Office 365 Groups Naming Policy Now Generally Available

Sometimes Office 365 Moves at the Pace of Cold Treacle

Office 365 Groups Naming Policy in action
Office 365 Groups Naming Policy in action

In a piece of earth-shattering news released on March 8, Microsoft said that the Office 365 Groups Naming Policy is now Generally Available. The policy allows organizations to define a prefix or suffix to be added to group names, something often done to highlight the fact that these directory objects are groups and to gather them together in the directory. Groups created by tenant administrators are not subject to the group naming policy.

Quite how Microsoft has the brass neck to call this a “new feature” is beyond me considering that the naming policy has been in use for nearly two years. In fact, the naming policy was one of those called out by Microsoft when they discussed licensing requirements for premium Groups features at Ignite 2017.

What’s surprising is how little has changed in the time when the naming policy was in preview. You still must configure the policy through PowerShell as no management GUI supports the ability to enable and change its settings. I guess the time in preview was occupied persuading Office 365 applications that create groups to respect the policy. This is true for Outlook, Yammer, Stream, Teams, and Planner.

Editor’s Note: In May 2019, Microsoft released a preview GUI to configure the naming policy through the Azure Active Directory portal.

Licensing Office 365 Groups

Licensing is likely to be the issue that stops many Office 365 tenants using the naming policy. Unless you’ve bought Enterprise Mobility and Security (which includes the necessary Azure Active Directory Premium licenses) or purchased the AAD Premium licenses separately, the need to buy “an Azure AD Premium license for every user who creates groups, is a member of the group and the admin who creates the Groups naming policy” is a big ask.

I’ve always thought that Microsoft is asking too much when they look for extra money for a naming policy. After all, Exchange Online bundles a naming policy for distribution lists free of charge. The Exchange policy is similar to the groups naming policy and consists of being able to define how distribution list names should be constructed and a list of bad words to avoid. And while you can configure the Exchange policy in PowerShell, it does boast a UI in the Exchange Admin Center.

And if Microsoft ever wants tenants to move away from distribution lists, they shouldn’t erect barriers like additional fees, especially when the naming policy is not integrated into a management GUI like the Office 365 Admin Center.

Large Organizations Might Not Care

To be fair, policies like this are of most interest to large organizations who might well have invested in EM+S (or Microsoft 365), but if you haven’t then you could run up quite a cost. Microsoft lists Azure Active Directory Premium P1 at $6/user per month if you buy online. Organizations that have an Enterprise Agreement with Microsoft pay less. Even so, the bill for Azure Active Directory P1 for a 10,000 user tenant could easily be multiple tens of thousands of dollars monthly.

Of course, you get more than a naming policy for your money. Azure Active Directory Premium also includes useful functionality like dynamic Office 365 Groups and the group expiration policy, along with some dubious features that it’s difficult to attribute the premium label to, like being able to set a default classification (a very simple label) to Office 365 Groups.

PowerShell Alternative

If you think a naming policy is important, you can build one yourself with PowerShell. You could even take the naming policy used for distribution lists and apply it to Office 365 Groups. Here’s a really simple example of what you could do.

  • Retrieve the DL naming policy from the Exchange organization configuration.
  • Extract the prefix (for the purpose of this demonstration, we only use the prefix)
  • Find all the Office 365 Groups in the organization (don’t use Get-UnifiedGroup as it’s too slow). Select the alias and display name properties as they are all we need to process.
  • Loop through our set to find groups with a display name that doesn’t have the prefix and update the display name property with a new value.
$Policy = Get-OrganizationConfig | Select -ExpandProperty DistributionGroupNamingPolicy
$Prefix = $Policy.Split("-")[0]

$Groups = Get-Recipient -RecipientTypeDetails GroupMailbox | Select Alias, DisplayName

ForEach ($G in $Groups) {
  If ($G.DisplayName -notmatch "O365Grp-") {
  $NewDisplayName = "O365Grp-" + $G.DisplayName
  Set-UnifiedGroup -Id $G.Alias -DisplayName $NewDisplayName 
  Write-Host "New display name for" $G.DisplayName "is" $NewDisplayName }
}

Obviously this is very simple code and there are many twists that you could incorporate to make it fit for purpose for operational use.

Updating display names is easy. The biggest value in Microsoft’s naming policy is that clients respect the policy and won’t allow users to create group names outside the policy. If you use your own code, you’ve got to scan periodically for new groups and also look for any groups that need to be updated if owners change display names outside the policy.

One Last Thing

The Office 365 naming policy is not retrospective. It does not look for groups created before the introduction of the policy to update their display names to comply with policy settings. Again, this is relatively easily done with PowerShell, but it’s a task that shouldn’t be overlooked (we include some sample code for the purpose in Chapter 12 of the Office 365 for IT Pros eBook.

3 Replies to “Office 365 Groups Naming Policy Now Generally Available”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.