The blog of Wictor Wilén

  • What's new on the Office Roadmap - 2015-08-12

    Tags: Office 365

    We have updates, and quite a few of them, to the Office Roadmap. Some clean up, some awesome Visio features rolling out and a set of new features in the In Development segment. Also noticeable quite a few of the "refresh" features and one cancelled item.

    Changes 2015-08-12

    Now Launched

    • NDR backscatter protection: has been rolling out for a while
    • Office 365 Admin Center June Updates: the June stuff is launched
    • Office 365 Store: launched. Verdict from customers - why does it have to be there, can't we remove it?
    • Office Online Edit in Yammer: Really dump feature that allows users to edit documents in Yammer - documents should never ever be stored in Yammer to start with!
    • Public Folders: adding and removing favorites in OWA: Public folders? Didn't someone say they were to be removed :)

    Rolling out

    • Adding IRM protection to Visio file: sweet feature that now is rolling out and allows to protect your most important files. Coming from In Development
    • Create and collaboration on Visio diagrams using Office like experience: more of them Visio goodies rolling out
    • DKIM Outbound for Exchange Online Protection: better protection in ExO by digitally signed message headers
    • Getting started experience in Visio: Visio, nuff said
    • Office 365 Domain Purchase Experience: from in development
    • Office 365 Settings pane: the third "pane" to be rolled out (Help, Notification and Settings). I just wonder when we are allowed to hook into these?
    • Office 365 User Purchases: just buy it yourself if your IT department says no. From in development.
    • Office 365 Video Embed: I don't know about you but I'm getting confused. Rolling out, Launched, Rolling out…
    • Purchase & Subscriptions Experience Refresh: a new user experience for the purchase and subscriptions pages are rolling out. Personally I had hard to find what I needed…
    • Rapid data connectivity in Visio: Now, if only everyone had access to Visio
    • Refreshed stencils and smart shapes in Visio: Metro? From In Development.
    • Search Refiners in Outlook Web App: make it easier to find your stuff using refiners in OWA
    • Search Suggestions in Outlook Web App: more OWA search goodness

    In Development

    • Auto-Expanding Archives: new item on the roadmap that allows archives to automatically expand as needed. No mention of any specific service but I guess it is an Exchange Online thing :)
    • Major update to Outlook Web App: Outlook Web App, or should I say Outlook on the web, will have major UX update coming (new)
    • Mobile PDF annotation support for iOS: offline access and PDF editing support on iOS - those fruit fone users get all the fun… (new)
    • Office 365 Admin app updates:  focus this month is on… GROUPS! I've said it before - Groups is the future folks! (new)
    • Office 365 app launcher refresh: New on the list! App launcher will be more like the Windows 10 Start menu with different sized tiles.
    • Save to OneDrive for Business in Outlook for iOS and Android: new on the roadmap, wonder if these things get added to the Modern Mail client in Windows 10 (phone)?
    • Subscription Management Experience refresh: even more modern design I presume… (new)
    • Supervisory Review for financial and regulatory compliance: Wow, really cool and scary. This feature will allow auditors to look into a subset of users communications. (new)
    • Uservoice coming to Outlook on the web: a link directly in OWA, sorry Outlook on the web, so users can give feedback to the OWA, sorry Outlook on the web, team.


    • Evolving the Outlook Web App options page: added in April, but no info on why this is cancelled

    Moved off the list into the Previously released

    • Azure AD Reports
    • Disable OneDrive for Business sync for unmanaged PCs
    • Exchange Online Advanced Threat Protection
    • MDM for OneDrive for Business
    • Mobile device management
    • Office 365 Groups: Dynamic CRM integration
    • Office 365 Groups: files improvement
    • Office 365 Groups: improving visibility and management
    • Office 365 Groups: adding Like to Conversations
    • Office 365 services hosted in Microsoft Australia datacenters
    • Office Online Preview in Yammer
    • Quarantine Message Body Preview
    • Skype for Business Online
    • Unified OneDrive API

  • Take control of your Office 365 Theme!

    Tags: Office 365, SharePoint Online

    It has been a while since Office 365 introduced the suite wide themes. These themes are applied on all services within the Office 365 suite, or at least the ones using the Suite Bar navigation. Up until the very last few weeks the suite wide theme has been something you can set but your SharePoint site owners and all end-users has been able to override them. Finally these things has been resolved and fixed (no info about this on the Office Roadmap, hence this blog post)!

    In this post I will walk you through how the Office 365 Theme can and should be controlled and what specifically to think of.

    Create you suite wide Office 365 Theme

    Of course, the first thing you need to do is to create your Office 365 Theme. This configuration is very logically located under the Company Profile in the Office 365 Admin Portal. Once you choose "Company Profile" in the left hand menu you then choose "Custom theming".

    Office 365 Custom Theming

    There are a couple of things you can configure here.


    Custom logo

    The custom logo is a picture shown on each and every page, in the middle of the suite bar. It has to be 200x50 pixels and in either JPG, PNG or GIF format and it must not be larger than 10kb.

    URL for clickable logo

    You can also set a URL for the custom logo. Having it point to is a kinda good thing - since there is still no way to "force" an "Intranet" tile into the App Launcher.

    Background image

    This is a background image that will be shown in the suite bar. The size should be 1366x50 pixels and in JPEG, GIF or PNG and not larger than 15kb. (The error message says 250x30 and less than 10kb though).


    You have three color options:

    The Accent color determines the color of the App Launcher box (red in the image below).

    Nav bar background color is the background color of the suite bar (green in the image below)

    Text and icons is the color of the text and icons (blue in the image below)

    The last option is the App Launcher icon where you have three colors to choose from; the Text and icons color, white or black.

    Office 365 Theme color cheat sheet

    Note: Please be patient when applying a theme or updating a theme. The suite bar takes some time to trickle out to all services and it's also cached "hard".

    Prohibit end-users to overwrite your Office 365 Theme

    On the Custom theming page there is one really important check box, that should be checked on each and every tenant: Prevent users from overriding custom theming with their own theme.

    No more kittens!

    When this checkbox is enabled users cannot on their Office 365 settings page override the theme you have created. Think of in a corporate world where you have a nice theme and your end-users overrides it with cute kittens or whatnot.

    SharePoint themes does not longer overwrite the Office 365 Theme

    So, what about SharePoint and the SharePoint themes? Up until very recently as soon as you applied a theme to a SharePoint site, that nuked the Office 365 theme on that site. Over the last few days a fix has been rolled out so no matter what despicable built-in SharePoint theme you apply, the Office 365 Theme will be there.

    Green theme!


    All this might be old news to some of you, but from the Twitter streams (SMS Rob?) I've seen that not everyone is aware of all these features.

    Note: you might not have all these features/fixes in your tenant, as it takes a while for everything to roll out.

  • Office 365 Groups for Admins - simple reporting using PowerShell

    Tags: Office 365, Unified Groups, PowerShell

    In this post, in the Office 365 Groups for Admins series, I will leverage what we learned in the previous posts, combine it with some PowerShell magic and create some basic reports. You can use these reports as a base for your Office 365 Groups reporting in your organization.

    Note: all these reports require that you have connected to your Exchange Online tenant with appropriate permissions, see this post about more details.

    List all Groups

    The most simple and most obvious report is of course to use the Get-UnifiedGroup cmdlet. That one gives you the basic details such as group names, creation dates etc:

    Get-UnifiedGroup | Format-Table Alias, PrimarySmtpAddress, WhenCreated, WhenChanged

    Simple Group report

    Show some more details

    Most often you need more details, specifically with the member details. Here's how you can combine the Get-UnifiedGroup cmdlet with the Get-UnifiedGroupLinks cmdlet to show how many members and owners each group have:

    Get-UnifiedGroup | 
        select Id,Alias, AccessType, Language,Notes, PrimarySmtpAddress, `
        HiddenFromAddressListsEnabled, WhenCreated, WhenChanged, `
        @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; `
        Label='Members'}, `
        @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count }; `
        Label='Owners'} |
        Format-Table Alias, Members, Owners

    Another Group report

    This command might take a while if you have many Groups and many members. So if want to do some operations on this you should store it in a local variable.

    You can also use this result and store it in a file (or upload it to SharePoint) if you would like to compare how your Groups change over time. For this I prefer to use the Export-CliXml and Import-CliXml cmdlets to persist the data as an XML file and then the Compare-Object cmdlet to find differences. You can do something like this to compare Groups from one day to another:

    # Get Group data (using the command above)
    $allGroups = Get-UnifiedGroup | select ...
    # Get previous days Groups
    $previousData = Import-Clixml -LiteralPath c:\temp\groups-data.xml
    # Compare the results
    Compare-Object -ReferenceObject $previousData -DifferenceObject $allGroups `
        -Property Members,Owners -PassThru | `
        Format-Table  Alias, Members, Owners, SideIndicator
    # Export the new data
    $allGroups | Export-CliXml c:\temp\groups-data.xml 

    Comparing Groups

    The SideIndicator indicates the changes; => is new stuff and <= is old stuff. In the picture above you can see that the Members and Owners properties of one Group has increased to 3, from 2. And we also have one brand new Group, with 1 member.

    Finding users in Groups

    Sometimes you need to find out which users are members or owners of certain Groups. Of course you can use Azure AD cmdlets to find memberships but another way is to use a modification of the command above:

    $allGroupsObj = Get-UnifiedGroup | 
        select Id,Alias,  `
        @{Expression={Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members | `
        select Name}; Label='Members'}, `
        @{Expression={Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners | `
        select Name}; Label='Owners'}

    This allows you to find out which Groups a specific user is Member and/or Owner of. To find which Groups Katie Jordan is owner of you fire off a command like this:

    $allGroupsObj | Where-Object{$_.Owners | Where-Object{ $_.Name -eq 'KatieJ'}} | `
        select Alias

    KatiJ is the owner


    I hope this post showed you how you can create reports of your Office 365 Groups, in wait for Microsoft to provide us with better tools. And I hope you actually do reporting on your Groups, since that is an essential part of your Office 365 Governance and your understanding on how your users work.

  • Office 365 Groups for Admins - managing Group memberships with PowerShell

    Tags: Office 365, Unified Groups, PowerShell

    In the last post of the Office 365 Groups for Admins series I showed you how to manage the Unified Groups using PowerShell. Let's continue on that journey and take a look at how you can manage the Group memberships using PowerShell.

    All membership management are done using the *-UnifiedGroupLinks cmdlets, you can access them using PowerShell and connecting to Exchange Online as shown in the previous post. The cmdlets is at the moment that well documented. If that changes I'll make sure to update this post (and please remind me).

    Public vs Private Groups

    Before we dive into Memberships let's take a look at Public vs Private Groups, something you configure when creating the Group. In Public Groups anyone within your Organization can participate in discussions and access its content, whereas in Private Groups you have to be a member.

    Listing members of Groups

    First of all assume that we want to list the members of a Group. There are three types of Memberships in Office 365 Groups:

    • Members
    • Owners
    • Subscribers

    To show all the Members of a Group issue the following command:

    Get-UnifiedGroupLinks -Identity "XT1000 Marketing" -LinkType "Members"

    The LinkType parameter can be either Members, Owners or Subscribers.

    Adding members to a Group

    To add one or more accounts as a Member to a Group you use the Add-UnifiedGroupLinks cmdlet as follows:

    Add-UnifiedGroupLinks `
        -Identity "XT1000 Marketing" `
        -LinkType "Members" `
        -Links @("","")

    Identity is the Group, LinkType has to be either Members, Owners or Subscribers and Links should be a single or an array of mailboxes.

    To add a new admin to the Group, you use the LinkType set to Owners. But, before issuing that command you need to make the user a Member of the Group, so it is a two-stage rocket like this to make someone an admin:

    Add-UnifiedGroupLinks `
        -Identity "XT1000 Marketing" `
        -LinkType "Members" `
        -Links ""
    Add-UnifiedGroupLinks `
        -Identity "XT1000 Marketing" `
        -LinkType "Owners" `
        -Links ""

    Subscribers are basically just members but they have decided to Subscribe to events from the Group. They are added just like Owners - first a Member Group Link and then a Subscriber Group Link.

    Note that the user creating the Group, using PowerShell, will always be an Owner (and Member).

    Removing members from Groups

    Removing users from a Group are very similar to adding them. If they are Owners or Subscribers that Group Link has to be removed first, then the Member Group Link:

    Remove-UnifiedGroupLinks `
        -Identity "XT1000 Marketing" `
        -LinkType "Owners" `
        -Links @("") `
    Remove-UnifiedGroupLinks `
        -Identity "XT1000 Marketing" `
        -LinkType "Members" `
        -Links @("") `


    This post showed with a few examples on how to manage memberships in Office 365 Groups, using PowerShell and the *-UnifiedGroupLinks cmdlets. In the upcoming posts we'll take a look at how to combine the different cmdlets to produce some good reports of the Unified Groups.

  • Office 365 Groups for Admins - managing Groups with PowerShell

    Tags: Office 365, Unified Groups, PowerShell

    One of the loudest complaints I hear from people when we talk about Groups is the lack of management features, so in this post in the Office 365 Groups for Admins series we will take a look at how you can manage your Unified Groups using PowerShell. In the previous post I actually already showed you how to use PowerShell to create Groups, but let's take a step back.

    Connecting PowerShell to Exchange Online

    To start working with the Unified Groups in PowerShell we need to connect to Exchange Online and we do that by establishing a PowerShell session to a specific Uri, see code sample below, and then import that session to our local session. This means we do not have to install any PowerShell module or similar. This is how it should look like:

    # We need some credentials of course
    $UserCredential = Get-Credential
    # Create the session
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange `
        -ConnectionUri `
        -Credential $UserCredential `
        -Authentication Basic -AllowRedirection
    # Import the session
    Import-PSSession $Session
    # Do Stuff...
    # Kill the session
    Remove-PSSession $Session

    There is nothing you need to modify here, just enter your credentials when asked for. Note that I close the remote session!

    Unified Group cmdlets

    There are a couple of Unified Group cmdlets available for us to use. Issuing Get-Help UnifiedGroup shows the following operations:

    • Add-UnifiedGroupLinks
    • Get-UnifiedGroup
    • Get-UnifiedGroupLinks
    • New-UnifiedGroup
    • Remove-UnifiedGroup
    • Remove-UnifiedGroupLinks
    • Set-UnifiedGroup

    As you can see there are two types of cmdlets; one for creating, updating and removing Unified Groups and one listing, adding and removing "Group Links" (membership stuff), but more about those in the next post.


    This cmdlet lists all you current Office 365 Groups. It's perfect for creating reports. It has support for filtering options (very similar to Exchange mailbox management) or you can retrieve a specific group like this:

     Get-UnifiedGroup -Identity <groupalias>

    Listing Groups


    We discussed this one in the latest post, so we keep this description short: this cmdlet creates new Groups.


    This is most likely the most important cmdlet for managing Groups. It allows you to modify properties of the Groups.

    Here are a couple of the operations you need to understand and use:

    Hide a Group from the Address lists (GAL)

    The request I hear the most often is  - I don't want (certain) groups to be visible in the GAL. Then just use the HiddenFromAddressListsEnabled parameter and it will disappear from the address lists (a resync of the GAL is needed for client apps):

    Set-UnifiedGroup -Identity <alias>  `
         -HiddenFromAddressListsEnabled $true

    Changing the appearance

    You can change the display name, primary and other e-mail addresses and even add Mail tips to a Group.

     Set-UnifiedGroup -Identity BossesGroup `
         -DisplayName "Contoso Bosses" `
         -MailTip "You're sending mail to a Group!!!!" `
         -PrimarySmtpAddress ""

    Group Mail Tips

    Accept or Reject certain users from sending mails to groups

    There might be situations when you do not want certain people to send messages to a group or you only want specific people to send messages. Then you can use the RejectMessagesFromSendersOrMembers or AcceptMessagesOnlyFromSendersOrMembers parameters. They work in a similar fashion as the similar parameters on the Set-DistributionGroup cmdlet. For instance this prohibits Garth Forth from sending messages to the Bosses Group.

    Set-UnifiedGroup -Identity BossesGroup `


    Pretty obvious what this one does - it removes a Group.


    After reading this post you should find yourself comfortable starting managing Groups using PowerShell and even start writing your own reports (unless you can't wait a couple of more days). In the next post I'll continue with the Group Links and show you how to manage the membership of Groups.

  • Office 365 Groups for Admins - Creating Groups

    Tags: Office 365, Unified Groups

    In this post of the Office 365 Groups for Admins series we will take a look at how you as an admin and your end-user can create Office 365 Groups. The option to allow end-users to create Unified Groups or not are determined by the Mailbox Policy, as described in a previous post.

    End-user creation of Office 365 Groups

    End-users have two ways of creating new Groups; either use the Office 365 web interface or using Outlook 2016 (works on the PC edition, not sure about Office on Macintosh). This is option is by default available for ANYONE within your organization, there is no granularity at all, there is no approval or anything.

    In the web interface there are several entry points to Groups, most of them have a "plus" icon that allows the end-user to start the new Groups wizard and create a Group.

    Unfortunately this "plus" icon is present even if Groups creation is disabled. The end-user will not notice that he/she is prohibited to do it until they actually create the Group and are met with an access denied. Bad UX design Microsoft…

    In Outlook 2016, the end-user right clicks on the Groups heading in the right hand pane and choose "New Group". A similar wizard as the web interface is shown and the user can create a Group.

    The Office client team got it. If Groups creation is disabled, the New Group option is actually greyed out…

    Creating Groups using PowerShell

    Administrators can create Groups using PowerShell. It is an simple operation and might at this point in time actually be the best option for you to create Groups. It allows you to have full more control over the creation and the Group properties.

    To create a Group all you need to do is to establish a remote session to Exchange Online and then use the New-UnifiedGroup cmdlet.  One might think that issuing a get-help command on that cmdlet would show some information on how to use it - not really the truth (on a side note the help information might tell us where the product group are heading).

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    New-UnifiedGroup `
        -DisplayName "Group: Project X" `
        -Alias "unifiedgroup-project-x" `
        -EmailAddresses "" `
        -AccessType Private 
    Remove-PSSession $session

    This is basically what you can do with this cmdlet:

    • DisplayName: the display name of the group. This cmdlet does not take the Group Naming Policies into account so you can and should use a proper naming standard here.
    • Alias: the Exchange alias. Using this property is the only way to control the Alias of the group
    • EmailAddresses: The e-mail address of the Group. This does NOT have to be the default domain, as used when created from the UI. You can use a separate or dedicated domain for this
    • AccessType: This can have the value of Public or Private.


    Note: the Name property, in Exchange, for any Group created using the UI or PowerShell will be suffixed with "_<10 digit hex numer>". Creating a Group using the Office 365 Unified API's does not append this…

    Once this command is invoked it will return fairly quickly and you can access the Exchange part of the Group. Things like Files will take another couple of minutes, it's SharePoint you know…

    Once we've created a Group we can further configure it, but we'll take a look at that in the next post in the series.

    Creating Groups using the Office 365 Unified API

    We have a third way of creating Groups and that is through the Office 365 Unified API's. I will get back to this in a later post when we talk about this API specifically.


    After reading this post and the other posts in the series, you should no longer be afraid of Office 365 Groups. You can enable it for everyone to create Groups as they want, and you can do the cleaning afterwards. Or you can put the Group creation into the hands of your Exchange or Office 365 Admins and let them create the Groups using a PowerShell script. Create a SharePoint list (an InfoPath form?), an approval Workflow and just automate it? Just as we have to do with SharePoint sites, anyways…
    The experience, for everyone, will be way better than the default one.

  • Office 365 Groups for Admins - Group creation policies

    Tags: Office 365, Unified Groups

    In this post of the Office 365 Groups for Admins series I will talk about the small but important policies we can apply to Group creation.

    At the moment there is very little control of the actual Office 365 Group creation in Office 365. And this tends to be one really important aspect of the Unified Groups discussion - can we allow them or not? I do hope that I over the time can update this post with new and improved governance features.

    Group naming policies

    One of the few configuration options you have for the Unified Groups is how they are named when created. You do not configure this from the Groups settings in the Admin portal, where one could expect it to be, but rather under Admin > Exchange > Recipients > Groups. Then click on the ellipsis (…) and Configure group naming policy:

    Group Naming Policy in EXO

    The Group Naming Policy consist of two parts; General and Blocked Words.

    An important thing to remember is that these policies only applies to when an end-user creates a Group in the user interface (web or Outlook 2016), not when an administrator creates them using PowerShell.


    Under the General configuration of the Group Naming Policy you can configure name prefixes and suffixes. Not that this is only for the display name for the Group, not for the e-mail alias or anything else. The prefixes and suffixes can be based on an Attribute or plain text. Attributes are read from some of the user account properties; for instance City, Company etc.

    In this screenshot below I have configured both prefixes and a suffix. Each Group will now get a name as follows: <Company><City><Group Name> 'Group'. That is for instance "Contoso Stockholm Project X Group".

    A sample Group Naming Policy

    The example above is pretty bad though. Now if someone creates a group called "Project X Group", this is what they will see an interface like below:

    Creating a Group

    But when the Group is created it will actually look like this: :)


    Nevertheless, it is a good idea to actually  configure at least a prefix, that will make sure that your GAL looks a little bit prettier.

    Blocked Words

    Since everyone can create Groups it is a good idea to block some words from the Group naming. Names that you don't want to see in your GAL and other entry points. This can be done with the Blocked Words feature:

    Blocked Words

    Default e-mail domain

    Since each Group has its own e-mail address each e-mail address has a domain name. When creating a Group you cannot specify the domain so it will actually use the default domain that you have configured in your tenant. You can change the default domain in the Admin portal under Domains and then choose which one of your domains to be default.

    Default Domain in Office 365


    There are a couple of interesting ideas on the Office 365 Uservoice site I recommend that you vote on:


    If you're enabling creation of Groups in your Office 365 you should consider configuring your Group Naming Policies. Unfortunately the options at the moment are limited to the display name - hopefully we will se better options for this in the future.

  • Office 365 Groups for Admins - Enable and disable user creation of Groups

    Tags: Office 365, Unified Groups

    This is the third post in my Office 365 Groups for Admins series and it will focus on one of the primary tasks an Office 365 Admin has to do once their tenant is up and running; should we allow our users to create Office 365 Groups or not? I'm not going to give you an answer to this. It is something you need to evaluate properly within your organization, but I do recommend that you initially always turn off Groups, so that you can get some governance into the game before promoting it to everyone.

    Important! Disabling Office 365 Group creation as described in this post will only disable it in the user interface (for everyone, including admins). We can still create Unified Groups using PowerShell (more on that in later posts).

    I will show you how to check the status of Groups creation, how to disable it and how to enable it (you will eventually do this…cause the Unified Groups rocks!). To do all this we need to use PowerShell, there is no way to do this in the UI or admin portal of Office 365.

    Check the Office 365 Groups creation status

    To check if our users are allowed to create Groups we start a (new) PowerShell session and executes the following statements:

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange `
        -ConnectionUri  `
        -Credential $creds -Authentication Basic -AllowRedirection 
    Import-PSSession $Session
    # Check status
    Get-OwaMailboxPolicy | select GroupCreationEnabled
    Remove-PSSession $Session

    All the Unified Groups PowerShell scripts exits in Exchange Online. In order to connect our PowerShell session to Exchange Online, we need an Exchange/Global Online admin credential. Using that credential we create a new PowerShell session and connect that session to the cloud. Once we have the session we can import it and start working with the Exchange Online cmdlets.

    The cmdlet we want to use is the Get-OwaMailboxPolicy and the property we want to take a look at is GroupeCreationEnabled. If it is set to true, then end users can create Groups and vice versa.


    Disable creation of Office 365 Groups

    Disable creation is quite simple, we need to do the same connection thing as we did above and then use the Set-OwaMailBoxPolicy cmdlet to prohibit creation, like this:

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange  `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    # Disable
    Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -GroupCreationEnabled $false
    Remove-PSSession $Session


    As you can see we only need to set the GroupCreationEnabled switch to $false and we're all set.

    No creation of Groups hereFrom now on end users will be unable to create new Groups in the user interface. If the click the create new group function in the web interface they will get an error saying that you're not allowed to create a Group. In Outlook 2016 (after restarting Outlook) it is even better, the Create Group function is actually disabled.

    Enable creation of Office 365 Groups

    Turning Office 365 Groups creation back on is just as easy as turning it off.

    # Connect to EXO
    $creds = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange  `
        -ConnectionUri `
        -Credential $creds -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    # Enable
    Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -GroupCreationEnabled $true
    Remove-PSSession $Session


    As you've seen in this post it is very easy to enable or disable Groups creation. In this series we'll come back to even more PowerShell administration.

  • Office 365 Groups for Admins - Groups entry points

    Tags: Office 365, Unified Groups

    In this first post of the Office 365 Groups for Admins series I will show you where you have the different entry points for the Unified Groups.

    It's important to understand this as it is important in the posts to follow.

    Office 365 Mail (end users)

    Groups in the Web UIThe first and perhaps the most obvious point of Office 365 Groups is in the Office 365 Mail application (Outlook Web App, OWA). On the left hand side you will see the Groups heading. Under that heading 10 of the Groups you are member of are shown, with your Favorites on top.

    Clicking on Browse Groups will take you to a public listing of all available Groups within your tenant.

    Clicking on Create Group will allow anyone within your organization to create a new Group.

    Clicking a Group here navigates you to the discussion view of the Group.

    Office 365 Calendar (end users)

    From the Calendar view of OWA you will see the your Groups (up to 10) and you can add their calendars as overlay. Clicking on a Group here navigates you to the Groups Calendar view.

    OneDrive for Business (end users)

    In OneDrive for Business you will also see the Groups heading and a similar view as above. You only see five Groups here, you can click on More to see more.

    Outlook 2016 (end users)

    Groups in Outlook 2016One of the best pieces with Groups is that in Outlook 2016 you can directly access the Groups and interact with them.

    Right clicking the Groups header allows you to create a Group.

    If you have marked any Groups as favorites, they will also show up together with your favorites folders in Outlook.

    Global Address List (end users)

    By default all of the Office 365 Groups will be visible in the Global Address List.

    Office 365 Admin Portal (admins)

    Office 365 Admins can see some Group information in the Admin portal, located under the Groups heading (at the moment, consider this as your last resort :)

    Some of the Unified Group configuration piggybacks on the Exchange Group settings, so you find some settings in the Exchange Admin Center as well.

    PowerShell (admins)

    Of course, PowerShell is where you can work with Groups.

    Office 365 Unified API (developers, admins)

    There's an API for that. Yes, we can do some really cool stuff with the new Office 365 Unified API's.

    SharePoint Online (end users)

    In SharePoint (and OneDrive) all your Groups will be available as groups when sharing sites, items or documents.


    Office 365 Groups are everywhere in Office 365, and I think we can expect them to appear on even more places. For instance the Office Roadmap talks about Delve appearance of Groups…

  • Office 365 Groups for Admins

    Tags: Office 365, Unified Groups

    As you might have noticed I'm a big fan of Office 365 Groups, aka Unified Groups. I do think they will play a major role in the future of Office 365 Collaboration. Office 365 Groups consists of many moving parts, some that are half baked, some that are not working at all and some that is a bit difficult to understand. In this series of posts, will be published over the next few weeks and after that when needed, I will describe how you as an Office 365 Admin can and should work with Office 365 Groups.

    This post will be kept as an index for the posts and will be updated when new posts are being added:


    If you have ideas or suggestions on the series and the individual posts, please leave a comment.

About Wictor...

Wictor Wilén is a Group Manager and Collaboration Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for six consecutive years.

And a word from our sponsors...

SharePoint 2010 Web Parts in Action