Office 365 - Creating and Managing Policy Groups (Departmental IT)

This document explains how departmental IT staff can take the first step toward achieving account policy compliance for their Office 365 users by creating the policy group structure in Manifest.

For an introduction to policy groups, please see Office 365 - Using Policy Groups to Manage User Account Policy Compliance.

Note: at this time, the use of policy groups is in a pilot phase. It has yet to be determined if the use of policy groups will be opened to campus. Please contact the DoIT Help Desk for more information.

What do I need to do?

  1. Request a Manifest folder if you do not already have one for your department or organization (Manifest - Request a Manifest Folder).

  2. Within your Manifest folder, create an "affiliation" group to contain your users and affiliates who need policy compliance and reporting (Manifest - Create a Group). Your "affiliation" group should be set up in the following ways:

    1. Name the group using the following convention: "mydept-o365-policy-enforce"

    2. Create/add the two groups listed below as members of your "affiliation" group:

      • Add a data-driven Manifest group for the UDDS of your users. Note: data-driven Manifest groups do not need to be created and can be added to your "affiliation" group referencing the following instructions: (Manifest - Data Driven Groups). Members of your data-driven Manifest group will be regularly updated to reflect current employees based on the UDDS number used.

      • Create an "ad-hoc" Manifest group to contain individuals who are not captured in your data-driven Manifest group. Please follow this naming convention: "mydept-o365-policy-ad-hoc". Once created, add your "ad hoc" group as a member of your "affiliation" group (Manifest - Manage Group Members).

  3. Within your Manifest folder, create an "exclusion" Manifest group to contain individuals whose Office 365 account policy compliance will not be reported on or enforced. Please follow this naming convention: "mydept-o365-policy-exclusion".

  4. Within your Manifest folder, create an "admins" Manifest group to contain departmental IT administrators and others who you'd like to give the ability to run reports on the Office 365 account policy compliance of your selected users. Please use the following naming convention: "mydept-0365-policy-admins"
  5. Confirm with the Office 365 Team that your policy groups and memberships have been properly set up. The image below is a visual representation of the policy groups structure.

Updated4-13-2018PolicyGroupsGraphicforKBdoc72288.png

See Also:




Keywords:manifest o365 compliance policies affiliation ad-hoc report administrator exclusion enforce   Doc ID:72288
Owner:Justin M.Group:Office 365
Created:2017-04-03 14:47 CDTUpdated:2018-04-17 17:09 CDT
Sites:DoIT Help Desk, DoIT Tech Store, Office 365
Feedback:  0   0