Managing Microsoft 365 groups using Atria

Microsoft Online Group Management in Atria

Introduction to Group Management

Groups are a fundamental feature used to control access and make information sharing easier.  In the Microsoft 365 platform, there are four core group types, all of which have a core component in Azure AD.  Many features in Microsoft 365 are controlled via groups and even things like Teams sites are built on top of groups.

Atria offers Universal Group Management for all four core group types.  Core administration is now possible through the Atria UI.

The Core Group Types Supported

  • Azure AD Security Groups
  • Distribution Groups
  • Mail Enabled Security Groups
  • Microsoft 365 Groups

Each group type has different properties and features, the edit form will differ slightly across group types.  Note that there are currently some limitations with available APIs which may restrict functionality available for some group types.

The table below shows the different group types and their attributes.

Atria interacts with Microsoft APIs directly, data is retrieved from Microsoft and updated in real time, the time taken to complete tasks can be variable depending on group type. 

Distribution groups and Mail Enabled Security Groups can only be created if a tenant has a Microsoft Online subscription that has been activated.  The group selector will hide these two group types if Exchange Online is not activated.  (Exchange Online is activated when the first license containing Exchange Online is assigned to a user - this triggers the internal Microsoft provisioning process for Exchange Online)

Access and Security

Default Permissions

  • Microsoft Online Administrators role – has full access to create, update, read and delete all groups.  This is the default permission that will be granted to end-customer administrators if permissions have not been modified.
  • Reseller and Service Provider administrators will by default be able to manage on behalf of their customers.

Advanced Permissions Control

There are four core permissions available which can be added to Atria Security Roles, they are all contained under the Microsoft Online Service Segment. 

  • Create Group
  • Read Group
  • Update Group
  • Delete Group

Menu Access

The default menu item for accessing the group management feature is

  • Services > Microsoft Online > Group Management

Auditing

Atria audits changes to groups in the [MicrosoftOnlineGroups_AT] database table.  Changes are stored against the user who performed the change, and also any impersonation that has been included.

Note that any groups created outside of Atria will not have a created record within this table, but any subsequent updates to the group, made through Atria, will be recorded.

Dynamic Groups

Dynamic groups are not shown and cannot be created through Atria.

Synced Groups

Groups that are synchronized into Azure AD using Azure AD Connect cannot be edited.  Atria will let you view these groups but they will be read-only.

Creating Groups

The group selector allows you to choose the group type, once a group type has been selected, the group type cannot be changed.

For Service Providers using Atria to manage groups on behalf of a customer, the Groups will be displayed, created and edited in the context of the currently selected customer.  You can always see the currently selected customer in the banner.  

For examples sake, if you create a Microsoft 365 Group, you are provided with all of the relevant properties you’d like to edit.

If you create a group, then immediately go to edit the group, although the group appears to have been created, it can take time before the new group will appear in successive queries to the Microsoft API, if an error is shown, waiting a few seconds then trying again will usually resolve the problem. 

Editing Groups

Editing groups provides the same dialog used to create groups, simply select the required group from the list, and edit the properties as required.




Deleting Groups

Deleting groups just requires you to select the ellipsis, then select "Delete" on the main group management page.  You will be prompted to confirm deletion.




    • Related Articles

    • Connecting Atria to Microsoft Partner Center

      As of October 2023, Microsoft no longer supports DAP. We have updated the scripts within the platform as of 15.16 to create new GDAP level permissions. Please see below for more information. Objective This article shows you how to set up a secure ...

    • Microsoft Online Service Planning

      Overview The Microsoft Online Service for Atria allows Customers and the service desk to manage tenants, licenses, users and features of Office 365 – with no access to the 365 admin portal. It reduces your risk, while still being able to effectively ...

    • Microsoft Online Service Provisioning

      Objective This article provides a guide to configuring and provisioning the Microsoft Online Service within the Atria Platform. Before you Start After setting up the connection to Partner Center, update the service' customer plan- Service Deployments ...

    • Microsoft Online Service Deployment

      Objective This article provides a guide to installing the Microsoft Online (MSOL) service into the Atria Platform. Web Service and Schema Installation The first step for the deployment of any new Service is to install the Web Service (if required) ...

    • Microsoft Online - How to configure your Customer plan

      Overview The Microsoft Online service within Atria has been designed from the Ground Up with Customization and flexibility in mind. This means, that it can likely cater with most configuration scenarios you may come across with Microsoft Online ...