Managing Microsoft 365 groups using Atria

Microsoft Online Group Management in Atria

Introduction to Group Management

Groups are a fundamental feature used to control access and make information sharing easier.  In the Microsoft 365 platform, there are four core group types, all of which have a core component in Azure AD.  Many features in Microsoft 365 are controlled via groups and even things like Teams sites are built on top of groups.

Atria offers Universal Group Management for all four core group types.  Core administration is now possible through the Atria UI.

The Core Group Types Supported

  • Azure AD Security Groups
  • Distribution Groups
  • Mail Enabled Security Groups
  • Microsoft 365 Groups

Each group type has different properties and features, the edit form will differ slightly across group types.  Note that there are currently some limitations with available APIs which may restrict functionality available for some group types.

The table below shows the different group types and their attributes.

Atria interacts with Microsoft APIs directly, data is retrieved from Microsoft and updated in real time, the time taken to complete tasks can be variable depending on group type. 

Distribution groups and Mail Enabled Security Groups can only be created if a tenant has a Microsoft Online subscription that has been activated.  The group selector will hide these two group types if Exchange Online is not activated.  (Exchange Online is activated when the first license containing Exchange Online is assigned to a user - this triggers the internal Microsoft provisioning process for Exchange Online)

Access and Security

Default Permissions

  • Microsoft Online Administrators role – has full access to create, update, read and delete all groups.  This is the default permission that will be granted to end-customer administrators if permissions have not been modified.
  • Reseller and Service Provider administrators will by default be able to manage on behalf of their customers.

Advanced Permissions Control

There are four core permissions available which can be added to Atria Security Roles, they are all contained under the Microsoft Online Service Segment. 

  • Create Group
  • Read Group
  • Update Group
  • Delete Group

Menu Access

The default menu item for accessing the group management feature is

  • Services > Microsoft Online > Group Management

Auditing

Atria audits changes to groups in the [MicrosoftOnlineGroups_AT] database table.  Changes are stored against the user who performed the change, and also any impersonation that has been included.

Note that any groups created outside of Atria will not have a created record within this table, but any subsequent updates to the group, made through Atria, will be recorded.

Dynamic Groups

Dynamic groups are not shown and cannot be created through Atria.

Synced Groups

Groups that are synchronized into Azure AD using Azure AD Connect cannot be edited.  Atria will let you view these groups but they will be read-only.

Creating Groups

The group selector allows you to choose the group type, once a group type has been selected, the group type cannot be changed.

For Service Providers using Atria to manage groups on behalf of a customer, the Groups will be displayed, created and edited in the context of the currently selected customer.  You can always see the currently selected customer in the banner.  

For examples sake, if you create a Microsoft 365 Group, you are provided with all of the relevant properties you’d like to edit.

If you create a group, then immediately go to edit the group, although the group appears to have been created, it can take time before the new group will appear in successive queries to the Microsoft API, if an error is shown, waiting a few seconds then trying again will usually resolve the problem. 

Editing Groups

Editing groups provides the same dialog used to create groups, simply select the required group from the list, and edit the properties as required.




Deleting Groups

Deleting groups just requires you to select the ellipsis, then select "Delete" on the main group management page.  You will be prompted to confirm deletion.




    • Related Articles

    • Atria v12.11+ System Requirements

      Overview  The following article provides the prerequisites necessary for the deployment of Atria v12.11+ into your environment.  System Requirements   Environment  Core servers for the platform should be domain joined. Before you can deploy Atria ...
    • How to Extend Automation of Microsoft Online Services

      Overview Since version 12.0, Atria has provided the capability to allow easy management of Azure AD and User-based subscriptions (such as Microsoft 365 and Office 365).  As a CSP provider operating at scale, you may have additional configuration ...
    • Atria Billing Setup User Guide

      Objective This article describes how to configure Atria to utilize the latest billing features. This document outlines the billing setup attributes that should be configured.    Applies to Introduced in Atria version 12.0.0 Billing Setup Overview To ...
    • Atria v12.11+ Deployment Guide

      Overview  This article outlines the deployment procedure of Atria v12.11+.  This article will also refer to other articles that may assist with your installation or upgrade. Alert:  In-place migration from any version of CloudPortal Services Manager ...
    • How to Migrate from Hosted Exchange to Exchange Online

      Overview This article provides an example of how to migrate from the Atria Hosted Exchange Service to the Microsoft Online Service.  It will cover the change in service as well as data migration.  The process will use the following free Microsoft ...