Delegate365 v8.4 brings a bunch of new features and improvements. Office 365 Groups management allows to teamify existing groups and to control all Teams settings including policy settings. The Sync Job can send warnings if many objects are deleted, Shared Mailboxes and Resource Mailboxes licenses can be removed, Reports can be directly downloaded, Room Lists are available, License Orders can be exported and much more. See a description of the new features here.
- Create a new Team: When creating a new team in Groups / Office 365 groups, the administrator can set the new Team switch to Yes. This provisions a new Office 365 Group and creates a Team on top of the Office 365 group. After the new Team was created, don´t forget to set additional owners if required and members for the new team, see below.
- Support for Group Naming Policy: If a Naming Policy is set (which can be controlled in Delegate365 as well, see below), the Group Name will be updated to comply with the naming policy. In this sample, "Project Apple" will be renamed to "GRP Project Apple Contoso" because the policy demands that naming.
This affects also the Primary SMTP Address which now is email-ready formatted "GRPproject-appleContoso" plus the primary or selected domain.
- Team-ify an existing Office 365 Group: The Office 365 groups list now shows the group "Type" in an extra column. Possible values are: Unified Group, Team and Yammer. An existing group of type Unified Group can be converted to a Team with the menu on the right as in the following screenshot.
Confirm the message box with Yes. Then, the group type changes and the new team will be available, usually within some seconds.
- New Office 365 Group and Team properties: The Office 365 Group properties have been extended to support all Team settings as shown in the screenshots below (there are 3 screens appended). Again, if a Group Naming Policy is in place, the policy will be shown and new group name will be modified automatically. E.g., if the group name is changed to "Project Charlie", with that policy, the new name will be "GRP Project Charlie Contoso". If no Group Naming Policy is set, the Group Name stays as entered. No worries, if the "New name" field stays empty and another option in that box is modified, the group name stays untouched as well.
- Group Owner: Pls. note that the owner of a new Office 365 Group (or Team) is automatically set to the Administrator who created the group. In this sample, the group owner is the "admin@..." user. If a Group Naming Policy is set, requiring e.g. the [Department] of the user, the data is looked up from the current creator user.
Info: There are no members set automatically when a new group is created. Administrators must add their desired members that after the group creation.
- New Office 365 Groups settings: There exists a new module in Administration / Unified group settings to define group policies if required. The following screenshot shows the sections that can be controlled for Office 365 Groups in the tenant: Classification, Blocked Words, Enable Group creation, Prefix suffix naming requirement, Guest settings und Guidelines.
To access the new module in Administration / Unified group settings, the permission policy set has been extended with a permission for "Unified group settings" in the Administration box. When Delegate365 was upgraded from a previous version, this setting is set to Yes if the Enable Administration switch is set to Yes by default.
- Office 365 Groups Classifications list: Here, the tenant-wide settings can be defined for the Office 365 Group classification.
Usually, it is recommended to use only 3 to 4 classifications to make it easy for the users to select the classification. Click the Save button at the page bottom after any changes. If set, a new Office 365 Group will automatically get the Default group classification until another defined classification is set. Existing Office 365 Groups stay untouched. If required, the classification can be set to existing groups afterwards.
- Office 365 Groups Blocked words: In here, blocked words can be saved. These words cannot be used as Office 365 Group Name. In this sample, a group cannot start or contain the word "boss" or "ceo" in the group name. The switch enables or disables that feature. This setting has no effect on existing group names.
Click the Save button at the page bottom after any changes.
- Office 365 Group creation: Administrators can define a tenant-wide policy here to allow users to create Office 365 groups or not. If Enable groups creation is set to No, no user can create a new group. As exception the ID of ONE Security Group can be set so that only members of that group are allowed to create a new Office 365 group.
To use this configuration, Global Admins can lookup the Security Group ID in the Azure Portal in AAD / Groups.
You can also get the Group ID from the URL when opening the group in the Azure Portal. Use this Group ID in the "Group creation allowed groupId" field in Delegate365. Click the Save button at the page bottom after any changes.
- Office 365 Group Prefix suffix naming requirement: Define a Group Policy Name in Delegate365. Every new Office 365 Group name will be adapted as defined in the template, e.g. "GRP [Groupname] [Department]". [Groupname] is the name of the Office 365 group an Administrator puts in in Delegate365. During the creation process, the group name will be modified by the template. If an empty string is provided here, no group naming policy is existing and new Office 365 group names will stay as entered.
The template field can contain placeholders. Supported Azure AD attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title]. Unsupported user attributes are treated as fixed strings, for example [postalCode] or similar. This setting has no effect on existing group names and is active from the moment on.
- Office 365 Group Guest settings: This section allows to define guest settings for Office 365 Groups. There are switches for Allow to add guests, Allow guests to be group owner and Allow guests to access groups. Guests are so called external users, that are not users in the own Office 365 tenant. These switches define the behavior of groups tenant-wide.
- Office 365 Group Guideline URL: Allows to use a custom webpage for delivering additional information to users when creating a new Office 365 group in the Office 365 portal. This can be set in Delegate365 as well if required.
Pleas note that the Save button for ALL sections is at the page bottom here. Every change has to be saved in order to be active.
- New Sync Rules including "Domain" for all mailboxes: In the "User" section, an automatic sync rule by "Domain" was already existing. This means, that users can be automatically assigned to an OU if the domain name equals an OU name, e.g. If username "firstname.lastname@example.org" = OU name "company1.org" that user gets assigned to that OU, etc. The Domain rule has been added to Distribution Groups, Office 365 Groups (Teams), Resources and Shared Mailboxes as well. This simplifies the automatic assignment of mailboxes by their domain name.
By activating the "Domain" option, all mailbox objects in Office 365 can be assigned to an OU with the same name by their Primary email Address.
- New Sync feature Block user assignment: In Administration / Delegate365 settings, an automatic OU assignment (through the Sync Rules) can be stopped, if an enforced license quota is exceeded. The switch "Prevent the user from being assigned to an OU when an enforced license quota is exceeded" controls that behavior. By default this switch is set to No.
When set to Yes and and any license quota for the OU would be exceeded, the user will not be assigned to that OU.
- New Sync warning for deleted objects: When the Microsoft API delivers at least 20% fewer objects in a synchronization process than Delegate365 knows, a SyncJob warning is generated. The warning informs about the percentage of deleted objects per object type, as in this example: "The sync job has deleted n percent of the Unified groups. If this action was an error, the objects will be added again at the next sync."
This warning informs Portal Admins and Notification Admins that a large number of objects have been deleted. That can happen through bulk operations with PowerShell or other deletions. Delegate365 gets the information from the Microsoft API and generates that warning.
The warning is also sent to all Delegate365 users who have the permission "Is Notification Administrator" set to Yes in their assigned permission policy.
Additionally, the users must have set a notification email address. This can be done by the Portal Admins in the administrators list, or individually by each Admin in the account properties as shown here.
If these two conditions are fulfilled, the Notification Administrators receive the SyncJob warning message as well. The email hast the subject "D365: SyncJob warning" and looks as here.
With that notification, the administrators can check if the deletion of the objects was intentional and react. If the cause was that the Microsoft API did not delivered all objects for whatever reason, the next sync will add missing objects if a corresponding sync rule is set.
- New Report notification settings: When submitting a report request, the user can select to get a notification email when the report is ready as here.
The report engine will generate the reports from the Scheduled reports and will move the reports to the Finished reports section.
In Administration / Delegate365 settings, there is a new Report notification settings section that allows to define how report notifications are sent. Now, there are three options available that can be set for the Delegate365 tenant:
1. Send notification with link to the Delegate365 reports page
2. Send notification with the report as attachment
3. Send a notification with a direct download link to the report, which is valid for 24 hours
Option 1 is the default setting that sends an email to the user with a link to the Delegate365 portal report page. Option 2 and 3 are new and allow to send the notification email with the report included as attachment (2) or (3) - which is the recommended option - with a direct link to download.
If the report email is generated with option 3, the email includes direct links to get the report by clicking on the link. This link includes a SAS* key that is valid for 24 hours.
* A shared access signature (SAS) is a URI that grants restricted access rights to the Delegate365 storage resources. With the report links, a user can download the report as CSV or Excel file for further usage. The link expires after 24 hours for security reasons. Vice versa, in the Delegate365 reports page, generated reports are available for 7 days for the signed-in user before they are deleted automatically.
So, Portal Admins can define the desired notification format and the report delivery in Administration / Delegate365 settings.
- New Room Lists: Distribution Groups can now be created as "Roomlist". Set the Roomlist switch to Yes and Save the room list.
The Type Details column informs about the Distribution Group type.
Pls. note that only resource mailboxes and other roomlists can be added as member to a roomlist. In this sample, the Administrator can manage a user mailbox "Adele", but when searching for "ad", user mailboxes do NOT show up, only rooms, as "Conf Room Adams". This is intentional, only these two mailbox types are allowed as members.
- Show UPN and OU in people picker: As shown in the screenshot above and below, the people picker now shows the UPN (or the Primary Email Address, here: Adams@...) and the OU name (here: Seattle) besides the name to identify objects straightforward.
- Remove Office 365 licenses for Shared Mailboxes and Resource Mailboxes: When a user mailbox is converted to a Shared Mailbox (SM) or to a Resource Mailbox (RM), Delegate365 allows to block the sign-in for that user mailbox if desired. The following screenshot shows that process with a selected user mailbox in the Users list.
Note the Block sign-in switch and the license information in that panel. This behavior can be defined in the Administration / Delegate365 settings as follows:
In the Converting users box, Admins can set that converted mailboxes lose their Office 365 license at that conversion process - or not.
- New Shared Mailboxes parameters: So that the mails sent from a shared mailbox also appear in the mailbox's "Sent" folder, the parameters "MessageCopySendAs" and "MessageCopyforSendOnBehalf" must be set. In Mailboxes / Shared Mailboxes, the settings MessageCopySendAs, MessageCopyforSendOnBehalf and MessageRecallProcessing have been added in the General section of a Shared Mailbox.
Admins can now control this behavior in Delegate365 for each Shared Mailbox, see also here.
- New Export License Orders: Users can export their license orders list as CSV or Excel file directly with the icons on top of the list.
The export delivers one row per order. In the following screenshot one order has been transposed to show all fields below the generated order table.
CreateDate is the order date, UpdateDate the date when the order was approved or cancelled. The export allows to process the license orders in other systems.
- Export OU´s with date and user information: The OU list can be exported including additional metadata.
The export file also shows when an OU has been created or updated and by what user, as shown here:
- Export has been added to the following lists: Users, Shared Mailboxes, Resources, Contacts, Security Groups, Office365 Groups, Distribution Groups, Dynamic Groups, and OU´s .
- User names with special characters: Delegate365 now allows special characters like "ěščřžýáíé etc." in the user name and other user properties. So, Delegate365 does allow to save the user name, including hooks and commas. In Czech this would be translated as follows: "Delegate365 umožňuje uložit uživatelské jméno, včetně háčků a čárek.". All these characters and many more are now supported as well as special characters in English names as "O'Maley" are valid.
- New User password policy switch: Disable strong password: This setting can be modified for one or multiple users in the Users list, in menu Password policy as shown here. Disable strong password can be set to Yes or No.
The Password never expires switch allows to set that for individual users if required.
- License Sync Rules fix: Under certain circumstances, multiple license assignments of the same group did not work properly if licenses have been activated and some plans out of that SKU have been removed in another rule afterwards. This issue has been fixed in v8.3 and v8.4.
- New Exchange Reports about Litigation hold: In Reports and Category Exchange, three new reports have been added: Litigation hold user mailboxes, Litigation hold shared mailboxes, and Litigation hold resource mailboxes.
These reports show mailboxes with the information if Litigation Hold is set and if the mailboxes have an Office 365 license assigned.
So, Administrators can simply identify mailboxes that require an Office 365 license.
- Small fixes and re-labeling: Some labels have been slightly changed to make them clearer and description text has been updated.
We've added many of the features described to our customers´ direct feedback, and we think they're useful. The Delegate365 update v8.4 is planned during August for productive customers. New Delegate365 trials will get this version starting mid of August.