Azure AD Naming Policy for Office 365 groups is now in Public Preview
Office 365 groups is a cool and very popular collaboration feature in Office 365. Groups are easy and fast to create and your employees can use them to collaborate with their co-workers on projects, share team documents, and manage emails and calendars.
As customers increasingly adopt Office 365 groups, we’ve been introducing new features, like groups expiration policy, to make it easier to manage the Office 365 groups that your employees create.
Today, I’m excited to announce our next enhancement in this area, Office 365 groups Naming Policy.
You can use this new feature to enforce consistent naming conventions for Office 365 groups across its associated workloads, and block specific words from being used in group names and aliases. A naming policy can help you and your users identify which department, office, or geographic region the group was created from. It can also help identify a group in the global address list, and block inappropriate words in the group names.
Select administrators are exempted from these policies, across all group workloads and endpoints, so that they can create groups using blocked words and with their desired naming conventions.
You can configure the following directory settings programmatically via Azure Active Directory PowerShell to enforce group naming conventions:
- Specify Prefixes and Suffixes: Specify prefixes or suffixes to define the naming convention of groups using the PrefixSuffixNamingRequirement setting in your tenant’s directory settings. These can either be fixed strings and/or attributes of the user who creates the group. As an example, you could configure the setting as ‘GRP [GroupName] [Department]’. If a user from the ‘Engineering’ department creates a group called ‘Project Firecracker’, the group name will be “GRP Project Firecracker Engineering” Currently, the following Azure AD user attributes are supported: [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title].
- Blocked Words List: Using the CustomBlockedWordsList setting in your tenant’s directory settings, you can specify a list of words that a you wish to block in group names and aliases created by your users. As an example, you could configure the setting as “CEO, payroll, HR”. Group creation will fail if a user attempts to create a group called “CEO conversations”. You can configure a maximum of 5,000 phrases to be blocked within your tenant.
Learn more about how to configure the Office 365 groups Naming Policy.
The Azure AD Portals and the Office 365 groups apps enforce the Naming Policy when end users create or edit groups. This article details the behavior and compliance of Office 365 apps to the Naming Policy.
Let’s say the admin has configured the Naming Policy as follows:
PrefixSuffixNamingRequirement = GRP [groupName] [Department]
CustomBlockedWordsList = “CEO, payroll, HR”
Here’s what the experience will look like on some of the key groups apps when a user from the Sales department tries to create an Office 365 group:
Azure AD End-user portal (My Apps Access Panel)
Figure 1. Full group name with Prefix and Suffix is displayed
Figure 2. Blocked word ‘CEO’ detected in group name -group creation will not be permitted
- Outlook Web (OWA)
Figure 3.Prefix and Suffix are auto-appended to the group name and SMTP alias
Figure 4. Blocked word ‘CEO’ detected in group name -group creation will not be permitted
Figure 5. Full group name with Prefix and Suffix is displayed to the end user
Figure 6. Blocked word ‘CEO’ detected in group name -group creation will not be permitted
Figure 7. Prefix and Suffix are auto-appended to the group name and SMTP alias
Figure 8. Blocked word ‘CEO’ detected in group name -group creation will not be permitted
The Office 365 groups Naming Policy feature is available in public preview today for Azure AD Premium customers. Please note this feature will require Azure AD Premium licenses for all users that are members of Office 365 groups in the tenant.
Let us know what you think!
We’d love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment below. We’re always looking for ways to improve.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
Source: EM+S Blog Feed