There were a lot of sessions about Office 365 Groups at last month’s Ignite conference. New features were demoed, tips were shared, roadmaps were revealed.
Amongst all of it there is one slide that really stood out for me.
This slide was used in at least two sessions that I’ve looked at so far. In one session, the Microsoft presenter glossed over it super fast. In the other, an MVP briefly described the details as a good thing, because most of their customers who would want the premium features already use Enterprise Mobility + Security which includes Azure AD Premium P1 or P2, depending on which EM+S SKU you purchase.
Update: Microsoft has now added a support document explaining which Office 365 Groups features and capabilities required Azure AD Premium licensing.
To summarize, here’s what you can do with Office 365 Groups at no additional cost to your Office 365 subscription:
- Create, read, update, delete (Groups)
- View the Groups activities report (intended to help you identify inactive Groups or those not fully utilizing all available features)
- Soft-delete and restore (this is the deleted Group recovery process)
- Block or allow Group creation by users (admins can always create Groups)
- Use hidden membership
Here are the features that required an Azure AD Premium P1 (or higher) license to use.
- Dynamic Group membership (dynamic groups are those based on queries that you build in the Azure portal, e.g. “department = “Human Resources”)
- Self-service Group management via the Azure AD access panel (myapps.microsoft.com), not via other workloads like OWA, Planner, Teams, etc
- Granular Group creation permissions, such as blocking Group creation for all users but allowing it for members of a specific security group (I demonstrate these here)
- Group naming convention (e.g. preventing users from creating Groups with names like “CEO” or “Payroll”)
- Groups expiration (a time-based approach to expiring and deleting Groups that the owner no longer wants to keep)
- Usage guidelines (literally just adding a URL to direct user to a web page, currently only used in OWA when creating a Group, yet to be added to other Groups-based workloads like Teams, Planner, etc)
- Default classification (you define the classifications, and this setting applies the one you choose to be the default if the user doesn’t specify one)
Refer to the support document for details of how many Azure AD Premium licenses you’ll need in each scenario.
Tony Redmond also covered this announcement in a recent Petri article, looking at it from different perspectives, and criticizing the nature of the announcement.
Introducing a change like this without any warning or documentation came as a real shock. It is unconscionable for Microsoft to suddenly look for licensing fees when Office 365 tenants have used a feature for over a year, especially when the feature is such a critical management tool for so many applications.
I agree with Tony; it is unconscionable. It also stinks, and is an anti-customer move that is truly disappointing to see.
Microsoft has pushed Groups hard since the feature was first launched. And so they should. Groups are useful in many scenarios, and the apps being developed on top of Groups are generally good, although still unpolished.
Groups are the default group type when you click on Add a Group in the Office 365 admin portal.
Groups are plastered all over the Exchange admin center.
If you try to create a distribution list in the Exchange admin center, Microsoft reminds you once again that Groups exist. At one stage in the recent past, creating a new distribution list actually took you to a new Office 365 Group creation page, ignoring your intent to create a distribution list. That has thankfully been fixed, and replaced with this yellow banner.
Groups can now be created by converting eligible distribution lists (including by group owners who are not administrators).
Planner plans create Groups. Teams teams create Groups. StaffHub creates Groups. SharePoint Team sites create Groups. Yammer has some sort of Groups-ness as well. They’re everywhere.
And now adopting Groups comes with a price. Yes, the Groups themselves are free to create and consume. But if you need to exert some control over how Groups are created, you need to pay.
Some of those features, such as granular Group creation permissions, have been released into production well before the Ignite announcements, without any specific licensing requirements. As such, customers have been making good use of features that now require additional licenses to be purchased. And charging extra for basic stuff like adding a link to your organization’s Groups usage guidelines is baffling.
Other capabilities listed above (dynamic groups, self-service via Azure myapps, and expiration) have been a premium feature requiring additional licensing since they were released. That’s fine. I don’t agree with charging extra for them, but at least they were launched as premium features and customers could make a decision whether they needed them or not.
The rest should not be paid, premium features, in my opinion. Especially the Group creation permissions, which has existed and been utilized by customers long before the announcements at Ignite last month. For the last few days I’ve been mulling over that one and I honestly cannot come up with a justification for charging extra for the ability to prevent Groups from being created by every user in your organization. Office 365 already has a problem with features you can’t really turn off. The marketing message that Office 365 helps you to “gain IT control” is become less true as time goes on.
I hope Microsoft reconsiders their position on this, and removes the Azure AD Premium license requirement for what should be basic features of Groups. If they don’t, then it’s a stain on what should be an increasingly good story about what Groups can do for the customers that want to use them.
Note: this article has been updated on 19/12/2017 to include new details released by Microsoft here.
Pingback: The Price of Office 365 Groups | 365ForAll
We avoid some of the license limitations by using our own Site Provisioning Solution. End-user request an Office 365 Group. IT approves and a naming convention is applied and a Group is created. That said, it doesn’t cover all of them.
I definitely agree with you. We get Groups but for real management customers have to pay a lot of money.
I am posting a link to your article on my blog 🙂
Curious if disabling end-user creation falls under premium licensing.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Apparently yes it does.
Does anyone know a way to see which Office 365 license plans include Enterprise Mobility + Security (and thus Azure AD Premium)? We have to gauge the impact for our customers.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
None of the Office 365 plans include EMS.
EMS is a separate license that you can purchase (there is EMS E3 and EMS E5 to choose from). Or you can purchase the Azure AD Premium licenses separately.
Fantastic article! Great information and very well written. Nice job Paul and thanks for taking time to write this.
very enlightening, great article, thx for the update!
But are Azure Groups the same as Office 365 groups?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
If you “Enable Office features” when creating the group, then yes that is an Office 365 Group (big G).
Does the group have different store than user mailboxes.
Mails sent to Groups are stored separately than user mailbox?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The Group mailbox is a separate mailbox. But if you’re “subscribed” to the Group mailbox, you get a copy of the same emails in your own mailbox as well.
For group name convention and create permission you need AAD P1 does this require 1 AAD P1 license? Or do all users need a license?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
From the information I have right now, it seems that all users will need a license for you to use those features.
Curious how they will check this this because the admin configures a name’ing convention , what happens when a user creates a group without having a license. Same applies for group creation permission.
Sure you can disregard it and purchase 1 license, and MS might not check. But you would not be license compliant.
Groups blindsided many an administrator in the first place, so arguably, preventing users from creating groups should have been the default situation. Now to take that control away, is again going to blindside many.
The nature of Office 365 is becoming more and more that of one great big beta.
Great article again and absolutely agree. I hope they will reconsider because these kind of moves will make me promote on-premises deployments for my customers all the more.
Pingback: First Steps: Configuring Office 365 Groups Settings