Skip Ribbon Commands
Skip to main content

Quick Launch

Todd Klindt's home page > Todd Klindt's Office 365 Admin Blog > Posts > Create "All Users" Groups and Distribution Lists in Office 365 and Azure AD
August 18
Create "All Users" Groups and Distribution Lists in Office 365 and Azure AD

Some blog posts just beg to be written, and this is one of them. I swear I’ve had this conversation half a dozen times in last month after having never had it at all before. It just keeps coming up, I’m guessing because the adoption of Office 365 has really taken off in the last 5 months. What’s the topic? It boils down to, “How do I create a Team/Distribution List/SharePoint site that is always available everyone in the company?” The first couple of times the topic came up I tried to talk the customer out of it. I’m usually not a fan of big blast communication like that, and in the case of products that are built on top of Microsoft 365 Groups, there are published limitations to this. It just seemed like a bad idea. But every time a customer asks me about it I understand it a little better, so I threw this blog post together to point people at if they want to do it. This post is meant to be  technical, not prescriptive. I won’t cover why you should employ any of these techniques, but how you can do them if you have already decided they are a good idea. I’ll leave the why up to people that are smarter than me.

The Options

There are several “All User” communication methods that have come up in my discussions with customers. I’ll cover how to enable them. They all leverage the functionality of updating dynamically as people join your company. Your company could already handle adding people to Distribution Lists (DLs) as part of your onboarding process. All of my examples will show how to keep the All User list populated automatically. All of these examples also assume the groups are cloud only, not synced from on-prem Windows Active Directory.

Distribution Lists (DLs)

The first option I’ll cover is the old tried and true email Distribution List. These things have been around since shortly after prehistoric fish came on land from the primordial soup and they’ve been going strong ever since. DLs are email only  and they’re a good way to send out company wide things like “There are donuts in the breakroom. Get here quick before Gary eats them all” or “The CEO is feeling generous and she’s giving everyone (except Gary) Friday off!”

To do this, create a new DL and make it a dynamic DL. This one is a little tricky. When you create a dynamic anything you have to provide a rule so that Azure AD (AAD) knows whether someone should be in the thing or not. In the case of a dynamic DL the way to get everyone is to create no rule. If there’s no rule, emails sent to that DL end up in every mailbox in your tenant. If you currently have any static DLs they cannot be changed to dynamic DLs, but they can be upgraded to Office 365 Groups. Dynamic DLs cannot be upgraded to Office 365 Groups. I’ve also had customers set one of these up and send News Digests from SharePoint Online to it. The owner of the dynamic DL does not need to be IT or have any elevated roles in the tenant.

How do I Create one?

There are a couple of different ways to create a dynamic DL. You can do it in the Exchange admin center in Office 365. Then navigate to the Groups tab. Next to New Microsoft 365 Group click the dropdown and select Dynamic distribution list.

image 

The configuration will look something like this. Do not add a rule.

image 

Once your dynamic DL is created there are some fun settings you can play with. For instance, you can moderate messages and have approved senders.

If you’re super cool, you can create dynamic DLs with PowerShell. First connect to Exchange Online PowerShell, then run New-DynamicDistributionGroup:

New-DynamicDistributionGroup -IncludedRecipients MailboxUsers -Name "Blog Lovers"

Doesn’t that feel better than using the UI? I thought so.

Security Groups and Microsoft 365 Groups

Both AAD Security Groups and Microsoft 365 Groups support dynamic membership, so they can be used the same way. A dynamic, all company, Microsoft 365 Group can be used for a site that you want everyone to have access to, and they’ll all get emails sent to that Group’s DL. Depending on how the Group is configured or how the users configure their mail client the Group’s emails may or may not show up in their Inbox. There will also be a Team for that Group that everyone will be in. Lots of ways to annoy everyone with one of these. I honestly can’t think of a way to leverage a Security Group in the context of Office 365, but I added since it’s the same process as the Office 365 Group, and it makes this blog post look that much longer.

How do I Create Them?

As we are all painfully aware, there are just shy of 117 different ways to create an Microsoft 365 Group. I think two more have been added since I started writing this blog post. There might be more than one way to create a dynamic Microsoft 365 Group, but I’m only going to cover how to do it in the Azure AD Portal and with Azure PowerShell. Navigate to the Groups blade and click "New group.” Under Membership type choose “Dynamic User”

image 

If Membership type is greyed out that’s because the user creating the group does not have an Azure AD Premium license.

To set the rule, click “Edit dynamic query” button to get to the rules page. The rule we want is “user.objectId -ne null”. You can build that in the wizard at the top. Don’t worry about a user’s ID actually being “Null.” The rule knows the difference between null and “Null.” Ned Ull will not be the only member of the Group.

image 

Once you tab out of the Value box the Save button will light up and you’ll be able to save the query and go back to creating your group. The process is the same for Security Groups.

But what about PowerShell?? I’m so glad you asked. Make sure you have the AzureAD module loaded and you’re connected as an account that can create Groups. Then run this little gem to create a Dynamic Microsoft 365 Group:

New-AzureADMSGroup -DisplayName "Dynamic M365 Group From PowerShell!" -Description "Dynamic group created with PowerShell!" -MailEnabled $true -MailNickName "Dynamic-M365-Group-From-PowerShell" -SecurityEnabled $True -GroupTypes "Unified","DynamicMembership" -MembershipRule "(user.objectId -ne null)" -MembershipRuleProcessingState "On"

If you only want a Security Group (I’m not sure why) change the –MailEnabled parameter to $false, and the –GroupTypes to only DynamicMembership, like this:

New-AzureADMSGroup -DisplayName "Dynamic Security Group From PowerShell!" -Description "Dynamic security group created with PowerShell!" -MailEnabled $false -MailNickName "Dynamic-Security365-Group-From-PowerShell" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.objectId -ne null)" -MembershipRuleProcessingState "On"

It is also possible to switch an existing static Security Group or Microsoft 365 Group to dynamic. It’s a long process, and this article does a good job explaining how. I don’t think there’s a way to convert a Security Group to a Microsoft 365 Group.

Happy Dynamic Group Creating!


Question #1: "Can you use Dynamic Groups with Audience targeting?"
Answer #1: Despite this Microsoft Support document saying otherwise, I was able to target links in both Global (top) Nav and Quick (left) Nav by audience with a Dynamic Microsoft 365 Group. 

Question #2: "Does the 'user.objectId -ne null' approach include Guests?"
Answer #2: I'm not sure, I'll look into that and update this blog post. 


tk

ShortURL: https://www.toddklindt.com/CreateDynamicGroups

Edit: 8/24/20 to add questions

Comments

noida models

The call young ladies Gb Nagar र don't appear to be solely the neighborhood women joint country society serves their clients
 on 9/4/2024 3:15 PM

noida model

. We make accessible to their needs also and thus they exceptionally draw in intriguing females.
 on 9/4/2024 3:16 PM

jasa pbn backlink

https://pbnmurah.com/ The information you have posted is very useful. The sites you have referred was good. Thanks for sharing
 on 9/8/2024 2:06 AM

asicmining

https://shopcryptominer.com/ You delivered such an impressive piece to read, giving every subject enlightenment for us to gain information. Thanks for sharing such information with us due to which my several concepts have been cleared. 
 on 9/8/2024 3:44 AM

슬롯 커뮤니티

https://slotpangs.com/ I also benefit from learning the assessments, but learn that alot of people ought to stay on essay to try and add worth in the direction of the authentic weblog release.
 on 9/8/2024 4:57 AM

툰코

https://www.toonkor69.com/ "Your web site offered us with valuable info to work on. You’ve done a formidable job and our whole community will be grateful to you.

"
 on 9/8/2024 5:27 AM

무료 스포츠중계

https://suga-tv.com/ The information you have posted is very useful. The sites you have referred was good. Thanks for sharing
 on 9/8/2024 5:45 AM

먹튀검증

https://toto-go.com/ "It’s very convenient and fast they give you a breakdown of where you are losing weight.  I will keep going until I reach my goal weight.  For me it’s a valuable tool in my weight loss journey.

"
 on 9/8/2024 7:08 AM

한국야동

https://av19.gg/korea/ I am extremely impressed with your writing skills as well as with the layout on your blog.
 on 9/8/2024 8:29 AM

온카

https://evolpick.com/ There is no written evidence which can tell us exactly who has coined the phrase educational technology
 on 9/9/2024 1:13 AM
1 - 10Next

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title


Body *


Today's date *

Select a date from the calendar.
Please enter today's date so I know you are a real person

Twitter


Want a message when I reply to your comment? Put your Twitter handle here.

Attachments

 

 SysKit