Bug 51187 - make Azure AD group type configurable
make Azure AD group type configurable
Status: NEW
Product: UCS
Classification: Unclassified
Component: Office 365
UCS 4.4
Other Linux
: P5 enhancement with 2 votes (vote)
: ---
Assigned To: Mail maintainers
Mail maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-29 14:59 CEST by Ingo Steuwer
Modified: 2024-03-18 13:32 CET (History)
7 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021112421000374
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2020-04-29 14:59:23 CEST
A prerequisite to be able to activate a UCS Group for "Microsoft Teams" is to change the group type in Azure AD. As of now all groups are synced as "security group", but for Teams one needs an "Office 365" group.

We should make it configurable which type of group is created in Azure AD.

Proposal:

* we have an extended attribute "Office 365 group type" represented by an drop down in UMC which offers two options: "security group" and "Office 365 group" (wording needs to be the same as in the Office 365 management UI)
* depending on the selected value, we create the corresponding group type
* if the type is changed, we need to delete and recreate the group in Azure AD and all rules / files / "stuff" which is connected to this group in Microsoft 365 will be lost - there should be a warning in UMC about this
Comment 2 Daniel Duchon univentionstaff 2021-11-26 13:21:53 CET
School-Customer affected
Comment 3 Cornelius Hald 2023-07-11 17:07:02 CEST
We have got a bunch of schools needing this as well. Reason is: You basically cannot do anything useful with Security Groups inside MS365. And with "useful" I mean school stuff like sharing a folder with a class.
Comment 4 Ingo Steuwer univentionstaff 2023-07-11 17:20:43 CEST
(In reply to Cornelius Hald from comment #3)
> We have got a bunch of schools needing this as well. Reason is: You
> basically cannot do anything useful with Security Groups inside MS365. And
> with "useful" I mean school stuff like sharing a folder with a class.

We addressed this issue by allowing to move from "security groups" to "teams", which can be decided "per group" as flag in UDM. Does that already cover your needs?

https://docs.software-univention.de/manual/5.0/en/idm-cloud/office-365.html#teams
Comment 5 Cornelius Hald 2023-07-11 17:32:35 CEST
(In reply to Ingo Steuwer from comment #4)
> We addressed this issue by allowing to move from "security groups" to
> "teams", which can be decided "per group" as flag in UDM. Does that already
> cover your needs?
> 
> https://docs.software-univention.de/manual/5.0/en/idm-cloud/office-365.
> html#teams

Thanks for the quick reply! Yes, I am aware of that flag and we are using it where it makes sense. It works in the context of MS Teams but (to the best of my knowledge) it does not help with things outside of teams - e.g. sharing OneDrive folders or other resources with groups/classes.

If I have overlooked something, please let me know.