Best Practice for assigning policies in Intune to Office 365 Group Members

Andrew Ching
Andrew Ching used Ask the Experts™
We setup multiple Office 365 Groups and would like to assign policies in Intune corresponding to these Groups. Yet Intune only take Security Groups instead of Office 365 Groups. An obvious method is to create Security Groups Corresponding to Office 365 Groups with duplicated effort and risk of human error creating not matching membership between two groups. I wonder if there is any other practices to manage such situation. Any advice sharing?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
Office 365 Groups are not a security principal, so you cannot/should not use them for anything related to permissions. By default they are using an "open membership" model, meaning anyone in the company can join or leave as they please, that's not something you would want for assigning Intune or any other kind of policies. Stick to using "traditional" secuirty groups and dont buy into all the MS marketing crap.


Ha Ha, "dont buy into all the MS marketing crap"... Thank you for your advice.

We never use the "open membership" model and adopted Office 365 Groups for consolidated email location and linkage to SharePoint site for light document sharing.

With these Office 365 Groups setup, we are thinking if we can leverage them further. Sounds like this is not the way.

Thanks anyway.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial