Office 365 - Use of Security Groups to Manage Permissions
Desired sample workflow: You have a resource account that you manage the calendar permissions for. Instead of having to add/manage the calendar permissions via the resource calendar permissions screen every time you make a change, instead you can setup a Microsoft security group and manage the permissions via Manifest application.
What is a mail-enabled security group?
Mail-enabled security groups allow you to streamline the process for assigning and managing multiple permissions for a service/calendar.
What do you need to do?
- Create a security group
- Create a Manifest folder if you do not already have one: Manifest - Request a Manifest Folder.
- Create a Manifest group: Manifest - Create a Group.
- Add at least one member to the group: Manifest - Manage Group Members. Note: at this time, only user NetIDs can be added to the Manifest group; service accounts cannot be added as members.
- Request the group be AD-synced and wait for confirmation that the group has been synced successfully: Manifest - Publish Group to Active Directory Services
- Wait 24 hours after confirmation that your group has been synced to AD before moving to the next step and contacting the Office 365 Team.
- After at least 24 hours have passed since receiving confirmation that your group has been synced to AD, send an email to Office 365 Document and Support Team with the UUID and Group ID, and request an Office 365 Security Group be created.
Note: The UUID can be found in the url of the Manifest group. The Group ID will be displayed as the "Name" for this Manifest group.
As an example, here is a Manifest group url: https://manifest.services.wisc.edu/Group/Index/280abc5d36544efghi8j4k5lmn296770.
- The UUID is: 280abc5d36544efghi8j4k5lmn296770.
- The Group ID is: uw:org:<dept>:<group_name></group_name></dept>.
If the link above (in step 6) does not open a new mail message on your computer/device, please send an email manually with the following details:
- To: email@example.com
- Subject: Office 365 request - security group to manage permissions (63382)
- Body: include all the information listed above
- Assign permissions using the security group
- -- Do not proceed with this section unless you have received confirmation that your Manifest group has been synced as an Office 365 security group.
- -- When you adding the Manifest group to the calendar permissions screen, it will need to be added using the following format - UUID@wisc.edu (example: firstname.lastname@example.org).
For user and service accounts: Office 365 - Getting Started with User and Service Account Permissions
For resource accounts: Office 365 - Getting Started with Resource Account Permissions
For OneDrive data: OneDrive data
More information on this feature/process
- All security groups are hidden from the GAL (and can’t be shown), so only Outlook on the Web will recognize them. Mail folder/calendar/resource permissions to a security group must first be assigned via Outlook on the web. You can paste in the email address when assigning the permissions and select “use this address” since it won’t be in the GAL.
- Once security group permissions are assigned in Outlook on the web, instead of seeing UUID@wisc.edu, you will see the Manifest Group ID.
- To manage the members of the security group, use Manifest. Please wait 60 minutes for these changes to be reflected within Office 365.
- If you want to setup a data driven Manifest group, please contact Manifest team.
- Security groups can be used as a mailing list, please see Office 365 - Use Manifest email groups to moderate email messages for further details. If your primary goal is to email a group of users, review distribution list options.
- Once the process has been completed, this group will be published to Microsoft Azure.
- Office 365 - Getting Started with User and Service Account Permissions
- Office 365 - Getting Started with Resource Account Permissions
- Office 365 - What are the differences between an Office 365 Group, an Office 365 Security Group, a Contact list, and a Google Group?
- Office 365 - Use Manifest email groups to moderate email messages