Microsoft 365 - Creating and Managing Policy Groups (Departmental IT)

This document explains how departmental IT staff can take the first step toward achieving account policy compliance for their Office 365 users by creating the policy group structure in Manifest.

For an introduction to policy groups, please see Microsoft 365 - Using Policy Groups to Manage User Account Policy Compliance.

HIPAA: If you believe you or your university work may be influenced by HIPAA and you have questions about the use of policy groups within your organization, please contact your HIPAA Security Coordinator.

If you do not work within the guidelines of HIPAA and you are interested in using policy groups within your organization, please contact the DoIT Help Desk for more information.

What do I need to do?

  1. Request a Manifest folder if you do not already have one for your department or organization (Manifest - Request a Manifest Folder).

  2. Within your Manifest folder, create an "affiliation" group to contain your users and affiliates who need policy compliance and reporting (Manifest - Create a Group). Your "affiliation" group should be set up in the following ways:

    1. Name the group using the following convention: "mydept-o365-policy-enforce"

    2. Create/add the two groups listed below as members of your "affiliation" group:

      • Add a data-driven Manifest group for the UDDS of your users. Note: data-driven Manifest groups do not need to be created and can be added to your "affiliation" group referencing the following instructions: (Manifest - Data Driven Groups). Members of your data-driven Manifest group will be regularly updated to reflect current employees based on the UDDS number used.

      • Create an "ad-hoc" Manifest group to contain individuals who are not captured in your data-driven Manifest group. Please follow this naming convention: "mydept-o365-policy-ad-hoc". Once created, add your "ad hoc" group as a member of your "affiliation" group (Manifest - Manage Group Members).

  3. Within your Manifest folder, create an "exclusion" Manifest group to contain individuals whose Office 365 account policy compliance will not be reported on or enforced. Please follow this naming convention: "mydept-o365-policy-exclusion".

  4. Within your Manifest folder, create an "admins" Manifest group to contain departmental IT administrators and others who you'd like to give the ability to run reports on the Office 365 account policy compliance of your selected users. Please use the following naming convention: "mydept-0365-policy-admins"
  5. Contact UW-Madison's Office 365 Team and request they complete the setup of your policy groups. If not already in contact with UW-Madison's Office 365 Team regarding your policy groups, contact the DoIT Help Desk and request that the Office 365 Team complete the setup of your policy groups.

The image below is a visual representation of the complete policy groups structure.

Updated4-13-2018PolicyGroupsGraphicforKBdoc72288.png