asked on Do i need to have Universal security group OR Global security group for assigning permissions on a online SharePoint site.
Hi
We use Windows 2012 domain controllers on our network.
We have moved to 0365 and all our users and security groups sync from On-Prem Active Directory to 0365.
We are going to use SharePoint online that come with 0365.
I have been told that I need to have the following three groups.
All Student
All Teachers
All Staff
On our AD already we have All Student and All Teachers group, and both groups are in the Global security group.
I have an ALL Staff group and this group is an Universal security group, which is used for sending email for ALL Staff.
For assigning permissions on SharePoint from All Staff, can I use this universal security group OR do I need to create another Global security group called “ALL STAFF”
Any help much appreciated.
Thanks in advance
We use Windows 2012 domain controllers on our network.
We have moved to 0365 and all our users and security groups sync from On-Prem Active Directory to 0365.
We are going to use SharePoint online that come with 0365.
I have been told that I need to have the following three groups.
All Student
All Teachers
All Staff
On our AD already we have All Student and All Teachers group, and both groups are in the Global security group.
I have an ALL Staff group and this group is an Universal security group, which is used for sending email for ALL Staff.
For assigning permissions on SharePoint from All Staff, can I use this universal security group OR do I need to create another Global security group called “ALL STAFF”
Any help much appreciated.
Thanks in advance
Microsoft SharePoint* grouppolicyMicrosoft 365Active DirectorySecurity
Last Comment
Jeff Glover
I seem to recall there was a filter on one of the default rules to exclude universal groups from the sync process, however I think this only applied to Exchange Online. As long as you can see the security group in SPO, you should be able to use it. Otherwise, create a global one.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
All 3 types of groups are synced to Office 365. I would not create a special group unless for some reason, SharePoint Online will not accept your current groups. I agree wholeheartedly with the above explanation however adding groups simply to try to maintain AGDLP may be overkill with Office 365 (this is my opinion only so take it as such), The thing to understand is, if you already have an All Staff group, making another one can be confusing, unless you decide to make an OU with Domain Local groups specifically for SharePoint online and use unique group names.