Enable support for dynamic mail-enabled security groups
Dynamic security groups are great, mail-enabled groups are great too wouldn't it be great to have both. We have a requirement to create security groups (or distribution groups) based on employee attributes (i.e. Active Full-time, Active Parttime, etc...). These attributes live in Azure AD but aren't accessible in Exchange Online so I cannot create a dynamic distribution group. I am able to create a mail-enabled security group but the membership cannot be dynamic. And any dynamic group I create can't be mail-enabled unless it's a unified group but for the purposes we need the groups for Unified groups aren't appropriate. All North America employees do not need to be a threaded group with planner and calendars. Please fix these gaps.
McKay, TreVon
shared this idea
Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.
54 comments
-
Phil Maynard
commented
Please enable these feature! We're needing to create two dynamics groups, one in Exchange and one in Azure AD. It would make so much more sense if it could be the same group that was used across the platform. This would also really help end users who expect to be able to use dynamic distribution lists for audience targeting in SharePoint.
-
Anonymous
commented
Please add this feature
-
Anonymous
commented
Please add this feature!
-
João Alexandre
commented
Please, add this feature ASAP
-
Anonymous
commented
We need this too. We synchronize local AD Accounts from different ADs to Azure AD with custome Attributes to build then our Org Distribution Groups. These custome Attributes are not available in Exchange Online so that we have to create Dynamic Groups based on Azure Dynamic Groups. But yes unfortunately there are no mail enabled dynamic groups allowed in Azure AD
-
Erick
commented
we too would like this feature
-
Ed Trail
commented
Need.
-
Mike Brown
commented
In Power BI, when adding user groups to use a data source on a gateway, Microsoft requires the use of an email address or mail-enabled security group, but does not support the creation of mail-enabled security groups in Azure AD. Please, please, please provide this functionality! Our current work-around is to create an on-prem group and mail enable that group via Exchange's on-prem admin console and then sync the group up to Azure AD. What solution do you have for cloud based mail-enabled security groups for Power BI Data Sources?
-
Seng Ung
commented
We have people sending email to dynamic distribution groups and adding encryption or sensitivity labels. Permission is not granted since these lists does not apply security permissions. I just hope mail-enabled dynamic security group would help solve this.
-
We are aware of the feature request to selectively provision resources for a unified group. We don't have a timeline yet, as it requires efforts across Microsoft workflows. However this feature is being tracked in our backlog.
-
Ian Caldwell
commented
Options to control group membership must be consistent across Office, Distribution and Security groups. Managing a fixed group of people so they can have SharePoint access, a Team, and receive emails - not a nice experience to manage three different groups, and not even have dynamic as an option for the mail-enabled security.
-
Anonymous
commented
Can't believe this hasn't been implemented. This is why people are scared of Azure AD.
-
john
commented
I proposed this concept for our on Prem SharePoint, only to find it doesn't work? Please help me look good and make it a reality:-)
-
Hidenori Takahashi
commented
I really need this right now to give access permissions in apps and send group mail. We purely want "Dynamic mail-enabled security group".
Now we have 2 ways for substitute. First is to create static mail-enabled security group and combine with batch program, but it's much tougher than creating dynamic security group. Second is to use Office365 group, but this will have unnecessary apps. Anyway, both way is nonsense.
If Microsoft implements "Dynamic mail-enabled security group", I'm sure it makes our business easy. -
Jennifer L. Newmark
commented
It's very disappointing that it took more than A YEAR for Microsoft to respond to this, and 2 1/2 years later it's STILL a problem. Pretty much any business over 50 or 100 people needs this functionality.
Come on, Microsoft! With COVID-19 changing the way the world works, this functionality is needed more than ever!
-
Sebastian Stüpp
commented
We need this too. Annoying!
-
David Mowers
commented
Not having this functionality is making a hash out of our security policies and complete disconnect between things like DLP and other security policies. It's odd this one is taking so long. Seems like it should be pretty simple.
-
Anonymous
commented
This is essential for Exchange Scoping. New-ApplicationAccessPolicy -PolicyScopeGroupID. As we move from LegacyAuth to Modern Auth, we are finding more and more apps that need Application permissions and we have a need to scope those applications to a security group. Those groups have to be dynamic. Example: We need this application to ONLY access mailboxes in UK. We need this application to ONLY access Mailboxes for the Tax Service line.
-
Tony Richardson
commented
We need this now, I need to create dynamic distribution groups with memberships based on job title and functions for communications during the COVID-19 pandemic.
Either that or allow mail enabling of azure dynamic security groups
-
Andreplusplus
commented
Alternatively, for my purpose (Azure Information Protection, add group to sensitivity label policy; have users and groups synced from on-prem AD) it would also be great if Directory synced objects can be used in AIP policy assignment
