How can we make Microsoft Teams better?

When granting access a Security group or Distribution list to a Team. Changes to the security groups/DL does not apply.

When granting access a Security group or Distribution list to a Team. Changes to the security groups/DL does not apply. If a user leaves the company or if we have new users, it is a manual process to add or remove them from a Team. Since we can select a Security group or Distribution list, changes to either should be reflected on the Team members.

855 votes
Sign in
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Jason Mayde shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Password icon
Signed in as (Sign out)
  • Sudeshna commented  ·   ·  Flag as inappropriate

    Is there a plan to get the Distribution Group dynamic addition enabled in Teams. That would really help.

  • msimone68 commented  ·   ·  Flag as inappropriate

    This is a huge issue. The fact that you allow AD groups/DL's to be chosen means that the hook is already there. Not sure why the membership list has to be enumerated as that kind of defeats the prupose of how to manage it effectively.

  • Robert commented  ·   ·  Flag as inappropriate

    The only way I see to assign members to a Team is either using their individual account or a AD distribution list which only breaks out the individual users into that Team. This is a maintenance nightmare to manage Teams when users are added or removed from an AD group. What is the time table for adding the ability for Team members to tied to a AD group?

  • Christian Kaiser commented  ·   ·  Flag as inappropriate

    When adding members to a team via security group, the group is dissolved and only the participants of the group are added to the team as members. This is a big issue in two ways:
    1) all new members to a security group have to be added to MS Teams manually, as the security group itself is not a member of the team, and
    2) if a user is removed from a security group, the user still has access to the team that he/she was originally added to.

    In conclusion, dissolving the security group to show individual members causes unnecessary admin effort and poses a security and compliance risk for adding and removing members from a team. Teams should be able to accept security groups as members, as for example possible on MS SharePoint. This change should not be difficult, so I would hope for an easy and quick fix.

  • Ben @NerveSolutions commented  ·   ·  Flag as inappropriate

    Dynamic Teams or Dynamic O365 Groups is surely the way to go?! and I hope Microsoft is listening on this. Why? this is going to greatly reduce the maintenance of collaboration groups base on organisation security groups.

    We've found an unofficial way of doing this for now, loving every bit of it.
    . Do not create Dynamic Group via AzureAD or Exchange Online UI, it will create a Security Group rather than a O365 Grroup.
    . Install AzureADPreview PS module (cannot co-exist with AzureAD)
    . Create a Dynamic Office Group (O365 Group) using New-AzureADMSGroup
    . Specify your parameters: Description, DisplayName, MailEnable:True, MailNickname:NoSpacesDisplayName, SecurityEnable:False, GroupTypes:"DynamicMembership","Unified", MembershipRule:"Rule with double quote escaped".
    . This will create a Dynamic O365 Group, with mailbox and SharePoint Site instantiated.
    . wait patiently for the membership population. if this doesn't happen for many days, delete everything cleanly like you would have delete an O365 group and purge it from the recycle bin, and recreate the group repeating the above steps. remember this is unsupported way.
    . From O365 Admin UI, update the group owners, and convert the O365 Group to a Teams.
    . Wait for the sync to happen, and you need to be an over or a member to see the Team in the Team UI.

  • Peter Knijff commented  ·   ·  Flag as inappropriate

    Dynamically add people based on group memberships to existing Teams.
    Example; User1 and User2 are added to Group1, Group1 is added to Team1.
    User1 and User2 log into Teams, Team1 is available for both Users.

    User2 gets removed from Group1, Team1 is no longer available for User2.
    User1 is still a member for Team1 based on Group1 membership.

    User1 is removed from Group1

  • SH AW commented  ·   ·  Flag as inappropriate

    this is desired so that members can be automatically added to a TEAM using the user object attribute, e.g. when Office = LONDON, or when Department = TECHNOLOGY.

  • Caleb Lamz commented  ·   ·  Flag as inappropriate

    Agree this is desperately needed. If you delegate a security group permissions to a Team, adds/removes from that group should automatically add/remove the user from the Team. In addition, if a user is a member of a security group that is delegated access to a Team, and that user chooses to leave the Team, the user should still be able to search for and rejoin the team later.

  • NakiKiwiNZ commented  ·   ·  Flag as inappropriate

    Desperately needed. It is so simple with security groups and such an escalating mess without! The idea of having a permissions framework without security groups is nuts. Please we need this urgently. Surely it's not a major to enable Microsoft Team permissions to operate by Security Group rather than just individual user!

  • NakiKiwiNZ commented  ·   ·  Flag as inappropriate

    Having only the capacity to manage permissions by individual user is a maintenance nightmare. Teams needs to be able to maintain access permissions by Security Group.

  • Pete commented  ·   ·  Flag as inappropriate

    Role based as opposed to person based and managed accordingly. Colin sums it up nicely.

Feedback and Knowledge Base