When granting access a Security group or Distribution list to a Team. Changes to the security groups/DL does not apply.
When granting access a Security group or Distribution list to a Team. Changes to the security groups/DL does not apply. If a user leaves the company or if we have new users, it is a manual process to add or remove them from a Team. Since we can select a Security group or Distribution list, changes to either should be reflected on the Team members.
This feature request is still working its way through the backlog queue.
The only way I see to assign members to a Team is either using their individual account or a AD distribution list which only breaks out the individual users into that Team. This is a maintenance nightmare to manage Teams when users are added or removed from an AD group. What is the time table for adding the ability for Team members to tied to a AD group?
Anikke Bukowski commented
This would be ideal to ensure that permissions can be reported on when users change roles.
Christian Kaiser commented
When adding members to a team via security group, the group is dissolved and only the participants of the group are added to the team as members. This is a big issue in two ways:
1) all new members to a security group have to be added to MS Teams manually, as the security group itself is not a member of the team, and
2) if a user is removed from a security group, the user still has access to the team that he/she was originally added to.
In conclusion, dissolving the security group to show individual members causes unnecessary admin effort and poses a security and compliance risk for adding and removing members from a team. Teams should be able to accept security groups as members, as for example possible on MS SharePoint. This change should not be difficult, so I would hope for an easy and quick fix.
Stephen Miller commented
And Mail-enabled Security Groups
Christopher Slagel commented
Would love to be able to add a Dynamic Distribution List when adding team members.
Ben @NerveSolutions commented
Posted my comment on unofficial unsupported way for doing this in another post.
Ben @NerveSolutions commented
Dynamic Teams or Dynamic O365 Groups is surely the way to go?! and I hope Microsoft is listening on this. Why? this is going to greatly reduce the maintenance of collaboration groups base on organisation security groups.
We've found an unofficial way of doing this for now, loving every bit of it.
. Do not create Dynamic Group via AzureAD or Exchange Online UI, it will create a Security Group rather than a O365 Grroup.
. Install AzureADPreview PS module (cannot co-exist with AzureAD)
. Create a Dynamic Office Group (O365 Group) using New-AzureADMSGroup
. Specify your parameters: Description, DisplayName, MailEnable:True, MailNickname:NoSpacesDisplayName, SecurityEnable:False, GroupTypes:"DynamicMembership","Unified", MembershipRule:"Rule with double quote escaped".
. This will create a Dynamic O365 Group, with mailbox and SharePoint Site instantiated.
. wait patiently for the membership population. if this doesn't happen for many days, delete everything cleanly like you would have delete an O365 group and purge it from the recycle bin, and recreate the group repeating the above steps. remember this is unsupported way.
. From O365 Admin UI, update the group owners, and convert the O365 Group to a Teams.
. Wait for the sync to happen, and you need to be an over or a member to see the Team in the Team UI.
Leif Johannsen commented
I can only say: Agree to all what already said.
Peter Knijff commented
Dynamically add people based on group memberships to existing Teams.
Example; User1 and User2 are added to Group1, Group1 is added to Team1.
User1 and User2 log into Teams, Team1 is available for both Users.
User2 gets removed from Group1, Team1 is no longer available for User2.
User1 is still a member for Team1 based on Group1 membership.
User1 is removed from Group1
SH AW commented
this is desired so that members can be automatically added to a TEAM using the user object attribute, e.g. when Office = LONDON, or when Department = TECHNOLOGY.
Caleb Lamz commented
Agree this is desperately needed. If you delegate a security group permissions to a Team, adds/removes from that group should automatically add/remove the user from the Team. In addition, if a user is a member of a security group that is delegated access to a Team, and that user chooses to leave the Team, the user should still be able to search for and rejoin the team later.
Desperately needed. It is so simple with security groups and such an escalating mess without! The idea of having a permissions framework without security groups is nuts. Please we need this urgently. Surely it's not a major to enable Microsoft Team permissions to operate by Security Group rather than just individual user!
Having only the capacity to manage permissions by individual user is a maintenance nightmare. Teams needs to be able to maintain access permissions by Security Group.
Peter Kondrashov commented
We really need this. Maintaining all the groups is becoming a nightmare.
Role based as opposed to person based and managed accordingly. Colin sums it up nicely.
Colin Zhang commented
I agree. If you are creating teams for specific departments or work groups in the company, it should be expected that membership and access to those teams follow the current membership of the security group.
The way I would expect this to work is to have the security group itself be listed as a member of a team. Right now when you add a group or DL it just auto fills the current membership list as individual members.
Use a DL to dynamically manage Team membership, not just initially populate the Team.