Office 365 Connector Security-groups

Schoulen · June 8, 2020, 6:54am

Hi,

I’m in the process of implementing Microsoft 365 for our school. The UCS 365 Connector works fine already. Users are created correctly, but I have huge problems to use the by the connector automatically generated security-groups (classes, courses, student-group, teacher-group) for our rights management in M365 or to use them for anything else at all.

For example when I try to set the booking policy for one of our in outlook bookable rooms with the corresponding PowerShell command, I get an error message that this group doesn’t exist:

Set-CalendarProcessing -Identity RoomMailboxName -AllBookInPolicy:$false -AllRequestInPolicy:$false -AllRequestOutOfPolicy:$false -BookInPolicy "name of security group"

The same code works fine with groups that I created manually in M365.

To be honest, right now the generated security groups have no value at all for me, because I can’t use them anywhere in M365 (teams, outlook, etc…)…but I need those groups to reduce my administrational effort I have to put in our M365-tenant.

My question in short: How can I use productively the automatically generated security-groups?

Thanks in advance and best regards

Kai Schoulen

damrose · June 8, 2020, 11:41am

In MS Azure there are two types of groups, our Office365 Connector creates security groups. To manage anything Microsoft365 / MS Teams related, one needs an “Office 365” group.

This is currently not possible. A feature request exists in our bug tracker: https://forge.univention.org/bugzilla/show_bug.cgi?id=51187

Schoulen · June 9, 2020, 6:51am

Wow, thank you for the very fast reply. Two question came popping up, when reading your reply:

1.) Why do you create security groups at all? (To be honest I’m quite new to M365, but you have to have a reason for creating these groups) Is there any benefit from having a security group available?

2.) The feature to create Office365 groups or at least email-enabled security groups seems quite important to me. In fact I’m not really sure how to handle our M365-tenant efficiently without having this feature available. Do you got any internal roadmap when you it should be available?

Best regards

Kai

Grandjean · June 9, 2020, 2:23pm

Hello @Schoulen!

When Univention started developing the Office 365 Connector, we picked the best Microsoft Azure API for our needs and use-cases that was available at the time. Unfortunately, this API could not and still cannot create “Office 365 groups” - only security groups. To be able to create “Office 365 groups” we need to switch to a newer API provided by Microsoft. Since this is not just a newer version of the same API, but a completely different one, this requires quite some changes to our Connector-App.
We consider this an important feature and intend to implement the necessary changes, but we don’t have a final roadmap, yet.

Best regards,
Michael Grandjean

mdi.epost · August 18, 2020, 5:12am

sorry to hijack this discussion - does this literally mean you can’t use the UCS groups in O365 at all and need to create all of your groups again (including allocation of users)?

connyhald · July 11, 2023, 3:14pm

I have now stumbled upon this as well.

Yes. That is my understanding.

Now that the connector has switched to the graph API. Are there any plans to add that feature in the near future?