Skip to main content

Mail-enabled security groups in Office 365

Another update (11/19/2013): further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):
  
Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates, without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal:    

Those managing Office 365 (O365) tenant via the Microsoft Online Services Portal (MOS Portal) interface would notice that there are two distinct group entities:
  • Security Groups:
    • can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning permissions within SharePoint Online
    • do not show up in Exchange Online portal under distribution groups
  • Distribution Groups:
    • can be created via Exchange Online portal  (MOS Portal>main portal page>Exchange>Manage)
    • can't be used for assigning permissions
    • do not show up in MOS Portal under security groups
This suggests that if one needs to group users for permission assignment and email distribution, one would need to create two different groups - a security group and an email distribution group. Clearly, there are cases (for example: when the same users need to be assigned permissions to a resource and receive email notifications about it) when it would be desirable to have a single group to be used for both.

In on-premise Active Directory (AD) and Exchange one would use mail-enabled security group for this purpose, but what are the options in Office 365?

Surprisingly, the answer to this question wasn't as forthcoming as I would expect it to be and finding any information on how to create an email-enabled security group in O365 proved to be challenging. Finally, I came across the following Knowledge Base article, which indicated that it could be done via directory synchronization (DirSync) tool. 

This is great, but what about environments that don't use DirSync? First of all, there’s clearly no way to accomplish the desired via MOS Portal (sorry, no point-and-click). So, one would have to resort to using PowerShell. After looking at the various PowerShell cmdlets for O365 and Exchange Online and doing some poking around, I came to the following conclusions:
  • Once a group has been created, changing group's type (mail-enabling security group or making distribution group a security group as well) doesn't seem possible.
  • However, at moment of creation distribution group can be designated as security group as well.
Here's a sample PowerShell statement:

new-distributiongroup -name "[Group's Name]" -alias "[Group's Alias]" -type "security" -primarysmtpaddress "[your_address@your_domain]"

For more information about the command try one of the following:
  • get-help new-distributiongroup -detailed
  • get-help new-distributiongroup -examples
  • get-help new-distributiongroup -full
To view group properties, the following sample PowerShell statement can be used:

get-distributiongroup -identity [Group's Name or Email Address] | format-list

When retrieving information about distribution group created with -type "security", expect to see the following as part of the output:

Distribution group created with default options would have it as:

Labels:

Comments

Post a Comment

Popular posts from this blog

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful - From the elevated command prompt execute “ klist –li 0x3e7 ” to view the logon session of the computer account . To purge them, simply execute “ klist –li 0x3e7 purge ”. A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “ gpupdate /force ” and check. In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was  http://setspn.blogspot.com/2010/10/updating-servers-security-group.html
4 comments
Read more
  AI Agents as Trusted IoT/Software Defined Devices 🤖 Your Newest Endpoint Isn’t a Laptop; It’s an AI Agent. Are You Ready to Secure It? Dive into the next frontier of cybersecurity. Autonomous AI agents are no longer just code; they are powerful actors in our digital ecosystems. Treating them as simple software leaves a massive security gap. Our latest report introduces a new paradigm: The AI Agent as a Software-Defined Device. Discover the essential framework for securing the agentic future: ➡️ The Agent-as-Device Model: Learn why abstracting agents as software-defined devices, similar to IoT endpoints, is the key to managing their complexity and risk. Secure the “hardware” (host), “software” (agent logic), and “network” (communications). ➡️ A Digital Passport for AI: Move beyond static API keys. Explore how Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) create a cryptographic root of trust, giving every agent a verifiable identity and provable permissions. ➡️...
Post a Comment
Read more

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by  ’ ) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content): UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  'Â' ,  '' )      UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  '’' ,  "'" )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  'Â' ,  '' )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (me...
17 comments
Read more