There were a lot of sessions about Office 365 Groups at last month's Ignite conference. New features were demoed, tips were shared, roadmaps were revealed.
Amongst all of it there is one slide that really stood out for me.
This slide was used in at least two sessions that I've looked at so far. In one session, the Microsoft presenter glossed over it super fast. In the other, an MVP briefly described the details as a good thing, because most of their customers who would want the premium features already use Enterprise Mobility + Security which includes Azure AD Premium P1 or P2, depending on which EM+S SKU you purchase.
Update: Microsoft has now added a support document explaining which Office 365 Groups features and capabilities required Azure AD Premium licensing.
To summarize, here's what you can do with Office 365 Groups at no additional cost to your Office 365 subscription:
- Create, read, update, delete (Groups)
- View the Groups activities report (intended to help you identify inactive Groups or those not fully utilizing all available features)
- Soft-delete and restore (this is the deleted Group recovery process)
- Block or allow Group creation by users (admins can always create Groups)
- Use hidden membership
Here are the features that required an Azure AD Premium P1 (or higher) license to use.
- Dynamic Group membership (dynamic groups are those based on queries that you build in the Azure portal, e.g. “department = “Human Resources”)
- Self-service Group management via the Azure AD access panel (myapps.microsoft.com), not via other workloads like OWA, Planner, Teams, etc
- Granular Group creation permissions, such as blocking Group creation for all users but allowing it for members of a specific security group (I demonstrate these here)
- Group naming convention (e.g. preventing users from creating Groups with names like “CEO” or “Payroll”)
- Groups expiration (a time-based approach to expiring and deleting Groups that the owner no longer wants to keep)
- Usage guidelines (literally just adding a URL to direct user to a web page, currently only used in OWA when creating a Group, yet to be added to other Groups-based workloads like Teams, Planner, etc)
- Default classification (you define the classifications, and this setting applies the one you choose to be the default if the user doesn't specify one)
Refer to the support document for details of how many Azure AD Premium licenses you'll need in each scenario.
Tony Redmond also covered this announcement in a recent Petri article, looking at it from different perspectives, and criticizing the nature of the announcement.
Introducing a change like this without any warning or documentation came as a real shock. It is unconscionable for Microsoft to suddenly look for licensing fees when Office 365 tenants have used a feature for over a year, especially when the feature is such a critical management tool for so many applications.
I agree with Tony; it is unconscionable. It also stinks, and is an anti-customer move that is truly disappointing to see.
Microsoft has pushed Groups hard since the feature was first launched. And so they should. Groups are useful in many scenarios, and the apps being developed on top of Groups are generally good, although still unpolished.
Groups are the default group type when you click on Add a Group in the Office 365 admin portal.
Groups are plastered all over the Exchange admin center.
If you try to create a distribution list in the Exchange admin center, Microsoft reminds you once again that Groups exist. At one stage in the recent past, creating a new distribution list actually took you to a new Office 365 Group creation page, ignoring your intent to create a distribution list. That has thankfully been fixed, and replaced with this yellow banner.
Groups can now be created by converting eligible distribution lists (including by group owners who are not administrators).
Planner plans create Groups. Teams teams create Groups. StaffHub creates Groups. SharePoint Team sites create Groups. Yammer has some sort of Groups-ness as well. They're everywhere.
And now adopting Groups comes with a price. Yes, the Groups themselves are free to create and consume. But if you need to exert some control over how Groups are created, you need to pay.
Some of those features, such as granular Group creation permissions, have been released into production well before the Ignite announcements, without any specific licensing requirements. As such, customers have been making good use of features that now require additional licenses to be purchased. And charging extra for basic stuff like adding a link to your organization's Groups usage guidelines is baffling.
Other capabilities listed above (dynamic groups, self-service via Azure myapps, and expiration) have been a premium feature requiring additional licensing since they were released. That's fine. I don't agree with charging extra for them, but at least they were launched as premium features and customers could make a decision whether they needed them or not.
The rest should not be paid, premium features, in my opinion. Especially the Group creation permissions, which has existed and been utilized by customers long before the announcements at Ignite last month. For the last few days I've been mulling over that one and I honestly cannot come up with a justification for charging extra for the ability to prevent Groups from being created by every user in your organization. Office 365 already has a problem with features you can't really turn off. The marketing message that Office 365 helps you to “gain IT control” is become less true as time goes on.
I hope Microsoft reconsiders their position on this, and removes the Azure AD Premium license requirement for what should be basic features of Groups. If they don't, then it's a stain on what should be an increasingly good story about what Groups can do for the customers that want to use them.
Note: this article has been updated on 19/12/2017 to include new details released by Microsoft here.