Demystifying Office 365 Groups - Part 2

Sriram Varadarajan
Enterprise Architect
Published On :   16 Nov 2016
Visit Count
Today :  2    Total :   1290

This article is a continuation of Demystifying Office 365 Groups - Part 1. This post covers the details related to Syncing Office 365 groups to On Premises Server and integration of Planner

Office 365 Groups can be synched to on premise Server

The group write back is an optional feature which will allow us to write back Office 365 Groups to our On premise AD. Below are the some of the points to keep in mind:

- This group will be represented as a distribution group in on-premises AD DS. On-premises Exchange server must be on Exchange 2013 cumulative update 8 (released in March 2015) or Exchange 2016 to recognize this new group type.

- The address book attribute is currently not populated in the preview. Without this attribute, the group will not be visible in the GAL. The easiest way to populate this attribute is to use the Exchange PowerShell cmdlet update-recipient.

- Only single-forest Exchange organization deployments are currently supported. If you have more than one Exchange organization on-premises, then you will need an on-premises GAL Sync solution for these groups to appear in your other forests.

- The Group write back feature does not currently handle security groups or distribution groups

Integration of Planner and Office 365 Groups

- Planner is a lightweight task management solution. It works in unison with groups and plans. When you create a plan it auto provisions an O365 group and vice versa

- We could find that all of the existing Office 365 Groups in a tenant show up as “Plans”. Every Office 365 Group has a corresponding plan and a plan can only be associated with a single group. In other words, a 1:1 relationship exists between plans and groups

- By deleting the plan, the underlying Office 365 Group and all its resources will be removed. Office 365 Groups don’t currently support a soft-delete capability, so a mistake made here can lead to data loss.

Group Membership

An office 365 Tenant admin could view the created Groups in Office 365 Admin Portal, Edit or delete a group. By default, any user can create a group using OWA.

The only way to control group creation is to implement a restriction through OWA mailbox policies where a new parameter (GroupCreationEnabled) dictates whether users can create groups. We can apply an immediate block by amending the default OWA mailbox policy as follows:

Set-OWAMailboxPolicy –Identity “OWAMaiboxPolicy-Default” –GroupCreationEnabled $False

Alternatively, we can create a new OWA mailbox policy that has the GroupCreationEnabled setting disabled and assign that to specific users. For instance:

Set-CASMailbox –Identity ‘John Smith’ –OWAMailboxPolicy ‘OWAMailboxPolicy-NoGroups’

But as of now owa mailbox policy wont stop user’s from creating Office 365 Groups from Planner. (Hopefully, it will be addressed soon by Microsoft)


We cannot recover a group that is deleted by accident as Office 365 does not currently offer a restore method. We could apply In-Place Hold on office 365 groups preventing the data loss.

Restricting group creation

Through Azure Active Directory administrator can restrict group creation to users.