Today’s blog is just a quick tip, so without further ado, lets get started.
If your organization is a prolific user of Teams, Microsoft’s behemoth of a collaboration app, you may know that by default when you create a Team, on the backend, an O365 Group and SharePoint site gets created.
For example, our Marketing Team:
This is awesome because Team memberships can be managed by Team owners instead of IT. This ensures the Team membership is as accurate as possible without so much as a single Help Desk ticket.
This would be great if we can use Teams group to deploy specific policies to a targeted group of users. Say, I want a set of policies to only apply to the Marketing team.
We recently ran into this exact need of trying to deploy an Intune policy where the Marketing folks have their Marketing Team files from SharePoint Library automatically sync to their OneDrive. But when we tried to provision the policy for the Marketing team, the Group isn't there to be selected. What gives?
Turns out, by default, Teams Groups are not security enabled and as such you can’t use it for Security or Permission filtering when deploying things like Intune policies.
There is a very easy fix for this and it only takes one line of PowerShell code.
Set-AzureADGroup -objectID <objectID of your group> -SecurityEnabled $true
You can find the ObjectID of your group with PowerShell, or in the Cloud GUI:
Now your Teams Groups is security enabled, and can be used for security filtering and you can avoid having to create a duplicate Security Group when the Team memberships are already managed by Team owners.
I hope you’ve found this helpful, happy Azuring!