Worried that it was a little too easy for team members in Office 365 Groups to collaborate and share data? Well, this morning Microsoft announced that it is tightening access to just about everything.

Groups enables Office 365 commercial and education customers to form team identities managed through Active Directory (AD). As a member of a group, users can access a common set of apps and permissions, depending on their Office 365 subscription.

This means that once accepted into a group, workers can access apps like Outlook, OneDrive for Business, OneNote, Skype for Business and Dynamics CRM — all the Microsoft apps where customer data is stored and exchanged.

Secure Groups

This morning, Microsoft unveiled a number of features that should help IT keep tighter control over who is accessing those apps as well as providing insight into what they are doing with the data. Three in particular stand out:

E-Discovery and Litigation Hold: Users can perform an e-discovery or legal hold on either a group’s mailbox using Exchange Admin Center or on group files using the Office 365 Compliance Center The Azure Management Portal: This now exposes group management events in the group audit report Dynamic Membership: Administrators will be able to create rule-based memberships using the Azure Management Portal

These capabilities, among others, will be in effect by February at the latest, according to Microsoft.

Microsoft is also extending Groups to cover Office Planner, Delve, Graph, Power BI and Yammer.

On The Way

Other upcoming improvements include support for privacy type conversion on existing groups, native data leakage prevention in group communication and file experiences, as well as deletion recovery.

Microsoft plans to protect data on the go by exposing the Outlook Groups apps in Microsoft Intune as policy managed apps.

Office 365 Groups are and have been, but security has always been a concern. With this announcement, Microsoft plugs a lot of the holes and promises to fill others as well.