The blog of Wictor Wilén

  • Office 365 Groups for Admins - Creating Groups

    Tags: Office 365, Unified Groups

    In this post of the Office 365 Groups for Admins series we will take a look at how you as an admin and your end-user can create Office 365 Groups. The option to allow end-users to create Unified Groups or not are determined by the Mailbox Policy, as described in a previous post.

    End-user creation of Office 365 Groups

    End-users have two ways of creating new Groups; either use the Office 365 web interface or using Outlook 2016 (works on the PC edition, not sure about Office on Macintosh). This is option is by default available for ANYONE within your organization, there is no granularity at all, there is no approval or anything.

    In the web interface there are several entry points to Groups, most of them have a "plus" icon that allows the end-user to start the new Groups wizard and create a Group.

    Unfortunately this "plus" icon is present even if Groups creation is disabled. The end-user will not notice that he/she is prohibited to do it until they actually create the Group and are met with an access denied. Bad UX design Microsoft…

    In Outlook 2016, the end-user right clicks on the Groups heading in the right hand pane and choose "New Group". A similar wizard as the web interface is shown and the user can create a Group.

    The Office client team got it. If Groups creation is disabled, the New Group option is actually greyed out…

    Creating Groups using PowerShell

    Administrators can create Groups using PowerShell. It is an simple operation and might at this point in time actually be the best option for you to create Groups. It allows you to have full more control over the creation and the Group properties.

    To create a Group all you need to do is to establish a remote session to Exchange Online and then use the New-UnifiedGroup cmdlet.  One might think that issuing a get-help command on that cmdlet would show some information on how to use it - not really the truth (on a side note the help information might tell us where the product group are heading).

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    New-UnifiedGroup `
        -DisplayName "Group: Project X" `
        -Alias "unifiedgroup-project-x" `
        -EmailAddresses "" `
        -AccessType Private 
    Remove-PSSession $session

    This is basically what you can do with this cmdlet:

    • DisplayName: the display name of the group. This cmdlet does not take the Group Naming Policies into account so you can and should use a proper naming standard here.
    • Alias: the Exchange alias. Using this property is the only way to control the Alias of the group
    • EmailAddresses: The e-mail address of the Group. This does NOT have to be the default domain, as used when created from the UI. You can use a separate or dedicated domain for this
    • AccessType: This can have the value of Public or Private.


    Note: the Name property, in Exchange, for any Group created using the UI or PowerShell will be suffixed with "_<10 digit hex numer>". Creating a Group using the Office 365 Unified API's does not append this…

    Once this command is invoked it will return fairly quickly and you can access the Exchange part of the Group. Things like Files will take another couple of minutes, it's SharePoint you know…

    Once we've created a Group we can further configure it, but we'll take a look at that in the next post in the series.

    Creating Groups using the Office 365 Unified API

    We have a third way of creating Groups and that is through the Office 365 Unified API's. I will get back to this in a later post when we talk about this API specifically.


    After reading this post and the other posts in the series, you should no longer be afraid of Office 365 Groups. You can enable it for everyone to create Groups as they want, and you can do the cleaning afterwards. Or you can put the Group creation into the hands of your Exchange or Office 365 Admins and let them create the Groups using a PowerShell script. Create a SharePoint list (an InfoPath form?), an approval Workflow and just automate it? Just as we have to do with SharePoint sites, anyways…
    The experience, for everyone, will be way better than the default one.

  • Office 365 Groups for Admins - Group creation policies

    Tags: Office 365, Unified Groups

    In this post of the Office 365 Groups for Admins series I will talk about the small but important policies we can apply to Group creation.

    At the moment there is very little control of the actual Office 365 Group creation in Office 365. And this tends to be one really important aspect of the Unified Groups discussion - can we allow them or not? I do hope that I over the time can update this post with new and improved governance features.

    Group naming policies

    One of the few configuration options you have for the Unified Groups is how they are named when created. You do not configure this from the Groups settings in the Admin portal, where one could expect it to be, but rather under Admin > Exchange > Recipients > Groups. Then click on the ellipsis (…) and Configure group naming policy:

    Group Naming Policy in EXO

    The Group Naming Policy consist of two parts; General and Blocked Words.

    An important thing to remember is that these policies only applies to when an end-user creates a Group in the user interface (web or Outlook 2016), not when an administrator creates them using PowerShell.


    Under the General configuration of the Group Naming Policy you can configure name prefixes and suffixes. Not that this is only for the display name for the Group, not for the e-mail alias or anything else. The prefixes and suffixes can be based on an Attribute or plain text. Attributes are read from some of the user account properties; for instance City, Company etc.

    In this screenshot below I have configured both prefixes and a suffix. Each Group will now get a name as follows: <Company><City><Group Name> 'Group'. That is for instance "Contoso Stockholm Project X Group".

    A sample Group Naming Policy

    The example above is pretty bad though. Now if someone creates a group called "Project X Group", this is what they will see an interface like below:

    Creating a Group

    But when the Group is created it will actually look like this: :)


    Nevertheless, it is a good idea to actually  configure at least a prefix, that will make sure that your GAL looks a little bit prettier.

    Blocked Words

    Since everyone can create Groups it is a good idea to block some words from the Group naming. Names that you don't want to see in your GAL and other entry points. This can be done with the Blocked Words feature:

    Blocked Words

    Default e-mail domain

    Since each Group has its own e-mail address each e-mail address has a domain name. When creating a Group you cannot specify the domain so it will actually use the default domain that you have configured in your tenant. You can change the default domain in the Admin portal under Domains and then choose which one of your domains to be default.

    Default Domain in Office 365


    There are a couple of interesting ideas on the Office 365 Uservoice site I recommend that you vote on:


    If you're enabling creation of Groups in your Office 365 you should consider configuring your Group Naming Policies. Unfortunately the options at the moment are limited to the display name - hopefully we will se better options for this in the future.

  • Office 365 Groups for Admins - Enable and disable user creation of Groups

    Tags: Office 365, Unified Groups

    This is the third post in my Office 365 Groups for Admins series and it will focus on one of the primary tasks an Office 365 Admin has to do once their tenant is up and running; should we allow our users to create Office 365 Groups or not? I'm not going to give you an answer to this. It is something you need to evaluate properly within your organization, but I do recommend that you initially always turn off Groups, so that you can get some governance into the game before promoting it to everyone.

    Important! Disabling Office 365 Group creation as described in this post will only disable it in the user interface (for everyone, including admins). We can still create Unified Groups using PowerShell (more on that in later posts).

    I will show you how to check the status of Groups creation, how to disable it and how to enable it (you will eventually do this…cause the Unified Groups rocks!). To do all this we need to use PowerShell, there is no way to do this in the UI or admin portal of Office 365.

    Check the Office 365 Groups creation status

    To check if our users are allowed to create Groups we start a (new) PowerShell session and executes the following statements:

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange `
        -ConnectionUri  `
        -Credential $creds -Authentication Basic -AllowRedirection 
    Import-PSSession $Session
    # Check status
    Get-OwaMailboxPolicy | select GroupCreationEnabled
    Remove-PSSession $Session

    All the Unified Groups PowerShell scripts exits in Exchange Online. In order to connect our PowerShell session to Exchange Online, we need an Exchange/Global Online admin credential. Using that credential we create a new PowerShell session and connect that session to the cloud. Once we have the session we can import it and start working with the Exchange Online cmdlets.

    The cmdlet we want to use is the Get-OwaMailboxPolicy and the property we want to take a look at is GroupeCreationEnabled. If it is set to true, then end users can create Groups and vice versa.


    Disable creation of Office 365 Groups

    Disable creation is quite simple, we need to do the same connection thing as we did above and then use the Set-OwaMailBoxPolicy cmdlet to prohibit creation, like this:

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange  `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    # Disable
    Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -GroupCreationEnabled $false
    Remove-PSSession $Session


    As you can see we only need to set the GroupCreationEnabled switch to $false and we're all set.

    No creation of Groups hereFrom now on end users will be unable to create new Groups in the user interface. If the click the create new group function in the web interface they will get an error saying that you're not allowed to create a Group. In Outlook 2016 (after restarting Outlook) it is even better, the Create Group function is actually disabled.

    Enable creation of Office 365 Groups

    Turning Office 365 Groups creation back on is just as easy as turning it off.

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange  `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    # Enable
    Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -GroupCreationEnabled $true
    Remove-PSSession $Session


    As you've seen in this post it is very easy to enable or disable Groups creation. In this series we'll come back to even more PowerShell administration.

  • Office 365 Groups for Admins - Groups entry points

    Tags: Office 365, Unified Groups

    In this first post of the Office 365 Groups for Admins series I will show you where you have the different entry points for the Unified Groups.

    It's important to understand this as it is important in the posts to follow.

    Office 365 Mail (end users)

    Groups in the Web UIThe first and perhaps the most obvious point of Office 365 Groups is in the Office 365 Mail application (Outlook Web App, OWA). On the left hand side you will see the Groups heading. Under that heading 10 of the Groups you are member of are shown, with your Favorites on top.

    Clicking on Browse Groups will take you to a public listing of all available Groups within your tenant.

    Clicking on Create Group will allow anyone within your organization to create a new Group.

    Clicking a Group here navigates you to the discussion view of the Group.

    Office 365 Calendar (end users)

    From the Calendar view of OWA you will see the your Groups (up to 10) and you can add their calendars as overlay. Clicking on a Group here navigates you to the Groups Calendar view.

    OneDrive for Business (end users)

    In OneDrive for Business you will also see the Groups heading and a similar view as above. You only see five Groups here, you can click on More to see more.

    Outlook 2016 (end users)

    Groups in Outlook 2016One of the best pieces with Groups is that in Outlook 2016 you can directly access the Groups and interact with them.

    Right clicking the Groups header allows you to create a Group.

    If you have marked any Groups as favorites, they will also show up together with your favorites folders in Outlook.

    Global Address List (end users)

    By default all of the Office 365 Groups will be visible in the Global Address List.

    Office 365 Admin Portal (admins)

    Office 365 Admins can see some Group information in the Admin portal, located under the Groups heading (at the moment, consider this as your last resort :)

    Some of the Unified Group configuration piggybacks on the Exchange Group settings, so you find some settings in the Exchange Admin Center as well.

    PowerShell (admins)

    Of course, PowerShell is where you can work with Groups.

    Office 365 Unified API (developers, admins)

    There's an API for that. Yes, we can do some really cool stuff with the new Office 365 Unified API's.

    SharePoint Online (end users)

    In SharePoint (and OneDrive) all your Groups will be available as groups when sharing sites, items or documents.


    Office 365 Groups are everywhere in Office 365, and I think we can expect them to appear on even more places. For instance the Office Roadmap talks about Delve appearance of Groups…

  • Office 365 Groups for Admins

    Tags: Office 365, Unified Groups

    As you might have noticed I'm a big fan of Office 365 Groups, aka Unified Groups. I do think they will play a major role in the future of Office 365 Collaboration. Office 365 Groups consists of many moving parts, some that are half baked, some that are not working at all and some that is a bit difficult to understand. In this series of posts, will be published over the next few weeks and after that when needed, I will describe how you as an Office 365 Admin can and should work with Office 365 Groups.

    This post will be kept as an index for the posts and will be updated when new posts are being added:


    If you have ideas or suggestions on the series and the individual posts, please leave a comment.

  • What's new on the Office Roadmap - 2015-07-22

    Tags: Office 365, Unified Groups

    Some "small" updates this week on the Office Roadmap

    Changes 2015-07-22

    Now Launched

    • Office 365 Groups: Power BI Integration: A new and easier way for teams/groups to collaborate in Power BI. Directly to launched.

    In Development

    • Office 365 User Purchases: An interesting new option for the Store. Individuals can with this feature in place "purchase and individually own a subscription to additional software". Looks like if your manager doesn't approve of your Visio request, you can buy it on your own :)

  • What's new on the Office Roadmap - 2015-07-16

    Tags: Office 365, Yammer

    A week has gone since last update to the Office Roadmap and it looks like the Office 365 team is on a good pace.

    Changes 2015-07-16

    These are the changes I've noticed on the Roadmap, including my personal comments/take on some of them. One big shocker here and it's in the Cancelled section, check it out!

    Now Launched

    • Multi-Tier Cloud Standard for Singapore: something brand new that is just for Singapore that is launched? No description at all on the Roadmap - I'll get back with details.
    • Quarantine Message Body Preview: last week rolling out and now fully rolled out. Exchange admins can now really easy preview stuff in quarantine.
    • SharePoint Online storage usage model: "Auto" quotas are now fully rolled out
    • Workload-specific admin roles: Also the new admin roles are fully rolled out

    Rolling Out

    • Office 2013 Windows client modern authentication preview: new ADAL based AuthN is rolling out

    In Development

    • Office Online Edit in Yammer: Allows you to edit documents directly in Yammer. New on the roadmap
    • PSTN Calling in Skype for Business: US Only, more countries coming up, PSTN Call in feature. More awesome S4B features!
    • Public Folders: adding and removing favorites in OWA: Who said Public Folders was dead!


    • Document Conversations for OneDrive for Business and SharePoint Online: CANCELLED! No surprise to me. Another Yammer feature that is going in to the bin. If Microsoft can do a big write-down on Surface, they sure should do it on Yammer as soon as possible. From Rolling Out.

    Moved off into Previously Released

    (Added since original post)

    • Add external collaborators to your internal Yammer conversations
    • Boards for Office Delve
    • De-clutter your Inbox
    • Delve (Codename Oslo) & Office Graph
    • DLP in Office 365 to protect Externally classified content
    • DMARC Support in EOP
    • First Release Select people
    • Office 2013 client update to support passive authentication using SAML
    • Partner Admin Center New Customer List Filters
    • Recommend OneDrive for Business for Large Attachments
    • Share OneDrive for Business folders externally
    • Skype for Business desktop application update


    That's it for this time folks!

  • JavaScript multi-line string hack - a nifty JavaScript and CSS trick

    Tags: JavaScript, Apps, Add-Ins

    JavaScript is the new black and each and everyone has re-discovered JavaScript and it's inevitable not to have JavaScript as one of your tools. Especially if you're working with SharePoint, Office or Office 365 Apps or Add-Ins.

    In this short post I'm just documenting and sharing a small and nifty JavaScript hack that is very handy when you're doing for instance JavaScript injection, one of the most popular customization patterns for Office 365 and SharePoint Online at the moment. I often find myself in the situation that I need to deploy and inject a JavaScript file and an accompanying CSS file. More than often both the JS file and the CSS file is very small and I've found it very handy to combine the JS and CSS file into one JS file.

    Keep calm...Unfortunately the multi-line string features in JavaScript sucks, at best, unless you know this little trick. For instance you need to end each line with a backslash (\) and if you need line breaks you need to insert backslash + n (\n). If you're working with a CSS tool or like to write your CSS then it's annoying to add all that extra fluff when copying and pasting the CSS.

    So instead I've been using a technique that involves creating a small function like this:

    Wictor.MultiString = function (f) {
        return f.toString().split('\n').slice(1, -1).join('\n');

    Using this function (and hack) I can now write multi-line strings as follows, and that allows me to copy-paste CSS from any tool without redecorating it in JavaScript.

    Wictor.CSS = Wictor.MultiString(function(){/**
     body {
         font-family: Consolas !Important;

    I can then use this method like this, in for instance SharePoint Online, to inject some CSS without deploying a CSS file:

    var Wictor = Wictor || {}
    Wictor.MultiString = function (f) {
        return f.toString().split('\n').slice(1, -1).join('\n');
    Wictor.CSS = Wictor.MultiString(function(){/**
     body {
        font-family: Consolas !Important;
     (function () {
        ExecuteOrDelayUntilScriptLoaded(function() {
            var css = document.createElement("style");
            css.type = "text/css";
            css.innerHTML = Wictor.CSS;
            alert('You\'re injected')
        }, 'sp.js');


    Happy JavaScripting….

  • What's new on the Office Roadmap - 2015-07-09

    Tags: Office 365

    Hello everyone and hope you're not reading this, it's summer time and great weather, except in Sweden of course. We have some updates to the Office Roadmap today, the first set of updates in FY16 for Microsoft. Last week I complained about Microsoft changing URL's to the roadmap site - they are now fixed ;-)

    Changes 2015-07-09

    This are the changes I've noticed since the 26th of June including my take on the additions and changes. A lot of Skype for Business stuff has been launched this time!

    One other thing I've noticed is that the Delve picture is updated from blue pens to green hills.

    Now Launched

    • Azure AD Reports: The new auditing reports are now fully rolled out
    • Exchange Online Advanced Threat Protection: Directly from In Development
    • MDM for OneDrive for Business: Now fully rolled out
    • Mobile Device Management: From rolling out
    • New Intune capabilities for Outlook on iOS and Android: The Outlook client on iOS and Android can now use built-in MDM for Office 365 or Intune. New on the Roadmap.
    • OAuth and MFA for Outlook for iOS and Android: From rolling out
    • Office 365 Video Embed: Everyone can now embed videos
    • Office Online Preview in Yammer: A new Yammer feature is launched (was some time since last). Yammer will now use Office Online to render Office and PDFs uploaded to Yammer
    • Skype for Business - Windows Phone: woohoo, same client different name.
    • Skype for Business Preview - Cloud PBX with PSTN Calling (US Only): 365 Admins living in the big land of the free can now sign up for this
    • Skype for Business Preview - PSTN Conferencing (US Only): Once again, US only Admins can sign up for this
    • Skype for Business Preview- Skype Meeting Broadcast: All admins should now be able to sign up for this preview. The sign up links doesn't work on the Roadmap page, but use this one and you should be all ready to go:

    Rolling Out

    • Custom Tiles: Huge news for all admins using Office 365. Finally an easy way to add a link to your intranet start page in the App Launcher. You can find the configuration under Admin > Company Profile > Custom Tiles (yea I know, not the most logical place…)
      Custom Tiles
    • Office 365 Admin App Updates for June: From In Development. The new push notifications are awesome (my phone has been beeping all my vacation!)
    • Office 365 Admin Center June Updates: New on the roadmap. A lot of updates to the user experience and user interface this time and also adding some new controls, such as turn on or off Sway.
    • Office 365 Setup Wizard: the brand new setup experience is rolling out replacing the old basic and advanced options.
    • Office 365 Store: The new Store is rolling out and you can find it in the Waffle for First Release customers. Currently only free apps are available.
    • Organization Support card: You can now configure your support information to be used in Office 365 and shown in the help pane. From In Development.
    • Cortana & Office 365 Productivity Scenarios: One really cool differentiator for Office 365 versus other productivity solutions. First release customers can enjoy Office 365 information in Cortana on Windows 10. [Added after initial post, since this was a late addition to the roadmap]

    In Development

    • Cloud PBX in Skype for Business Online: no changes, except the word "Online" has been added to the title.
    • Delve People Experiences - Praise: Delve will be incorporating even more "social features" beginning with Praise functionality.  A Praise will trigger an e-mail to the manager (oh, how many of you out there has proper manager structures in AD :-). And no mention of anything with Yammer here, so likely we're moving even further away from Yammer!
    • Office 365 Admin App Updates for July: Focus for this release will be Group Administration (Office 365 Groups!). New on the roadmap
    • Skype for Business for Android: New UI to Lync for Android. New on the list
    • Skype for Business for iOS: New UI to Lync for iOS. New on the list

  • What's new in the Office Roadmap - 2015-06-26

    Tags: Office 365

    Some interesting summer news on the Office Roadmap this week. But first of all something that is not very cool at all; the Office roadmap URL has changed. I've used and linked to,  and but the only one that is working right now is Booh! Thou shalt not change URL's without redirects…

    Changes 2015-06-26

    This is the detected changes in the Roadmap. If you use the newly released feature on the Roadmap that shows the Recently Updated Features, you will see that it states about 50 changed features, since we don't know their "algorithm" behind the feature, just ignore it and keep reading…

    Now Launched

    • Skype for Business Online: Lync in a new shroud is now officially launched…...
    • Office 365 ProPlus user activation management:  You can now manage your ProPlus activations directly from the admin center
    • Office 365 Groups : improving visibility and management: The Office 365 Groups features are slowly rolling out and being launched on all tenants.
    • Compliance Search: Some of the new compliance features announced just weeks ago as being in development are now launched.

    Rolling out

    • MDM for OneDrive for Business: was previously marked as launched but is now moved back to Rolling out…
    • Office 365 Video - Embed: A long waited for feature is now rolling out.
    • Office 365 Help pane: The new help feature is rolling out,
    • Clutter for your inbox on by default: This is an important announcement that you need to inform your end-users about. Clutter will from now on be turned on by default!

    In Development

    • Skype Meeting Broadcast: Something that I really long for, being able to broadcast meetings with up to 10.000 viewers. New on the roadmap.
    • PSTN Conferencing in Skype for Business Online: Huge deal, something that all our customers ask for. Unfortunately only in US to start with, like all interesting things. Product Group, if you need testers that's not still measuring stuff in feet and stones, then call me. New on the roadmap.
    • Cloud PBX in Skype for Business Online: Dial out from Office 365! Wow! All them phone switches - watch out! My guess - US only! New on the roadmap.
    • Drive Shipping and Network Based Data Import for Office 365: Another feature that is being rolled back on the roadmap, typo or buggy?


    That was some nice additions and changes, right! Especially for all you Skype/Lync/UCM peeps!

About Wictor...

Wictor Wilén is a Group Manager and Collaboration Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for six consecutive years.

And a word from our sponsors...

SharePoint 2010 Web Parts in Action