Create a dynamic group in Azure AD

The purpose of a dynamic group in Azure AD is to be one based on a query. This means the membership of this group is then constructed on the successful matching of that query. The use case I’m going to build here is a dynamic Azure AD group that will contain devices that I wish to retire from an Azure AD.

To use dynamic groups in your environment you are going to need to be licensed for Azure AD P1 or P2. Thankfully, if you are using Microsoft 365 Business Premium, you’ll have Azure AD P1.

The way that the machines to be retired will be identified is by their unique Device ID as it appears in Azure AD. Thus, first stop will be the Azure AD portal to record these unique Device Ids.


Navigate to the Azure AD portal as an administrator ( and select the Devices item on the left hand side as shown above to see all the devices your Azure AD knows about.


In the page that appears, select All devices on the left and then search for the device(s) you wish using the search box on the right as shown above. Here, I’m searching for the device called VPC02. Select the device name to get more information about that device.


On the details page for the device you should now find the unique Device ID, as shown above. You should take a copy of this as it will be needed later.

Repeat the above process to obtain the unique Device ID of all the devices in Azure AD you wish to retire.


Return to Azure AD portal home page and now select Groups from the menu on the left.


Select the option on the top right for a New group.


Set the group type to Security. Give the group a meaningful name (here To be retired) as well as a description. Finally, ensure that the Membership type is set to Dynamic Device, because in this case we want to query a list a devices in Azure AD.


At the bottom of the options, select the Add dynamic query hyperlink as shown above.


On this page you will build the dynamic query for the membership of the group. Here we want to query the deviceid property to see whether it equals the Device Id we obtained initially for the device(s) we wish to retire.

Each unique device will generally require its own unique query line with the And/Or set to Or for this use case.


Once you add the entries at the top of the page you’ll see the actual rule syntax displayed in the box below, as shown.


To test the query returns the expected results, select the Validate Rules (Preview) option at the top of the page as shown. Next, Add devices you wish to test the query with. In the case above, I selected a machine I knew should match (VPC02) and one that wouldn’t (WIN10ENT). These selections will be validated and results displayed.

Here, the validation returns the expected results for this use case, so I can select the Save button at the top of the page to continue.


In the list of Azure AD groups, you should now be able to see the one that you just created.


If you now select this new group you will probably find that it doesn’t have any members as yet as seen above.


Fear not. Because the group is dynamic, it will take a few moments to run the query you created and populate it with matching members. When it has done this after a short time, you will be able to find the results in the Members option on the left hand side as shown above. Check that they match the expected results.


At that point, the Overview page should also display the correct count of members as shown above.

You can of course edit this Azure AD Dynamic Group at any point and change the membership criteria. In the case of retired devices, we’ll need to go in again and add any new Device Id’s for devices we want retired from our environment down the track.

A dynamic group can be based on just about any criteria and you may use it to identify new devices, users in the marketing department and so on. The queries can also be quite complex and it is recommended you consult this documentation from Microsoft for more information:

Dynamic membership rules for groups in Azure AD

In this case, we can now use this dynamic group of old devices to off board them cleanly from our Microsoft 365 environment. Stay tuned for upcoming articles on how to do this.

Using Microsoft Teams to keep up to date

I wrote an article a while back about

Using Office 365 to stay up to date

That article focused on the functionality provided by Office 365 Groups. Of course, you can solve the same challenge multiple ways in Office 365. So here’s how you can do something similar but this time using Microsoft Teams.


I already have a Marketing Team as you can see, so what I do is select the ellipse (three dots) to the right of that and from the menu that appears I select Add channel.

My suggestion would be to create an individual channel for each source of information. This allows you to not only group incoming information on that topic together but also start grouping additional resources around that like files and plans if you choose.


I give the new channel a name a description and select Add.


Once the channel has successfully been created, I select the ellipse for this new channel and then Connectors from the menu that appears.


Locate the RSS option and select Configure.


Enter in all the details as per the previous article for this feed and select Save.


You should now see the feed information appear in the conversations tab as shown above. The big benefit here is that everyone in the marketing team can not only see the information but they can also comments and provide additional feedback on the item, all in one central location. This gives this item far more value that if everyone just consumed it on their own.


Another great option about having a single channel for these communications is that we can also connect other information sources, like Twitter.

To add the Microsoft Australia Partner Twitter account to this same channel, I firstly get the address of the Twitter account, which in this case is:


I repeat the above process and add a connector to my channel, however this time instead of select RSS I select the Twitter connector as shown above.


You’ll need to provide a valid Twitter account to authorise access to the feed, so Log in if you need to.


Configure the Twitter feed as desired. You can see I can elect to follow a Twitter account and/or a specific hashtag as well.

Once this is all configured, simply save the options.


You should again see confirmation of the configuration in the channel conversations.


Now the information from Twitter also ends up in the channel and you can potentially also take actions from the cards that are presented depending on how you configured the connector.


Another great benefit of feeding information into Office 365 Groups and Teams is that there is a mobile app available on just about every platform for these two services. Thus, no matter whether people are on the road or at their desks they can see and contribute to conversation around the news as it arrives.


As I mentioned, even though I am a team of one, I have configured a lot of news sources to be delivered to me in the manner. I also use other aspects of the Microsoft Teams that was created, such as the SharePoint Team Site, for managing my scheduled tweets as I have detailed previously here:

Sending recurring tweets using Microsoft Flow


Using Microsoft Flow for event confirmations

So even as a team of one, Office 365 helps me manage and be more effectively with my marketing. Imagine the benefits when you start scaling this out to larger teams.

If you now move beyond just marketing you can hopefully see the benefits things like Office 365 connectors can provide you. You could use them to stay up to date with patches, security alerts, and so on. The use cases are pretty endless.

Office 365 provides a very extensive toolbox to allow your business to be more effective. Where could you use it to improve your business?

Changing a Group/Teams icon in Office 365


If you go out and create a new Microsoft Team you don’t get the opportunity to add a custom icon for that Team. Thus, you get a Team as shown above with just some letters and coloured background which is rather boring.


However, when you create a Microsoft Team, you also get a SharePoint Team Site. Unfortunately, this also just has the same ‘standard’ icon by default.


A Microsoft Team also creates an Office 365 Group which again has the same old ‘standard’ icon.

So how do you change the icon?


Go to the very right of the Group menu and select the three dots (also called an ellipse). From the menu that appears select Edit Group.


A panel will slide out from the right. Select the pencil icon on the image and upload you new icon.


When the new images appears in the pane, select the Save option at the top of the panel, just above the image.


You should see your Group icon update as shown above.


You should also see the icon update in Outlook on the web (OWA) as shown above.


The SharePoint Team Site icon should also update automatically


and the Planner plan connected to the Group and Team.


and finally into the Microsoft Teams app itself.

One icon to rule them all!

Need to Know Podcast–Episode 131

Some news and opinions to start the show from Marc and I. We discuss some of the new learning offerings from Microsoft and why they are so important for IT Professionals to use to upskill the knowledge. We then dive into another discussion with a Microsoft Ignite Australia presenter, Elaine van Bergen whose topics are:

How to build a modern portal with Office 365 and on premises data

See how you can build a modern portal on Azure PaaS by leveraging the API’s and out of the box elements available from Office 365. We’ll showcase a modern portal on Office 365 including use of the Graph API, Office 365 Groups, OneDrive and the Video Portal all combined into a compelling and responsive design with full level of control over customisation. Also we’ll discuss options for utilising the SharePoint framework for smaller customisations and how elements of the solution can be integrated with on-premises data via Azure Hybrid Connections.

Deploying and governing Office 365 Groups

Office 365 Groups is one of the best ways to get wide adoption and usage of Office 365. It’s a fundamental building block of many of the newer features of Office 365 including Planner. Explore how to get Office 365 Groups deployed and setup and how to do this with the most common Hybrid setups of Exchange. In addition, we will also go through the various governance and control options to help keep groups well controlled in a large organisation. Finally, we will briefly cover the API’s that can be used to pull Office 365 Groups into custom solutions.

Don’t forget to send us your feedback at

You can listen to this episode directly at:

or on Soundcloud here:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.





Azure news from Marc

Microsoft teams gains steam

Flow updates

Why developers (And IT pros) need Azure skills

Microsoft OpenEdX

Old vs New Groups

In a recent article I wrote how Office 365 groups received their own Team Site now but from what I could see that Team Site couldn’t contain subsites.


Interestingly, if I create a totally new Office 365 Group, rather than look at an existing Group, I get the ability to create subsites!



As you might also observe, I can’t currently figure out a way to rename the site that created when you created a new Office 365 Group!


Also, the Site Settings for this new Office 365 Group are far more extensive that the pre-existing group I looked at in the previous post.

I suspect things are still changing behind the scenes and we’ll soon see a consistent interface. I probably don’t because I’m currently on Office 365 First Release.

Bottom line? stay tuned for more updates on Office 365 Groups.

My Office 365 Groups are now SharePoint sites

There are a lot of changes rolling out to SharePoint Online and one of the major ones is around Office 365 Groups.

Office 365 Groups used to be simply a shared mailbox and a shared OneDrive For Business (basically a single Document Library). Groups have now become more about identity management in Office 365 than a separate service.


If I now navigate to my OneDrive for Business I see a list of Office 365 Groups at the bottom of the menu on the left.


if I navigate to one of these you’ll see I end up in a Document Library as shown above. However, if you now look more closely, you’ll see that is in fact now a complete SharePoint site.


If I now navigate to the Home page you’ll see that I get the modern SharePoint interface with Quicklinks and Activity on the front page.


Here I can create more apps (like Document Libraries) for the site.


If I go to Site Contents, I see the familiar SharePoint overview of all the items that existing with a SharePoint Team Site.


Interestingly, when I go to Site Settings for the Team Site I basically only see two items as shown above.


You’ll also notice that the URL of this new location is:

This indicates that the Group is now a stand alone Site Collection. However, when I look inside my SharePoint Admin Center I don’t see this Site Collection listed.

A few observations here.


I can create new apps within the new Group Team Site but I can’t appear to create any subsites.


When I go to the Site Settings for the new Group Team Site you’ll see that the theme changes and I lose the Pages option from my menu on the left.


The Settings for a Document Library appears identical to what is available in a standard Team Site although there are less options.


The above shows all the options available from a standard Team Site Document Library as a comparison.

You can still share individual files like you can in standard Team Site but there isn’t anywhere to share or set permissions in the new Group site.



You’ll notice there is no full site “share” (upper) as there is in a standard Team Site (lower).

So in summary, Office 365 Groups have now had their data storage locations upgraded to a ‘basic’ SharePoint Team Site. This new Group site is it’s own Site Collection were permissions are managed by the Group rather than in the SharePoint site. This Group site also doesn’t have the full functionality of a standard Team Site.

The main question I have at this point is where the new Groups sites storage comes from? It seems that it doesn’t come from the standard SharePoint Team Site pool, as the site isn’t even listed there. Does that mean the storage is independent of that available for standard Team Sites? If so I wonder what the limit of storage is? I wonder if it is like OneDrive for Business and effectively unlimited for Enterprise plans? My guess? I’d say each Group site has a limit of 25TB. Is it possible that each Group could have 25TB of space available to it? Not sure.

From what I understand, Office 365 Groups have now become more a container of users that will be utilised across all the Office 365 services, from Yammer to Exchange and so on. Each Office 365 Group will get a cut down version of a full SharePoint Team Site, in an independent Site Collection. I also believe an Office 365 Group will get its own Yammer location.

So the change here is that you need to start thinking about an Office 365 Group as a location that holds a collection of users. These users have access to a number of Office 365 services (such as the basic Team Site) as part of being members of this Office 365 Group. This new Office 365 Group can also be given access to other Office 365 services, much like any security group.

It is clear from all the information I’ve been watching from Microsoft Ignite, that Office 365 Groups are still an intermediate step when it comes to collaboration, between an individual’s OneDrive for Business and a fully blown ‘standard’ SharePoint Team Site. That makes sense, as it keep things simple for users who just want to start collaborating. If you are a member of an Office 365 Group you get a basic independent location to share files, folders and information as well as share information.

Where the complexity arises is where is the best place for people to store stuff? Their OneDrive for Business? A Group site? A Team Site? Yammer? etc? They are spoilt for choice but does require somewhat of an understanding of what each location can and can’t do. Maybe that’s why some yearn for the good ol’ of simple an F: drive to store stuff in?

I need to go away and continue to work through the content from Microsoft Ignite, especially the deep dive sessions so I can determine exactly how all this fits together and what Microsoft’s plans are going forward. Now that I actually have these abilities in my tenant it will be easier and I’ll report back what I find. Until then, enjoy the new functionality office 365 Groups provides. Also remember, that many changes are still rolling out, and will continue to do so for some time yet!

Answering common questions with Office 365 Part 3

This is the third article in a series of typical customers questions around Office 365. These questions were part of presentation I did with two other resellers at the Australian Microsoft Partner Conference in 2016. You’ll find the first part of the series here:

Answering common questions with Office 365 Part 1

Answering common questions with Office 365 Part 2

The question for this article is:

My team has to manage a lot of documents for a lot of clients and we have trouble working effectively with this information when you also combine it with data from email and other sources. How can Office 365 be used to allow my business to be more effective with the information we are producing?

There are so many ways that this question can be answered with Office 365. Consider the following as simply an overview of what is possible.

The most important thing to appreciate about Office 365 is that all the information you put in there is searchable. The results from any search are ‘security trimmed’. That means you only see results that you have access to view.

For most users Delve provides a single pane of glass across nearly all of your Office 365 services.

How can I find people and information in Office Delve?

I have written articles about the importance of Delve but this one probably sums up things best:

Delve should be the centre of your Office 365 universe

Delve is available across all Office 365 suites and if you haven’t as yet looked at it then start here:

Introducing Office Delve

Powered by Officegraph

What is Office Delve?

How does Office Delve know what is relevant to me?

Also importantly, you can get Delve on your mobile devices:

Introducing Office Delve Mobile Apps

as well as you Windows 10 desktop:

Delve on Windows 10 app

Most Office 365 users also get a personal location called OneDrive for Business in which they can store all their documents.

What is OneDrive for Business?

They will get around 1TB of space into which they can store and share their personal files. This means they can move information stored on their local desktop, PC, USB drives, etc into a secure location that only they have access to and that they can share from with others, inside and outside the organisation if they want. It is important to note that OneDrive for Business is not designed as a file server replacement, it is designed for personal use. SharePoint Team Sites and Office 365 Groups are more the locations for information that needs to be shared with a teams of people.

There are many other products that do personal file sharing but here’s an overview of why OneDrive for Business is a superior technology.

Why OneDrive for Business

Given that Office 365 is much more than just emails and file storage I’d recommend you review my article:

Where to put data in Office 365?

to give you a better idea of what all the options are.

Now I mentioned Office 365 Groups as another location in which you can save your information. Office 365 Groups is great if you simply need an email distribution and single place to store common files. For a better idea of what Office 365 Groups are all about have a look at:

Office 365 groups: A quick tour of new user and admin experiences

If you then needs to add tasks to your collaboration you should have a look at Office 365 Planner:

Get started quickly with Microsoft Planner

However, if your needs exceed the functionality of both Office 365 Groups and Planner then it is time to consider SharePoint Team Sites for a fully blown ‘intranet’ style experience.

What is SharePoint

Getting started with SharePoint

Remember, that everything you put into a SharePoint Team Site is searchable, including the text inside documents. Team Sites allow you to create a hierarchical structure much like a file server but add in collaboration features like calendars, wikis, lists, etc.

You can get more functionality by using ‘metadata’ to tag your information to make it easier for your users to filter and sort.

Create managed metadata column

Set up metadata navigation for a list or library

The great thing is that you can customise your metadata to exactly suit your needs.

Another service available to Enterprise Office 365 Plans is a private video portal called Office 365 Video. In here you can place and share videos with your team. This is a great place for training resources as well as recordings from Skype for Business.

Meet Office 365 video

Manage your Office 365 video portal

You can also embed these videos directly into your SharePoint Team Site quickly and easily.

Another member of the Microsoft Cloud family is CRM. This allows you to manage contacts, sales, etc. but will soon also allow you to manage your financials thanks to the recently announced Dynamics 365.

Dynamics 365

Turning business process into business advantage for organizations everywhere

The big advantage these additional Microsoft Cloud products provide is the fact that access is governed by the same login users have for Office 365. This provides greater integration and management that few other services can match.

Another location that your team can collaborate together is in Yammer. Yammer provides an enterprise social network to share information publically which has so many benefits to the business. I’ve outlined many of these here:

The Business of Yammer

Don’t forget also that many Office 365 suites provide your users with the latest Office desktop software on their PC’s, Macs and mobile devices. They get at least 5 installation on each platform to ensure that everyone has the same version of the software. As an Office 365 subscriber you receive continuing free upgrades to this software automatically so you don’t need to worry whether everyone has the ‘latest’. They will.

Finally, Office 365 is also going to provide you the ability to automate your business process and information via a number of different tools such as:

Microsoft Flow

Microsoft Powerapps

SharePoint Workflows

In summary, Office 365 gives a lot of ways to manage and work more effectively with your information. It also provides you with the opportunity to improve the way you work today, become more effective and save time. It really is a single platform dedicated to better information management, accessed via a single login that is always constantly evolving and improving. In short, Office 365 is more than email and file storage, it is a full suite of productivity services to help your business better manage your information.

Watch out for the answers to more common questions with Office 365 coming soon.

Office 365 Connectors

A while back I wrote about how Microsoft was bringing PowerApps to Office 365 to provide improved automation and connectivity with information outside Office 365. Microsoft has now extended those options further into Office 365 with the new Office 365 Connectors which it has announced here:

Announcing Office 365 Connectors

Here’s how to set up a connector for Twitter.


From the app launcher navigate to Outlook.


From the options on the left locate the Groups heading. Under that locate the Create option as shown above to create a new group and select.

You can add a connector to an existing group but in the list case I’m going to create a new dedicated group. This allows people to work with this specific information rather than mixing it in with other stuff. However, if you perhaps already have a marketing group, it makes sense to connect these to your favourite external service.


The Office 365 Group creation option now appears on the right. Give the new group an appropriate name (here ‘Twitter’), set the Privacy and finally whether messages from the Group will be sent to members inboxes. Beware of using this option if you expect a lot of information to flow from the external source.

When complete, select Create to continue.


Next, add the desired members to this group by typing their name.

When complete, select Add to continue.


The new group will now be displayed on the screen.


Across the menu at the top of the group select Connectors.


This will open a new Connectors window as shown above.


Scroll down the list until you locate the connector you wish to add. In this case, the Twitter connector is located. Select the Add button.


You’ll now be prompted to login to the external service. Select Sign In to continue.


Enter the details for the service and select Sign In to continue. This authorisation page may vary slightly depending on which external services you are connecting to.


The next configurations will vary depending on the external service you connect to. For Twitter, you can select Twitter accounts to follow (@office365) as well as hastags to follow (here #office365).


You then set the Notification options as well as the Frequency.

When complete, select Save.


You’ll then be returned to the Connectors page where you should see the connectors you just added at the top of the page.


If you select the My Accounts option at the top of the page you will see all the external connectors you have configured as shown above.

You can now close this window and return to the Office 365 Group.


You should now start to see the configured external information start to flow into the conversations for that group as shown above.

So, Office 365 Connectors are a way of bringing in information from external applications into an Office 365 Group. Once there, they can be shared with members of the group as well as being used a source of information to drive conversations. All of this information will also be available on Office 365 mobile apps.

Microsoft’s blog post also mentions that a similar ability to this will soon be brought directly to users inboxes and then to other Office 365 services.

Now combine these new Office 365 Connectors with Delve and you’ll see how rich an information source Office 365 will be, especially as Delve provides a single pane of glass across everything in Office 365, now including these external sources brought in via Office 365 connectors.

Delve should be the centre of your Office 365 universe

Office 365 Connectors is currently only available for those configured for First Release but will soon be standard across all tenants. More connectors to other external sources will also become available.

So go forth and connect I say!