is she thinking about leaving
Contoso and trying to wipe a lot of valuable data?
Maybe i need to step in or talk to a manager.
We have that mechanism where you as i.T. Can monitor those group
Activities and set alerts so that potentially if you see a
Red flag you can step in and k proactive versus being reactive.
Again, this topic of reporting is endless.
There are great sessions this week that talk about some of the
Great -- some of the recent innovation we've done to help
You monitor and -- usage and stay on top of how people are
Using office 365. So with that let me show you a
Couple demos.
So first we are going to go back to patty and i want to show you
This notion of usage guidelines and classification.
Here i'm showing new outlook but you can do the same thing the
Same up here is in sharepoint and teams and so
Forth. So let's do a group again.
And a couple things. So first is the classification,
It's medium and actually let me stop zooming.
There's an information box and it's telling me what is the
Taxonomy that i have defined, low business impact, medium,
Blah blah blah, whatever is your taxonomy. So it's reminding up front the
Users what to do. The other innovation we did
Compared to a year ago we've enabled you to set a default, we
Set the default for contoso as medium. It could be high, whatever it is, right?
So that again you make sure that you -- it's flagged early and
Then the user can maybe modify after the fact but at least you
Have a classification to start with. The last thing i want to show
You is this notion of usage guideline. There is this link with the idea
Of let's help the user understand how to use this in a
Proper way and remind the users what are the incorrect way of
Using this. So you can set a url for demo
For redirected group but think of redistricting users to your
Hr charter on how people should
Collaborate at your organization. That's a classification and usage guidelines.
Let me switch to administrative use, let's go back
To alex. No,
That's lee. So let's talk about retention.
So here i'm in the security and compliance center, there was a
Full track on this this week, if you are not familiar with it
Definitely attend some of the sessions and do the lab but here
In the security compliance there's many things you can do. If you go under data governance
There is this node called retention and what's super
Exciting that we've delivered back in april, we made it very,
Very easy to set a retention on all your groups or a single group.
Hit create, i get a little wizard
And i will say retention
Type, policy, hit next and here is the fun part.
So i can retain it for seven years, that's the default, or i
Can remove that and say forever and where it gets interesting
Is, like i say, you can also set a deletion policy.
No, just delete content older than x, right?
So like i say this could be forever, whatever i want to
Retain valuable information for five years or whatever it is, or
A day or go as deleting data that's one day old.
Okay. Now, i just hit next and this is
Where we made it europe easy. You can set a retention policy
And all the work loads. Let me show you here
Specifically what we added in april is you've got a single
Node for office 365 group and i can pick and choose.
You know, for instance, the marketing campaign -- maybe i
Don't want to complete but i can pick and choose specific things.
Maybe i have a forever retention policy on my engineering team, i
Want to keep all that data whereas the ticketing group i
Want to flush data, whatever it is. Right.
So you can pick and choose based on your needs.
So that's retention policy.
The next thing i want to show you is how do you manage guests
And make sure that guest access are being governed according to
Whatever your needs are. So to do that switching back to
Patty, let me go in here, let's discard this.
The first thing i'm going to show you is in this example
We've blacklisted or number one competitor. What this means is fabric cam is
Our competitor, we don't want anyone at contoso to add someone
From at fab k brick m.Com. So in this case i'm in a group
Video production and patty is thinking they can invite
Somebody from fabric in, i will just
Call it user@fabric cam.Com. Looks like i can do it.
Do you see this warning, there will be limited access to the group.
I think i can do it.
I save and, no, i cannot add a person from that domain. Okay.
First demo, black listing a specific domain.
Second demo we can be even more granular and in this case patty
Is part of the research and development group, this is what
We call a private group, it's got a high classification
Because it's got valuable information so, again, let's
Pretend that i'm not thinking, it's one of those days and let
Me just add my buddy at gmail, for instance, as part of our r &
D group in this case the gmail
Account -- story, i'm losing my steam -- the gmail account was
Not added, right?
The script that runs and disable adding guests at the group
Level. So that's to disable guests at a
Group level and to take it even further step --
[ No audio ] [ no audio ]
>> -- The partner sales team and think of that as all the account
That i need to approve, reject, et cetera and this is as
Granular as reattestation every 30 days if you want to be
Really, really granular. A test that each of those users
Can continue to be guests in a specific group.
Again, i know i'm going very fast. Get the link that i put in the
Powerpoint to know how to do all those things and in this one in
Particular since in public preview we're definitely looking
For feedback. So definitely kick the tires and
Give us feedback through user voice on how it can be improved.
The next thing i want to show you switching gear from guest is
This notion of uit want to be on top of your game.
One thing i've done here in this demo, i've set up an activity
Alert on anyone who deletes a group i want to be notified.
Now, this is just an example and you see here i get an alert, an
E-mail, we've detected an activity to one of our alert and
I can go directly to this im in the security and compliance
Center. So, again, if you are not
Familiar with the security and compliance center there is this
Notion of search and investigation, it's loading the
Data but basically we audit anytime someone creates a group,
Every time someone modifies a group, let's say a name, anytime
Someone added members to a group or anyone that deleted a group.
In this case i just set a rule for deletion but i can go in
Here and i can see what's going on. Wrong
Policy. Anyway, i can look at the
Details, i can maybe reach out to the users and so forth and
Again like i say potentially reach out to their manager why
Are all those groups being deleted, i can get additional
Information for each of the users.
So that's audit lock search. The last thing i will show you
From a reporting perspective is this thing: in this case i went
Back to the admin centers and there is a couple announcement
Earlier this week so i go to usage, we've announced a new
Role to access the usage data
And a gazillion reports.
I want to show you this group activity report. Think of this report of you
Again taking the pulse of the patient.
You can tell this is a demo
Tenant. Obviously we've been placing
Prepping but i can get how many activities there are
In yammer specific to a group, how many
Files are stored in sharepoint, how many e-mails are being sent
And i can be more granular and look at things on how much
Storage i've consumed. Other things people have asked
Are coming a teams, teams is maps to groups so i should also have a column.
That's coming, too, in the coming weeks or months. So with that let me just make
Sure i've done all the things -- yes.
I've done all my demo. Let me go back to slides.
Okay. So just to wrap up on those two
Sections we've showed you how to manage group at scale and showed
You how to govern and keep your group safe.
The next question is, okay, what are we working -- what are we
Working on next in the beautiful redmond kitchen.
Here is the roadmap and a lot of the i had ems we have already
Showed you on this inspiring ship navigating to the horizon.
Let me clarify. We say there is a couple things
Still in preview that i showed you that we're looking for
Feedback and i'm stressing this because it's true.
A lot of the things that we get in preview it's an opportunity
For us to make a change before we release it worldwide to all customers.
Expiring policy in preview, you definitely can use it.
We continue to gather feedback day in and day out.
Naming policy, same thing, it's in private preview by a few
Pretty soon we're going to expand that.
Guests also in preview. Default classification that is
When patty created a group, medium by default, same thing as
The description of that classification that i told you
You should config for your tenet.
That's what's rolling out. The next question is what are we
Working on as we speak. This is what we call in development.
This is not an exhaustive list but this is some of the key
Items you've been asking us to do.
Guests like i said is a key thing. Are we going to continue to
Improve guests to be even more granular? absolutely. One of the things we're
Currently working on is the giving you the ability of
Specific terms and conditions. Let's say i bring kristoff on a
Supplier when kristoff logs into contoso because he is from a
Splar he needs to read terms and condition before he enters
Contoso to get work done. Common use case.
Expiring policy, same thing, shopa showed you how you can set
A time frame, et cetera. We are not going to stop there
Based on feedback and -- feedback we got from you and
Some of the ideas we already have. Custom e-mail notification we
Heard you that maybe the e-mail we provide maybe you can
Customize it and make it more branded to your organization.
Sharepoint i already talked about.
Yes, we're going to give you the ability to upgrade an existing
Team site to group one, yes, we're going to able to manage
Sharepoint team sites directly in the user interface, continue
To use power shell but for those of you it's not your cup of tea
You can use the brand-new sharepoint admin center to do that.
One thing i didn't demo that you've been asking us with respect to sharepoint when i
Create a team site give me the ability to apply specific template.
That's also coming on the horizon.
Yammer it was a roadmap on monday and some of the
Highlights with respect to groups, yes, going forward
Yammer wants to use sharepoint as the default for its document storage.
Other things it's going to implement is enforce the naming
Policy we delivered in azure that i demoed earlier.
That's to leverage guest access that i already demoed quite a bit.
Other things if you are an international organization that you've been asking us is give me
The ability when i create a group and let's say i'm based in
Unit to have the data for that group store where the creator is physically located.
So the data at rest whether it's the sharepoint team sites or the
Shared mailbox should reside let's say in europe if i'm a
European employee. There is a section tomorrow that
Talks about our multi-geo roadmap. Last but not least teams, yes,
Teams there is a big bet on we are investing heavily, we just
Started releasing a glimpse of guest access, yes, we are not
Going to stop there. Msa supporting guest msa account
Has been an ask. Multi-support larger team has
Been an ask and there's more. Like i say, this is not an
Exhaust sieve list, there is an individual roadmap in all those work loads.
The call to action is monitor the roadmap as we're adding new
Items and status has changed using the roadmap url at the
Bottom of those slides. Now, with that let's go into the
Last section for today which is let's talk about getting started
With groups. >> All right.
This is something that all of you have kept asking us, how do
I begin my journey to enable groups in my organization.
This is something that we've put together by talking to all of
You in terms of what your needs are and speaking to some of you
Who have been successfully doing it. So let's talk about how would
You maximize success as you get started with groups.
First and foremost, please set your business goals.
What is it that you want to do with groups in your organizations?
Do you want to use it for project or there are many
Organizations where using it for record management, et cetera.
It's important to understand what your organization needs are
Before getting started there. The second point here is pretty important.
Today we are offering you a suite, a suite is outlook, share
Point, teams, so many things together and in order for you to
Take full advantage of all of this you need partnership from
All the different administrators as well in order to make the
Successful. So please make sure that you are
Talking to all of these administrators beforehand and
They are the ones who are creating a combined plan for how
Groups get rolled out in your organization because that is key to your success.
The next item there is about using latest clients.
All the features that kristoff showed, very, very similar to,
Hey, you've been asking us i want the ability to save a
Document to a group directly. I don't want to go to the group
And save it, et cetera. All these new capabilities will
Come to you using the new client. So please be aware of this and
Think through your deployment
Needs for -- for the latest clients.
Outlook 2016 is the key there for any e-mail based clients, of
Course, if you are on web access, that's great, you're
Already set. The other thing that we've heard
Time and again from people who have been doing this right and
Who have been successful is finding those groups that are
Successful in your organization. Kristoff showed you activity
Reports, et cetera, and you as administrators and business can
Go and look at which departments in your organization are using
Groups today and how successful they are and you need to be able
To look at them in order to amplify them and tell the others
Why they've been successful. This is how you can stoke the
Fire and help everybody else realize how groups are effective
Here. Last but not least i'm sure all
Of you have got many things going
On in your tenets today, you have existing tools that you
Use, for example, distribution lists or sharepoint team sites,
Kristoff showed you a great demo where you can take a steam site
And society that with a group and in the next few minutes we
Will also show you how you can take your dl and make it a group
As well. So these are some of the
Starting points, if you will, to say, hey, i don't have to go
Create my fresh new group. If you have existing things
Please use them, take them into the groups world.
With that as we are talking about we have the ability to
Upgrade distribution list to groups in outlook and i will
Show that to you. You can do this via power shell
Or via eac. There is detailed documentation.
Please look at it. We have a session as well so
Look through the recording for that.
Next up is the notion of associating groups with existing
Clean sites. We saw this.
Last but not least i want to emphasize that groups is a
Platform and you can use it for your application development as
Well to enable some of your line of business applications and to
Increase your business process integrations.
We have things like connectors where you can extend teams as
Well and integrations and sharepoint available to you to
Extend your line of business applications.
Lastly, as you go through your cloud journey please be aware of
Your licensing needs as well. Some of these features that we
Showed you require additional licenses.
So please speak with your sales and accounts team about your
Licensing needs. Detailed documentation is always
Available. Fasttrack. This is a free and great service.
Please use it. They help you onboard.
More importantly there is documentation there that you can
Use, it's localized in all languages so you don't have to
Do all the work, you can just use the documentation that we
Have, give it to your users and off to go.
With that let's see if my demo
Works. Thanks.
Like i was saying, we have this ability to upgrade ds right from
Exchange administration center, you can either click this button
Here or use the tool bar option. This shows you a list of all
Eligible deals in your tenant, pick one, select one, or select
Multiple. Please select all and all you
Need to do is click the upgrade and everything is taken care of
For you. What this is doing is actually
Taking your distribution list, creating a group out of it in
Azure active directory, talking all the properties of the
Distribution lists that were
There and putting them on the groups directly.
There you go. Upgrade is done just
Like that. >> Thank you, shopar.
Let's wrap up. So like i said, it's wednesday
Afternoon, we are still plenty of group session and the
Recordings i have already seen that this morning have started
To appear in youtube. Look at the one in orange on the
Bottom the one that between now and the end of the week and the
Others ones are the ones you missed you can watch after the
Fact. Definitely recommend a deeper
Dive tomorrow and they are going to go into deep into
Administration talking about hybrid and advanced
Configuration around managing groups at scale.
There is also a session that i will plug in tomorrow that's a
Repeat which is how to collaborate with groups in outlook.
That's at 9:00 a.M. That bottom session.
So what have we learned today? hopefully in that during the
Session we've, you know, showed you how group -- the membership
Service is a key ingredient for teamwork in office 365.
We've discussed over and over all the teamwork apps that we
Deliver in 365 are the ones that have been around forever or
Recently delivered using groups in some shape or form.
We then discussed how to manage group at scales, how to make it
Easier for you as admins enable self-service but still have some
Guide rains so you can sleep at night and not be stressed on
People not using groups i'm prop i recall.
We've talked also about how to set policies to abide by
Governance, whether industry or internal policies.
We give you pointers on some of the successful customers that
Have been on the journey have applied to get started with
Groups. Now, with that three take a
Ways, definitely attend some of the rest of the sessions and
Ramp up on some of innovations, think about
Enabling self-service with governance and consume all that
Documentation. Last but not least, i mean t
Give us feedback, we can't pretend we know it all.
A lot of the greatest things we've been showing you is thanks
To your feedback. Keep it coming and typically the
Place to do so is our technical community. With that we will be around
Ct-forward the rest of the week. Enjoy the conference and thank you very much for your time.
The way from sunny redmond, it's definitely a pleasure to talk to
A topic dear to our heart. What are we going to talk about
For the next 75 minutes? first we are going to talk about
What is office 365 groups. We want to clarify
Misconceptions and confusion that we've seen or heard
Out there.
Why is group such a key teamwork in office 365.
The bulk of presentation this being night much of you assuming
It professionals or task to manage office 365 will talk
About how do you manage groups at scale in a secure way.
We will be doing plenty of demos and showing things that are
Available today and more importantly things that are soon to be released.
That's also where we will cover roadmap.
The last thing we want to cover is product innovation that we
Are working hard day in day out, but there's also other things
That you need to consider to get started on that journey and that
Will be the last section of the presentation. This is a 200 level session so i
Want to apologize in advance, you know, we are not going to do
Extensive power shell command lift and stuff like that, we
Will be plugging in at the end of the session, we have a deeper
Dive session that will go into a lot more detail.
Think of this as part one. I highly recommend everyone
Tomorrow could back for part two tomorrow.
We will give the session code. With that let's get started.
Again as i mentioned we had quite a bit of questions around
Office 365 groups. Groups was launched over three
Years ago. We have tens of millions of
People using it, day in day out to get work done and we want to
Clarify a couple things. First i'm assuming you have
Attended the keynote on monday and there has been multiple
Sessions yesterday as well, but at the high level think of
Microsoft 365 providing a tool kit for teamwork.
Sometimes i tend to joke that collaboration is the new
Currency or collaboration is the new way or teamwork, but the
Companies that can get work done, that can collaborate are
The companies that are going to succeed. There's a lot of statistics and
Numbers that we share in some of those key notes on how we tend
To collaborate more and again the company that collaborates
More are the ones that tend to succeed and survive whatever
Industry you are in. The other point that i want to
Make on this slide is we don't think one size fits all for collaboration.
Maybe 20 years ago when kristoff entered the workforce there was
Only one way to get work done, a one page memo and if everything
Is signed then kristoff can go and write specs or whatever he
Is working on. In this i think a there's
Different tools for different jobs. That's what you see in the top
Part of the slides. Hopefully familiar apps that
You've been using for years or that have been recently launched
Like teams. All those apps, that tool kit to
Get work done is sitting on what we call an intelligent fabric
And that fabric is what we're going to talk about in the rest
Of the session and that fabric is made of azure 365 groups, the
Graph which is intelligence portion and all that in a secure
Way. We will be double clicking on
Office 365 groups in the rest of the session.
Now, the next question that we get quite often is, okay, chris
Off, you get a tool kit, but i'm still confused and specifically
Where should we start a conversation to get work done?
That's what these slides try to clarify.
Where do i start a conversation to get work done?
And typically you need to think about what are you trying to achieve?
Are you collaborating with your direct report?
Is it a practice, is it a project? that will define the type of
Conversation you need to do. For instance, we have the inner
Loop. Think of people collaborating on
A project, they get clear deliverable, they need that
Immersive experience, day in day out, whatever they're trying to
Ship, whatever product they're trying to solve, whatever the
Task, the folks in the inner loop i know the ten people
Working with me to achieve that common goal.
The best rule for that, that's microsoft teams. On the opposite you get what we
Call the outer loop which is think of a test or practice, in
That case i need to reach out across the company, i need to
Tap the collective knowledge and find the experts that help me
File a patent or unblock me on whatever issue.
I don't necessarily know everyone but i know this is the
Place where potentially someone will help answer my questions
And that's the tool for that that is suited for this type of
Conversation is yammer. And then last
But not least for targeted conversation the ub
Quity of e-mail, it's a tool that has been tried and true,
Has been around, we continue to believe in that mode of
Conversation to get work done. Now, all those three
Conversation options that you get are using a common fabric.
Whether it's a project using team or a team using -- a team
Collaborating on a project, whether you are interested in
Yammer or whether it's a group of folks collaborating in
Outlook, all the content, for instance, should be in a single
Repository and that's what sharepoint gives us, all those
Things we are going to be creating needs to be secure and
That's what sharepoint gives us. At the bottom, again, the glue
On all those apps is office 365 groups.
Now, to drive the point forward we have a third slide on this
And hopefully we will qualify what is office 365 groups.
So, again, like was mentioned in a couple slides think of it as a membership service.
A group is a group is a group, it's an object in azure active
Directory and that's it. Obviously i'm simplifying it but
It's got a couple properties that make it special.
It's got that one definition of a team.
One place to manage membership. One place to manage ownership.
One place to manage specific attributes. As you will see number so of the
Demos the other benefit of groups is we have this notion of
Resources and loose coupling. Wherever you create a group, for
Instance, you create a team or go in yammer and create a group
On yammer we are going to end a sharepoint team site.
That's done automatically, end users don't need to think about
That. What's the flow on users, it's
Typically an end user is growing in the app of choice to get work
Done, to do teamwork, they will create a group and then on the
Back end we -- they will type in a name, description, maybe put a
Little picture avatar, define a set of members, all that
Information is actually being pushed to azure active directory
Which is the master for that group. And then on the back end, like i
Say, we add additional services, all that transferring to the
Users and in seconds, obviously the end users doesn't need to
Know about azure directory.
To drive the point further on how group is important to
Teamwork there are nine applications if you like that
Are built on groups today and that first slide only shows a glimpse.
Outlook and sharepoint has been the first ones but some that
Weren't in the prior slide's planner, right, that launch
About a year ago, microsoft stream that we've launched in
The spring, staff if you've never heard of it think of shift
Scheduling for retail or if you are in the hotel business, that's every time you create a
Schedule you create a group, an office 365 group.
Obviously on power bi those work loads have been using groups
Also for a while. The point i want to make is
You've hopefully a lot of us on the journey to 365 but what i
Want to stress is anything that requires more than one person to
Collaborate it's built in using office 365 groups. So hopefully that first section
Clarifies that. I will do a quick demo and then
We will dive into how do you manage office 365 groups
At scale.
So to illustrate that notion of a membership service i will do a
Demo that we started showing yesterday that a lot of you have
Been asking which is historically i might have lots
Of sharepoint team sites with valuable information that help
Me graduate into this vision that you have for teamwork where
I want modern team sites. I want more than just a team
Site, i want maybe conversations, i want maybe planner for task management,
Maybe i want an easy -- a central place to manage
Membership, et cetera, et cetera. So i'm going to be showing you
As i'm going to -- what we call group ify i'm going to upgrade
An existing site collection map
To groups. What you are looking for is
Standard team sites and it's as easy as a couple
Clicks. Here i'm the owner of that site
Collection, so here is a new button connect to office 365
Group, i click on that button and there is a wizard that
Reiterates the benefit of upgrading that site to one
That's tied to groups and it's got a simple field, maybe i will
Make that site private initially, connect to groups, i
Can add additional owners, i'm not going to do that and just
Hit finnish. What it does is it converted to
Modern team site as you can see it's got the modern web part,
Connectivity, all the documents, all the glory, all the
Investments that the sharepoint team has been doing in seconds.
Certainly i've got this, but guess what i have a lot more.
So let me show you the back end. This fuel reps north america
What i'm going to do is prove it to you that the membership is
Now an office 365 group. What i did is i switched to
Azure active directory, the portal, and in there was a way
To manage groups and you will see us do that a few times
During this session. You will just refresh the screen
And pull out all those objects for contoso
And let me scroll to if we can find fuel
Reps north america
And voila. There is just one user but i
Wanted to prove it to you that membership has been elevated
From being managed at sharepoint
Ctory. To prove it to you that it's not
Just upgraded or modern team sites, if i click to
Conversation -- i guess it's not quite ready, but anyway, you
Would get to, for instance, in this case the shared inbox that
Comes with the group. We still have a little work to
Do but hopefully you get the idea that in seconds i took my
Team to the 21st century so they can do teamwork.
Ins i'm talking about sharepoint one thing that you've always
Been asking us is make it easier to manage team sites that are
Mapped to groups and i'm also happy to be doing a demo on how
We improve the administration. The share point team has been
Working hard to deliver a new admin center to help you manage
Sharepoint team sites at scale and in this flight you see this
Is the sharepoint admin center, here i have a link toe top, try
The sharepoint admin center. Here
Is the new view and if i go to site management here is all
The team sites, the regular ones are the ones being managed at
Groups. Yes, you can continue to use
Power shell if you like but we brought it in a user friendly website.
There is a dedicated session on sharepoint center tomorrow morning.
So that concludes this first demo to illustrate the notion of
Grouping a membership service. Now, let's switch gears and talk
About managing groups at scale.
The first question before we jump in that typically has been
Causing some angst and some push back or question from
Administrators is this notion of self-service.
What i mean by that is groups by default everyone can create a
Team in teams, a plan in planner, a group in outlook, et
Cetera, et cetera. The question is why is this so
Important and how do i do it at scale. Here is two
Statistics that our marketing team just published,
But at the high level 80 of employees admit to using
Non-approved software as a service application.
In this industry we also call that shadow it.
I don't know if that's the case for everyone here in the room
But it's just a reality. There will be some shadow it in
Any organization because in this day and age kristoff the young
Graduate from university, i've got a mobile phone and if i'm
Not given the tools to collaborate i can easily install
The app du jour on my phone and voila.
My patience, is only going to go so far.
I'm not going to wait two months or four days to get a place to
Collaborate with my team. So the companies that have
Enabled cell services, like i say, groups has been around for
Over three years, they have fallen into two buckets, yes,
You can do self-service, that's what we call the open bucket,
But do it in a controlled way. Put around some plans and
Checks. Yes, you want to create groups
But those groups should be classified. The rye minder of good usage and
Groups. That's what we call the open.
For instance, we were just earlier a session from our
Microsoft it colleagues that we are talking managing groups at
Scale at microsoft. Microsoft we have enabled
Self-service but we've definitely put a lot of
Governance to make sure everything abides by our
Internal policies. The second bucket which is troll
Which is that's companies that disable self-service for the
Organization and typically the use case is on that journey to
The cloud let me maybe do a pilot, let me maybe do a
Prototype with marketing and only enable folks in that
Organization to be able to create groups.
And typically as companies are graduating as we are boarding
People to the cloud, as we are learning, celebrating successes
Then we start expand to go more and more users.
The idea overtime is you completely remove the block and
Go back to the first bucket where it's self-service in a
Controlled way. Last but not least.
Red bucket is again based on the people that are using groups
Today, those are common things regarding where you fit in,
Whether you enable self-service or control who gets to create
Group there is a common set of things you should be doing.
There's processes you need to put in place with your ticketing
System and help desk. If kristoff accidentally deletes
A group how can he open a ticket to get it restored?
If kristoff leaves the company abruptly how do we make sure
That that group that didn't have an owner is assigned a new owner.
Et cetera, et cetera. So during the next 45 minutes or
So we're going to go deeper into all the things you need to config to do all those things
Successfully. Back to you.
>> Thanks, kristoff, for starting us off.
As kristoff mentioned, the importance of self-service to organizations.
It is by far the only way that you as organizations can utilize
The full power of the microsoft 365 tool kit.
So let's talk about that for a bit. It's one thing to enable self-service but how are you
Going to sustain it at scale? that is the key problem that all
Of you are facing today and the rest of the session here is
Talking about what are the tools and capabilities that we have
With office 365 groups that help you manage and sustain keeping
Self-service enabled for your all right. So the first policy that we have
Is group creation permissions. I know it's contradicting the
Statement i just maed to say, hey, you have to keep
Self-service open, which is the ideal case that we want
Everybody to reach, but we do understand that there is a
Practicality to the situation based on where your cloud
Journey is today. Perhaps you haven't completed
All of your deployment, perhaps you haven't rolled out all the
Guidance that you need and during the course of which you
Want to restrict or control group creation and allow only
Certain people in your organization to create groups.
It's possible today and we will be giving you a demo shortly as
Well about it. But the key part here to note is
That there is -- you know, you can use a security
Group, for example, there are schools where
They want only teachers to be able to create groups, they do
Not want students to create groups.
The way you would manage that at scale would be to create a
Security group, add all the teachers in there and use that
To manage how they will control group creation for you.
Better yet, do it with a dynamic group.
So that when new teachers come into your school they are
Automatically given the permission to create groups and
It will help you scale. One thing to note here, please,
Is if you restrict a user from creating groups, this user is
Restricted from creating groups across outlook, sharepoint,
Teams, et cetera. So this feature here is at an
Aad level so please be aware of it.
We've seen cases where people are restricting group creation
But forget about it. So please take the time to
Revisit this policy once you go through your cloud
Journey. >> Naming policy.
I want to hear some noise for this feature, come on. [ Applause ]
>> So we're happy to announce naming policy at ignite.
This is currently in preview. Please let us know if you are
Interested in participating. But this is one of the most top
Requested features by all of you and it's there, it's alive and kicking.
So two things here that i wanted to mention, clarifying.
We always have the ability to create naming policies when you
Create groups in outlook, but what happens when you go to
Create a group from planner, when you create a group from
Sharepoint, those naming conventions are not applied.
So with this feature what we do is we elevate the naming
Conventions at the aad level so now you can enforce all your
Naming conventions --
>> Sorry. >> Sorry.
So you can enforce your naming conventions at an aad level and
It enforce it is across all work loads, be it sharepoint, be it
Teams, be it outlook.
There are three things here naming policy that you need to
Be aware of, there is the suffix, there is the prefix and
Blocked words. For example, if you want to, you
Know -- there are schools in a particular district, there is an
English 101 class in this school, there is another english
101 Class in another school. So there is an english 101 class
In this school and there is another english 101 class in the
Other school. So how do you differentiate
Between the two or how do you tell them apart?
You could use naming conventions to clearly identify which
Classroom or which class is associated with school.
Similarly, if you want to think about, hey, how do i find out
What are the groups that my management department is
Creating, our marketing department is creating,
Similarly you can use the naming conventions there.
Blocked words. For example, you don't want hr
At contoso.Com to be taken up as any of your users so you could
Use that as blocked words so that users are not able to claim
That. For example, even
Satya@microsoft.Com we don't want that to be a group that i
Am, right? from a guidance perspective
Please think about it while you enforce these policies, keep it
Short and simple. Think about it from a users perspective.
If you have really long names and each you when you are
Looking through a laundry list of all these groups in your
Organization, it's going to be rather difficult to tell one
From the other if you don't have clear guidance on how to name
Them. Expiration policy, yet another
One that you guys have been requesting time and again, time
And again, yes, you got the [ inaudible ]. Come on, let's do this.
And happy again to announce this at ignite.
This is in preview currently. So what does expiration do for you?
It helps you keep the resources that you need and do away with
The ones that you don't. For example, when you have
Self-service enabled for a lot of users projects change, people
Move on to different things and lifetime of the project is done.
You want to make sure that whenever these
Resources are --
>> The reason you can manage the set scale is because the way
Once you set a group for expiration and you can onboard
It based on time periods -- [ no audio ]
[ No audio ] >> -- you've sent a notification
To groups who have owners, what about groups that do not have
Owners, either the last owner has left the company, something
Has happened, a group can get ownerless. We also have the ability for you
To set an e-mail address -- [ no audio ]
>>> -- For the ownerless groups will be received and we will
Show that to you in a minute in the demos.
This is how microsoft it has onboarded and been using
Expiration for a bit and we are seeing some really great usage
And feedback coming out of it. Some things to note here based
On guidance that we've been working with companies around is
Please be sure to send out some kind of notification to your
Users before you onboard this policy.
Just to set expectations with them to say, hey, this is
Happening, we're doing this. Please look for this kind of
Notification because, you know, when suddenly all of a sudden a
User sees an e-mail they don't understand what's going on, et cetera.
Please do that. The other aspect here was also
Around partnering with your help desk teams.
Many times we've seen where, you know, an owner has gotten a
Renewal e-mail, they are off on vacation, they come back after
Some time, uh-oh, the group has expired. What do we do now?
Or they don't understand where this expiration e-mail is coming from.
They typically call help desk and you don't want them at the
Taj where they don't understand what to do so please partner
With them as well. For all those oops e-mails as we
Said i might need that one last bit of information from the
Expired group, et cetera. We have the soft delete and
Restore. So life is giving you a second
Chance here. If a group is deleted so it
Remains in the soft deleted state for 30 it days from there
When you restore the group all of its content can be restored,
Not only the active directory object or the members but at
This point you are restoring the conversations, the files, the
Chat, et cetera. Whatever is associated with the
Group, everything comes back to life. After 30 days it is hard
Deleted. Like i said, please do
Communicate the restoring process with your users.
We have seen a lot of oops
All right. Enough talking let's get to a
Demo, then. Okay.
So this is your familiar azure portal, azure active directory
Portal, if you are not familiar with it then please do
Familiarize yourself.
This is your top level node and you have something called a
Group settings here that you can
Go to.
We're talking about the expiration feature here, so you
Can see there is the expiring tab, click on it and it says
Clearly it's in preview. All right. So here is where you set the
Lifetime on, you know, which groups after which time do they
Want to expire. This is a place where you can
Select the names for where the e-mail for the ownerless groups
Need to go to. You can either set expiration
For all the groups or you can onboard particular groups based
On name. Let's try and
Do that. Simply select it and these are
All the groups that have been set for expiration.
Now let me cut to the chase and show you the wrong renewal
E-mail -- no, the right one this time. So this is what an owner
Typically gets when groups are onboarded on to the expiring
Engine, they get an e-mail like so which tells them exactly that
The group is going to expire and a call to action to please renew
The group letting them know that if the group expires then all of
The content is gone as well. Clicking on the
Renew button gives us success and that's
That. For the ownerless groups, like i
Said, this is a very similar e-mail.
I had put my e-mail i'm megan for the session so i put my
E-mail in there as you can see.
And so megan gets this e-mail and because gault has left the
Company and hence the group has become ownerless for this group,
I get the same e-mail and i can renew it right from here.
Now, let's go to soft delete and restore.
Give this a minute. The point here is that soft
Delete and restore you can do that restoring capability of a
Group, you can do that from your eac itself.
No need of knowing power shelf for this.
You can just come to the ui and get
That going. You can see there is a status
Call and there is -- it clearly
A not saying groups are deleted and then you have a button here,
Right from here to restore.
Continue. Yep.
Oh, okay. But trust me,
It works. All right.
I will wait for you, kristoff. >> Okay.
The first demo i will go over is this motion of controlling who
Gets to create group and in this case the persona is lee and lee
Unfortunately didn't make the cut to be able to create groups.
As you can see i want to be very clear. Disabling creation doesn't
Prevent the users from being a member and actively work in a
Group, whether it's in teams in outlook and so forth.
So let me put it to you that lee cannot create a group, i go here
In for instance in outlook, i troo to click create group and
It says the ability has been turned off and, you know, let's
Try to -- let's try a back door, let's try to add a team in teams
And i don't have that option. Let me try to do the same thing
In planner and same thing it's been disabled.
The point sieve' talked to a couple customers early on.
Yes, in the group there was a policy in exchange only but i
Was only blocking from creating groups from the outlook endpoints.
If you really want to truly block group creation across all
The apps, those nine applications that i listed it's
In azure active directory that you need to do that.
Let me show you a glimpse of what i did in this demo.
Let me switch to alex who is the administrator for contoso.
Back in azure it's a well documented process but we've
Created a security group, in this case i wasn't too creative,
But basically it's called hello to create groups and in this
Case to make it a little smarter that security group the member
Sieve is actually a dynamic membership. The dine row is, again, maybe
It's it, maybe it's marketing, maybe in the case of education
It's staff or teachers. You don't want to manually
Manage how many teachers do i have in my school district and
Every time someone joins add them to the active directly
Like, again, from a -- the theme here is how to manage group at
Scale. You the administrator do not
Want to beat a bottleneck, you don't want to be managing every
Time someone joins or leaves. Here i have set up a dynamic
Membership, because i was having fun on the demo i say everyone
In the u.S. Can create a group except for the poor lead that i
Prevented. You get the idea. The recommendation, obviously
Create a security group but don't just manually put the ten
Of you in it, put a dynamic membership. Okay.
And the -- that leads into the next demo which is naming policy.
So in this case since i cannot create a group with lee i need
To show it to you a naming policy being applied from a
Different persona. In this case i'm patty, again,
That wonderful contoso and patty
Is going to start creating a group from in this case outlook
On the web and i'm going to type some letters and
You can see here
That g 1 has been prefixed by three letters, grp and then
Suffix with operations. Basically what we did we put a
Hard coated spring as a prefix and as a suffix we put the
Department of the users creating a group.
So again i get a glimpse, you know, before creating a group,
But guess what, let's create a group in sharepoint.
Patty is going to go in sharepoint, create a team site
And maybe we can go g 2 not being very creative.
Again, not naming policy, it's showing me in green what it's
Going to look like and i can hit next and voila -- maybe not.
Anyway, i will keep going. And to show it to you last but
Not least let's create a team in teams. So i create a team and in this
Case i will go g 3 and you can see --
[ No audio ] >>> when i hit next grp for
Group, the name i gave and the department of the user creating the group.
Ct-[ no audio ] [ no audio ]
>> What's going on, right? so definitely think of the end
Users and don't go too crazy on prefix and suffix.
And then the second thing i want to mention that i learned way
Back down in engineering school, garbage in will equal garbage out.
If you're doing dynamic attributes aka the department
Of -- [ no audio ]
>> -- Guess what, it's just going to be blank names so it's
Not really going to leverage the naming policy that you apply.
So you've really got to groom your attributes in active
Directory at the user level to make good use of that if you get
Dynamic attribute. Let me show you briefly those
Settings -- i know i said i wasn't going to show you partial
But i couldn't resist. I wanted to prove it to you --
Actually, no, i'm going too fast.
One mortem mow. I've shown prefix and suffix.
The other thing we've done with naming policy is block words.
Maybe patty is on a roll and patty is going to use some very
Bad words in french and -- it's not working.
Okay. Let me try -- let me try here in outlook.
So the other thing we've done is not just prefix and suffix but
Blocked words. Here i'm typing some letters, i
Will let you figure out what this means, but the point is
This beautiful french word in the name cannot be used, right?
Now, it doesn't have to be a french word and nothing against
French words, i try to say i'm french but, again, think are reserved words.
Just like satya nadella, you don't want someone to prevent to
Be the ceo to get confidential e-mails.
You don't want create to create sales at contoso, you want it to
Be a reserved name for your sales team or something.
Think of blocked words not just blocking bad words but also
Blocking reserved names so you have law and order.
Okay. I've showed you blocked words.
The last thing i wanted to show you is, again, how did we do all
Those i think so this. Again, plug in for the session
Tomorrow that mike and dj will be doing at 12:30.
They will give you the inside out. Basically we've done a couple
Things through partial. We've set those custom block
Ward lists, you see that word here that i blocked, you can
Also see here the naming policy with the hard coded prefix, here
Is the group name of the user and more importantly the
Department of that user. And then the last but not least
To show you that this was real to control the creation policy
Here you give it a good, so global unique identifier of that
Security group that you created and use dynamic membership.
This is how you do all those settings. Let's switch gears and let's go
Back to the slides. So the next topic we have
Hopefully given you a couple -- a couple starting points to
Manage groups at scale. Obviously the second question
That's top of mind day in and day out is how do i keep everything secure.
And it's not just secure, i'm sure based on where you operate,
What industries, what country you have on internally you will
Have a set of governance and regulatory policy that you need
To abide by, right? if you are a bank, if you have
Traders working on wall street in the u.S., You have to retain
That data, i think it's five years.
If you are in healthcare, same thing. You might have to retain data.
Or internally if you're filing patents to protect your values
Assets your legal team might have specific guys to protect
Those documents or conversation. If the company is in sued you
May need to put some in discovery, et cetera, et cetera.
That's the next couple slides i'm going to talk about related
So this is a pretty busy slide but let me try to give you the highlights.
We do have a mechanism to set governance at groups.
At the very top typically what we recommend is set what we call
Usage guidelines, i will be demoing that later.
We are all humans. Yes, self-service is great but
Let's remind kristoff how groups should be used and how they
Should not be used. Let's remind kristoff that if a
Group has confidential information it should be private.
Let's remind kristoff that if a group has maybe customer
Information we cannot have guests enabled for that group
And that list goes on and on. I'm sure you will have a digital
Charter that your human resources department has that's
Published on your internet, same thing applies to groups, let's
Remind the users of good news and bad news.
The second thing that you should be setting is what we call classification.
We know to the all groups are created equal, are not used same
Way and have different shades of sensitivity.
For instance, us and microsoft we are basically three tier,
Low, medium and high. If a group is high, that means
Typically like i said it contains customer information, financial information, blah,
Blah, blah. If it's high and it should be
Private and guest access meaning inviting folks outside of the
Directory should be disabled but the list goes on, right?
You can imagine all the policy that apply based on the taxonomy.
Basically you want to set that up front at the self-service
Moment you want the users to start applying or classifying
The groups in the right way. The next thing you want to set
Is what we call retention policy.
Now, again, there is actually full track and a lot of great
Sessions this week about that, but again based on regulation or
Based on what your legal teams has asked you to do you might
Have to keep information for a certain number -- period of
Time, whether it's one year, one day, seven years or
Indefinitely. And it goes beyond that.
There's also industries where it's the opposite.
You need a deletion policy where you don't want to retain
Information older than x, x is a day, x is a year, whatever it is.
And then the last thing that you've got to canner this notion
Of labels. Labels is something we've
Introduced back in april in 365 and think of it as a mechanism
At the granular level to tag information, let it be an e-mail
Or a document and you can do that manually or automatically
But the idea is when you tag let's say a conversation or
Maybe a document for a patent, that label is then going to be
Tied to a policy, for instance, a retention policy.
If this e-mail is about a patent we're filing, if this document
Is about a patent we're filing those two should be retained
Let's say for seven years. Again, there's extensive content
This week and we forgot to mention all the slides by the
Way i see a lot of people taking pictures, you can download them.
Highly recommend in all the slides there is extensive link
To the documentation with respect to all those topics.
Labels you're going to see it's a long scroll.
Definitely read up on that and see if it fulfills your
Regulatory or government's needs. The next thing i want to talk
About with respect to governance is guest access.
Again, guest access is something we actually demoed at ignite
Last year in atlanta and we've delivered over a year ago that
Millions of people are using and the reality is very simple, you
Have to stay on edge, collaboration is the new
Currency but there's always that project where you need to bring
Someone from the outside, you need to bring benjamin from
Montreal because he is the expert and the one who is going
To help me on my project. I into he had to bring that
Event person who is going to be setting up a booth at a
Conference in orlando. Et cetera, et cetera.
But you needed to do that in a controlled fashion and that's
What we've done based on the feedback we heard from a lot of you.
Can you white list or black list specific domains? yes.
Can you block adding guests at a group level?
Yes. Can you enforce [ inaudible ] so
That when benjamin was added every 30 days i need to confirm
That he need needed to access that information? yes.
And the list goes on. So again, absolutely leverage
Guest access but definitely think based on your policies
About putting some of those mechanisms so again you don't
Have things leaking and you are doing things in a controlled fashion.
Again, extensive documentation on that topic.
And the last thing i want to do before i jump to demo is this
Notion of reporting. I'm going to repeat one more
Time like self-service is great, but you as i.T. You audit to be
On top of your games. Let it be -- let's see what
Groups are being used most, let's see what groups are
Potentially being to be running out of storage or just making
Sure that i stay on top of what my users are doing.
Why is shopa deleting 20 groups? is she thinking about leaving
Contoso and trying to wipe a lot of valuable data?
Maybe i need to step in or talk to a manager.
We have that mechanism where you as i.T. Can monitor those group
Activities and set alerts so that potentially if you see a
Red flag you can step in and k proactive versus being reactive.
Again, this topic of reporting is endless.
There are great sessions this week that talk about some of the
Great -- some of the recent innovation we've done to help
You monitor and -- usage and stay on top of how people are
Using office 365. So with that let me show you a
Couple demos.
So first we are going to go back to patty and i want to show you
This notion of usage guidelines and classification.
Here i'm showing new outlook but you can do the same thing the
Same up here is in sharepoint and teams and so
Forth. So let's do a group again.
And a couple things. So first is the classification,
It's medium and actually let me stop zooming.
There's an information box and it's telling me what is the
Taxonomy that i have defined, low business impact, medium,
Blah blah blah, whatever is your taxonomy. So it's reminding up front the
Users what to do. The other innovation we did
Compared to a year ago we've enabled you to set a default, we
Set the default for contoso as medium. It could be high, whatever it is, right?
So that again you make sure that you -- it's flagged early and
Then the user can maybe modify after the fact but at least you
Have a classification to start with. The last thing i want to show
You is this notion of usage guideline. There is this link with the idea
Of let's help the user understand how to use this in a
Proper way and remind the users what are the incorrect way of
Using this. So you can set a url for demo
For redirected group but think of redistricting users to your
Hr charter on how people should
Collaborate at your organization. That's a classification and usage guidelines.
Let me switch to administrative use, let's go back
To alex. No,
That's lee. So let's talk about retention.
So here i'm in the security and compliance center, there was a
Full track on this this week, if you are not familiar with it
Definitely attend some of the sessions and do the lab but here
In the security compliance there's many things you can do. If you go under data governance
There is this node called retention and what's super
Exciting that we've delivered back in april, we made it very,
Very easy to set a retention on all your groups or a single group.
Hit create, i get a little wizard
And i will say retention
Type, policy, hit next and here is the fun part.
So i can retain it for seven years, that's the default, or i
Can remove that and say forever and where it gets interesting
Is, like i say, you can also set a deletion policy.
No, just delete content older than x, right?
So like i say this could be forever, whatever i want to
Retain valuable information for five years or whatever it is, or
A day or go as deleting data that's one day old.
Okay. Now, i just hit next and this is
Where we made it europe easy. You can set a retention policy
And all the work loads. Let me show you here
Specifically what we added in april is you've got a single
Node for office 365 group and i can pick and choose.
You know, for instance, the marketing campaign -- maybe i
Don't want to complete but i can pick and choose specific things.
Maybe i have a forever retention policy on my engineering team, i
Want to keep all that data whereas the ticketing group i
Want to flush data, whatever it is. Right.
So you can pick and choose based on your needs.
So that's retention policy.
The next thing i want to show you is how do you manage guests
And make sure that guest access are being governed according to
Whatever your needs are. So to do that switching back to
Patty, let me go in here, let's discard this.
The first thing i'm going to show you is in this example
We've blacklisted or number one competitor. What this means is fabric cam is
Our competitor, we don't want anyone at contoso to add someone
From at fab k brick m.Com. So in this case i'm in a group
Video production and patty is thinking they can invite
Somebody from fabric in, i will just
Call it user@fabric cam.Com. Looks like i can do it.
Do you see this warning, there will be limited access to the group.
I think i can do it.
I save and, no, i cannot add a person from that domain. Okay.
First demo, black listing a specific domain.
Second demo we can be even more granular and in this case patty
Is part of the research and development group, this is what
We call a private group, it's got a high classification
Because it's got valuable information so, again, let's
Pretend that i'm not thinking, it's one of those days and let
Me just add my buddy at gmail, for instance, as part of our r &
D group in this case the gmail
Account -- story, i'm losing my steam -- the gmail account was
Not added, right?
The script that runs and disable adding guests at the group
Level. So that's to disable guests at a
Group level and to take it even further step --
[ No audio ] [ no audio ]
>> -- The partner sales team and think of that as all the account
That i need to approve, reject, et cetera and this is as
Granular as reattestation every 30 days if you want to be
Really, really granular. A test that each of those users
Can continue to be guests in a specific group.
Again, i know i'm going very fast. Get the link that i put in the
Powerpoint to know how to do all those things and in this one in
Particular since in public preview we're definitely looking
For feedback. So definitely kick the tires and
Give us feedback through user voice on how it can be improved.
The next thing i want to show you switching gear from guest is
This notion of uit want to be on top of your game.
One thing i've done here in this demo, i've set up an activity
Alert on anyone who deletes a group i want to be notified.
Now, this is just an example and you see here i get an alert, an
E-mail, we've detected an activity to one of our alert and
I can go directly to this im in the security and compliance
Center. So, again, if you are not
Familiar with the security and compliance center there is this
Notion of search and investigation, it's loading the
Data but basically we audit anytime someone creates a group,
Every time someone modifies a group, let's say a name, anytime
Someone added members to a group or anyone that deleted a group.
In this case i just set a rule for deletion but i can go in
Here and i can see what's going on. Wrong
Policy. Anyway, i can look at the
Details, i can maybe reach out to the users and so forth and
Again like i say potentially reach out to their manager why
Are all those groups being deleted, i can get additional
Information for each of the users.
So that's audit lock search. The last thing i will show you
From a reporting perspective is this thing: in this case i went
Back to the admin centers and there is a couple announcement
Earlier this week so i go to usage, we've announced a new
Role to access the usage data
And a gazillion reports.
I want to show you this group activity report. Think of this report of you
Again taking the pulse of the patient.
You can tell this is a demo
Tenant. Obviously we've been placing
Prepping but i can get how many activities there are
In yammer specific to a group, how many
Files are stored in sharepoint, how many e-mails are being sent
And i can be more granular and look at things on how much
Storage i've consumed. Other things people have asked
Are coming a teams, teams is maps to groups so i should also have a column.
That's coming, too, in the coming weeks or months. So with that let me just make
Sure i've done all the things -- yes.
I've done all my demo. Let me go back to slides.
Okay. So just to wrap up on those two
Sections we've showed you how to manage group at scale and showed
You how to govern and keep your group safe.
The next question is, okay, what are we working -- what are we
Working on next in the beautiful redmond kitchen.
Here is the roadmap and a lot of the i had ems we have already
Showed you on this inspiring ship navigating to the horizon.
Let me clarify. We say there is a couple things
Still in preview that i showed you that we're looking for
Feedback and i'm stressing this because it's true.
A lot of the things that we get in preview it's an opportunity
For us to make a change before we release it worldwide to all customers.
Expiring policy in preview, you definitely can use it.
We continue to gather feedback day in and day out.
Naming policy, same thing, it's in private preview by a few
Pretty soon we're going to expand that.
Guests also in preview. Default classification that is
When patty created a group, medium by default, same thing as
The description of that classification that i told you
You should config for your tenet.
That's what's rolling out. The next question is what are we
Working on as we speak. This is what we call in development.
This is not an exhaustive list but this is some of the key
Items you've been asking us to do.
Guests like i said is a key thing. Are we going to continue to
Improve guests to be even more granular? absolutely. One of the things we're
Currently working on is the giving you the ability of
Specific terms and conditions. Let's say i bring kristoff on a
Supplier when kristoff logs into contoso because he is from a
Splar he needs to read terms and condition before he enters
Contoso to get work done. Common use case.
Expiring policy, same thing, shopa showed you how you can set
A time frame, et cetera. We are not going to stop there
Based on feedback and -- feedback we got from you and
Some of the ideas we already have. Custom e-mail notification we
Heard you that maybe the e-mail we provide maybe you can
Customize it and make it more branded to your organization.
Sharepoint i already talked about.
Yes, we're going to give you the ability to upgrade an existing
Team site to group one, yes, we're going to able to manage
Sharepoint team sites directly in the user interface, continue
To use power shell but for those of you it's not your cup of tea
You can use the brand-new sharepoint admin center to do that.
One thing i didn't demo that you've been asking us with respect to sharepoint when i
Create a team site give me the ability to apply specific template.
That's also coming on the horizon.
Yammer it was a roadmap on monday and some of the
Highlights with respect to groups, yes, going forward
Yammer wants to use sharepoint as the default for its document storage.
Other things it's going to implement is enforce the naming
Policy we delivered in azure that i demoed earlier.
That's to leverage guest access that i already demoed quite a bit.
Other things if you are an international organization that you've been asking us is give me
The ability when i create a group and let's say i'm based in
Unit to have the data for that group store where the creator is physically located.
So the data at rest whether it's the sharepoint team sites or the
Shared mailbox should reside let's say in europe if i'm a
European employee. There is a section tomorrow that
Talks about our multi-geo roadmap. Last but not least teams, yes,
Teams there is a big bet on we are investing heavily, we just
Started releasing a glimpse of guest access, yes, we are not
Going to stop there. Msa supporting guest msa account
Has been an ask. Multi-support larger team has
Been an ask and there's more. Like i say, this is not an
Exhaust sieve list, there is an individual roadmap in all those work loads.
The call to action is monitor the roadmap as we're adding new
Items and status has changed using the roadmap url at the
Bottom of those slides. Now, with that let's go into the
Last section for today which is let's talk about getting started
With groups. >> All right.
This is something that all of you have kept asking us, how do
I begin my journey to enable groups in my organization.
This is something that we've put together by talking to all of
You in terms of what your needs are and speaking to some of you
Who have been successfully doing it. So let's talk about how would
You maximize success as you get started with groups.
First and foremost, please set your business goals.
What is it that you want to do with groups in your organizations?
Do you want to use it for project or there are many
Organizations where using it for record management, et cetera.
It's important to understand what your organization needs are
Before getting started there. The second point here is pretty important.
Today we are offering you a suite, a suite is outlook, share
Point, teams, so many things together and in order for you to
Take full advantage of all of this you need partnership from
All the different administrators as well in order to make the
Successful. So please make sure that you are
Talking to all of these administrators beforehand and
They are the ones who are creating a combined plan for how
Groups get rolled out in your organization because that is key to your success.
The next item there is about using latest clients.
All the features that kristoff showed, very, very similar to,
Hey, you've been asking us i want the ability to save a
Document to a group directly. I don't want to go to the group
And save it, et cetera. All these new capabilities will
Come to you using the new client. So please be aware of this and
Think through your deployment
Needs for -- for the latest clients.
Outlook 2016 is the key there for any e-mail based clients, of
Course, if you are on web access, that's great, you're
Already set. The other thing that we've heard
Time and again from people who have been doing this right and
Who have been successful is finding those groups that are
Successful in your organization. Kristoff showed you activity
Reports, et cetera, and you as administrators and business can
Go and look at which departments in your organization are using
Groups today and how successful they are and you need to be able
To look at them in order to amplify them and tell the others
Why they've been successful. This is how you can stoke the
Fire and help everybody else realize how groups are effective
Here. Last but not least i'm sure all
Of you have got many things going
On in your tenets today, you have existing tools that you
Use, for example, distribution lists or sharepoint team sites,
Kristoff showed you a great demo where you can take a steam site
And society that with a group and in the next few minutes we
Will also show you how you can take your dl and make it a group
As well. So these are some of the
Starting points, if you will, to say, hey, i don't have to go
Create my fresh new group. If you have existing things
Please use them, take them into the groups world.
With that as we are talking about we have the ability to
Upgrade distribution list to groups in outlook and i will
Show that to you. You can do this via power shell
Or via eac. There is detailed documentation.
Please look at it. We have a session as well so
Look through the recording for that.
Next up is the notion of associating groups with existing
Clean sites. We saw this.
Last but not least i want to emphasize that groups is a
Platform and you can use it for your application development as
Well to enable some of your line of business applications and to
Increase your business process integrations.
We have things like connectors where you can extend teams as
Well and integrations and sharepoint available to you to
Extend your line of business applications.
Lastly, as you go through your cloud journey please be aware of
Your licensing needs as well. Some of these features that we
Showed you require additional licenses.
So please speak with your sales and accounts team about your
Licensing needs. Detailed documentation is always
Available. Fasttrack. This is a free and great service.
Please use it. They help you onboard.
More importantly there is documentation there that you can
Use, it's localized in all languages so you don't have to
Do all the work, you can just use the documentation that we
Have, give it to your users and off to go.
With that let's see if my demo
Works. Thanks.
Like i was saying, we have this ability to upgrade ds right from
Exchange administration center, you can either click this button
Here or use the tool bar option. This shows you a list of all
Eligible deals in your tenant, pick one, select one, or select
Multiple. Please select all and all you
Need to do is click the upgrade and everything is taken care of
For you. What this is doing is actually
Taking your distribution list, creating a group out of it in
Azure active directory, talking all the properties of the
Distribution lists that were
There and putting them on the groups directly.
There you go. Upgrade is done just
Like that. >> Thank you, shopar.
Let's wrap up. So like i said, it's wednesday
Afternoon, we are still plenty of group session and the
Recordings i have already seen that this morning have started
To appear in youtube. Look at the one in orange on the
Bottom the one that between now and the end of the week and the
Others ones are the ones you missed you can watch after the
Fact. Definitely recommend a deeper
Dive tomorrow and they are going to go into deep into
Administration talking about hybrid and advanced
Configuration around managing groups at scale.
There is also a session that i will plug in tomorrow that's a
Repeat which is how to collaborate with groups in outlook.
That's at 9:00 a.M. That bottom session.
So what have we learned today? hopefully in that during the
Session we've, you know, showed you how group -- the membership
Service is a key ingredient for teamwork in office 365.
We've discussed over and over all the teamwork apps that we
Deliver in 365 are the ones that have been around forever or
Recently delivered using groups in some shape or form.
We then discussed how to manage group at scales, how to make it
Easier for you as admins enable self-service but still have some
Guide rains so you can sleep at night and not be stressed on
People not using groups i'm prop i recall.
We've talked also about how to set policies to abide by
Governance, whether industry or internal policies.
We give you pointers on some of the successful customers that
Have been on the journey have applied to get started with
Groups. Now, with that three take a
Ways, definitely attend some of the rest of the sessions and
Ramp up on some of innovations, think about
Enabling self-service with governance and consume all that
Documentation. Last but not least, i mean t
Give us feedback, we can't pretend we know it all.
A lot of the greatest things we've been showing you is thanks
To your feedback. Keep it coming and typically the
Place to do so is our technical community. With that we will be around
Ct-forward the rest of the week. Enjoy the conference and thank you very much for your time.
Comments
Post a Comment
Feedback and Comments: