Dynamic Office 365 Groups and Microsoft Teams – a good combination for changing team membership. Or not?
In this blog post, I will try to give a short overview of the pros and contras of dynamic Office 365 groups with Microsoft Teams. Also, you will find a short summary of how to configure it.
Dynamic Azure AD Groups
What are Dynamic Azure AD Groups? In Azure AD you have two types of groups: static groups or dynamic groups.
In static groups, you will define the membership of the users static and manually.
With dynamic groups you have a new option, already know from OnPrem Active Directory, to build a group based on a specific Azure AD attribute. For example the department attribute for a user account. In the back end, Azure will recalculate the membership automatically and add or remove users to this group type according to the rule set.
Dynamic Teams ? How does it work?
Sometime it would be better to have a dynamic Microsoft Teams. By design Microsoft offering org-wide teams. With org-wide teams, every Microsoft Teams enabled user will be automatically part of this team. But is there also an option if you need some smaller teams? For a department for example?
With the combination of dynamic Azure AD Groups and Microsoft Teams you can achieve this goal. You can change a static Office 365 group to dynamic user assignment and voilĂ , you have a dynamic Microsoft Teams.
Build a dynamic Microsoft Teams
After creating a new Microsoft Teams, you will find a corresponding Office 365 group Tenant. The membership type for this group is static. The team owner can add or remove members to this group. So far nothing new stuff and hopefully cold coffee.
Then you have to open your Azure portal. Go to Azure Active Directory and open group management. Search for the corresponding Office 365 Group. Open the properties of this group and change the value for Membership type to Dynamic User.
Next, you must configure the search string for this dynamic group. For example Azure can calculate the membership based on the department information:
Several Azure AD attributes can be used in the search string. A full list you can find here in the Microsoft docs library.
When finished, you converted the normal Microsoft Team to a dynamic building Team.
Every cloud has a silver lining
What are the pros and cons of dynamic Microsoft Teams?
First of all, after converting the team to dynamic group membership, it isn’t possible to add or remove a member for the team. But that’s obviously because it is a dynamic team.
Every team needs an owner. Because group management is disabled in Microsoft Teams, the administrator must add an owner to the group in the Azure AD group properties. The interesting part: if the group membership for a team owner will be changed, because she or he changed the department, the user will stay owner of the team. An administrator has to remove the owner from the Office 365 group or a new owner can degrade the old owner to a member in Microsoft Teams. Then the user will be removed immediately from the team.
Use of dynamic group membership with Office 365 group is a very static approach. There is only one option: in or out, 1 or 0, black or white. The members of a team depend totally on a single AD attribute. Owner and administrator of such teams can’t modify group membership. The business unit responsible for theses attributes is normally the IT or HR.
In sum, is it a good and comfortable way to configure dynamic Microsoft Teams. From my point of view, it depends on what is your approach and your goal for this dynamic group. For some of you it can be a good solution to use dynamic Office 365 groups. For others that want work and they will look for other solutions.
Very informative post, thanks for sharing your detailed overview. It’s nice to read it. Btw, for the dynamic Microsoft Teams, Is it capable if only for 5 members in a team ? or is there any of specific amount ? regards
Thanks for your comments and feedback, Riani. Very appreciate. As far as I know there is no limit or specific amount for dynamic groups. In my lab environment I could create dynamic teams with only one member.
I have a dynamic group with a Team. The dynamic rule checks if your AD-object contains a certain value. If so, you’re a member and you gain access to the said Team. But I want to convert the dynamic team to a static group. The said Team must be remained at all costs as it contains important information. Can I convert the dynamic group to a static group without losing the Team or are these completely different issues?