A prerequisite to be able to activate a UCS Group for "Microsoft Teams" is to change the group type in Azure AD. As of now all groups are synced as "security group", but for Teams one needs an "Office 365" group. We should make it configurable which type of group is created in Azure AD. Proposal: * we have an extended attribute "Office 365 group type" represented by an drop down in UMC which offers two options: "security group" and "Office 365 group" (wording needs to be the same as in the Office 365 management UI) * depending on the selected value, we create the corresponding group type * if the type is changed, we need to delete and recreate the group in Azure AD and all rules / files / "stuff" which is connected to this group in Microsoft 365 will be lost - there should be a warning in UMC about this
School-Customer affected
We have got a bunch of schools needing this as well. Reason is: You basically cannot do anything useful with Security Groups inside MS365. And with "useful" I mean school stuff like sharing a folder with a class.
(In reply to Cornelius Hald from comment #3) > We have got a bunch of schools needing this as well. Reason is: You > basically cannot do anything useful with Security Groups inside MS365. And > with "useful" I mean school stuff like sharing a folder with a class. We addressed this issue by allowing to move from "security groups" to "teams", which can be decided "per group" as flag in UDM. Does that already cover your needs? https://docs.software-univention.de/manual/5.0/en/idm-cloud/office-365.html#teams
(In reply to Ingo Steuwer from comment #4) > We addressed this issue by allowing to move from "security groups" to > "teams", which can be decided "per group" as flag in UDM. Does that already > cover your needs? > > https://docs.software-univention.de/manual/5.0/en/idm-cloud/office-365. > html#teams Thanks for the quick reply! Yes, I am aware of that flag and we are using it where it makes sense. It works in the context of MS Teams but (to the best of my knowledge) it does not help with things outside of teams - e.g. sharing OneDrive folders or other resources with groups/classes. If I have overlooked something, please let me know.
We implemented the change in the Microsoft365 connector. The new behaviour is as follows: There is a new UDM property UniventionMicrosoft365GroupType where "Security" or "Microsoft 365" can be specified. Product default is "Security", but this can be changed by modifying the extended attributes default value. If the UniventionMicrosoft365GroupType is changed, you have to click a checkbox that you are aware that that means that the group will be deleted and re-created and that this can mean that Azure specific settings may be lost due to that. If you don't click that checkbox, you get an Error popup. To make the handling in the UMC for already existing groups better, we had to adjust UDM as well. We added "preventUmcDefaultPopup" as a property to extended attributes, so that UMC won't warn you during each modification of an already existing group, that the UniventionMicrosoft365GroupType is set to "Security Group". That is annoying and might confuse customers thinking, that the group is now automatically synced to Azure. As they may not want that for that specific group. We will release the App update after the errata release of the following packages as the App will depend on this errata release: Successful build Package: univention-ldap Version: 16.0.15-7 Branch: 5.0-0 Scope: errata5.0-7 Successful build Package: univention-directory-manager-modules Version: 15.0.26-12 Branch: 5.0-0 Scope: errata5.0-7 8b5ae610e9 Bug #51187: Add prevent_umc_default_popup to settings/extended_attributes
QA: OK: code OK: advisory OK: test OK: popup can be disabled for extended_attributes
<https://errata.software-univention.de/#/?erratum=5.0x1059> <https://errata.software-univention.de/#/?erratum=5.0x1060>