The future of Group Member Management: How Microsoft is leading the way with automation

|

Microsoft automatically adds and removes employees to and from Microsoft 365 groups using Group Membership Management.

Microsoft Digital storiesJust as it is for everyone, maintaining accurate groups for email and apps such as Microsoft Viva and Microsoft Teams is challenging for us internally at Microsoft.

Adding and removing employees from groups has been mostly a hand-cramping manual task, and this is especially true for large organizations like ours, where group membership management is daily work. Amidst all the life shifts that employees experience––role changes, department transitions, taking leaves, moving to hybrid or remote offices––it’s hard for our admins to keep our groups 100 percent current.

Johnson smiles while riding on a boat on a sunny body of water.
The way we think about group member management was ready for transformation, says David Johnson, a principal program manager for our Microsoft Digital Employee Experience team.

And when a group is out of date, people get left out of meetings and communications while others get access to information that’s no longer relevant or, worse, something they should no longer be able to see.

“Manually managing the groups was the old way,” says David Johnson, a principal program manager for our Microsoft Digital Employee Experience team, the organization where we power, protect, and transform the company. “Especially now with hybrid workspaces, you need connection between the leader and organization in many ways, and you don’t want to have to manually manage that space.”

Entering data by hand is also an error-prone process that we needed to move beyond. Our Microsoft Digital Employee Experience team responded by building an automated solution that improved our inclusion, compliance, and security.

[Learn more about Microsoft’s data governance strategy. Discover how to set up Dynamic Groups in Microsoft Azure Active Directory.]

Automating group membership management

A few years ago, there was a growing desire to automate Microsoft 365 group membership. As people started to realize the benefits of Microsoft 365 applications for effective live event and community management, the need for a solution to allow rule-based membership management became increasingly intense. However, at that time, there was no good solution readily available to meet these needs. Microsoft needed to manage live events and communities that involved large organizations, and there was not a good solution readily available. For example, organizations eagerly wanted to leverage Microsoft Yammer (we’re now using Microsoft Viva Engage) broadcasting to keep employees connected and engaged with leaders, but maintaining accurate Yammer community members was a manual task. Furthermore, before the shift to the cloud, groups were nested, which means they were folded into hierarchical layers, and each team took the responsibilities to manually manage the immediate team membership and contribute to the parent group level.

In the cloud, group membership is managed in a flattened way.

While this structure ensured security and compliance, it also compounded the complexity for manual membership management. Reestablishing roles and permission for every group member in all apps had to be done one at a time by hand, which likely only benefited the businesses of carpal-tunnel therapists.

The tedious processes required were unwieldy. Maintaining accurate membership is a multi-step process involving batch exporting member lists from HR systems, manually scrubbing from multiple Excel worksheets, then identifying the members to be added or removed. As soon as someone joined or left an organization, an admin would have to do this all over again.

Group membership was only accurate on the day it was entered, so groups were frequently out of date. Sending personalized messages to individuals with a commonality (such as a holiday, disaster, or local celebration) required manually updating group membership: a time-quaffing undertaking.

“Reaching everyone was so important to us, but the technology to maintain aliases wasn’t there,” says Cindy Jensen, a senior executive assistant with Microsoft Customer and Partner Solutions, one of Microsoft’s Sales and Marketing organizations with over 100,000 people. “Our volumes were too large.”

We said, let’s build something. We can automate membership management.

—Olivia Han, a senior program manager with Microsoft Digital Employee Experience

Han smiles as she kneels in a field of tulips.
Group Membership Management dynamically manages the membership of groups in Microsoft Azure Active Directory, says Olivia Han, a senior program manager with Microsoft Digital Employee Experience.

Microsoft Digital Employee Experience dedicated themselves to the challenge of making group member management a better and less manual process.

Engineering an answer

At Microsoft, we realized we had a significant issue back in 2017. We had to manage Yammer communities and live broadcast streams in particular. The demand for reaching broad audiences, especially C-suite level audiences, initiated our journey to find a solution.

“We said, ‘let’s build something,’” says Olivia Han, a senior program manager with Microsoft Digital Employee Experience. “We can automate membership management.’”

And they did.

The tool—broadly launched internally at Microsoft in 2021—is called Group Membership Management (GMM). It’s a solution that dynamically manages the membership of Microsoft Azure Active Directory (AAD) Groups. Once it’s set up, it automatically updates when HR data changes and when other source groups membership changes.

Microsoft already has the powerful Dynamic Groups feature in Microsoft Azure Active Directory, which allows attribute-based groups. GMM is needed for large leader-based groups and all of their reporting hierarchy. Now, source groups can have thousands of levels of nesting.

We never have to think about our aliases again, and we always know our communication is going to the right group.

—Cindy Jensen, a senior executive assistant with Microsoft Customer and Partner Solutions (MCAPS)

“Putting people in groups and taking them out of groups may sound trivial from an outsider’s perspective, but what I’ve come to really love and appreciate about the project is the scale,” says Paul Daly, a principal software engineering manager with Microsoft Digital Employee Experience. “The scale and impact of this problem necessitates that we focus on both performance and reliability.”

A visual depiction of the various examples of Microsoft’s use of Group Membership Management in Microsoft 365 and Microsoft Viva.
Microsoft automatically populates group members in Microsoft 365 and Microsoft Viva using Group Membership Management.

Benefitting from automation

Admins at in Microsoft’s Sales and Marketing organization and its more than 100,000 employees were very happy once they were able to start taking advantage of GMM.

“We never have to think about our aliases again, and we always know our communication is going to the right group,” Jensen says. “I set my groups up once—I update them never.”

Automating group membership has resulted in dramatic error reduction, which means there are far fewer security risks posed by stale membership and inappropriate access.

“Admins can now focus on more impactful work that can’t be automated,” Han says. Unsurprisingly, freedom to give their attention to other projects is among the first-mentioned benefits by administrators who have leveraged the GMM solution.

We want everybody to feel valued and included. Group Membership Management gives us that.

—Cindy Jensen, a senior executive assistant with Microsoft Customer and Partner Solutions (MCAPS)

In addition to stronger security, Jensen in Microsoft’s Sales and Marketing organization celebrates the role of accuracy in enhancing inclusivity. When group membership is updated automatically and daily, no one is forgotten or left out, and Jensen says that now she can make special groups on the fly to send personalized messages with very little effort.

She made aliases for people who celebrate Diwali so she could wish them a joyful one. She’s created aliases for people living in the Puget Sound area so they could participate in a huge annual Microsoft Give drive. This wasn’t easily achievable before.

“We want everybody to feel valued and included,” Jensen says. “GMM gives us that.”

Making automated group membership management more accessible

Now, nearly anyone can leverage GMM. It’s an open-source application that’s available to everyone on GitHub.

“Customers needed it,” Han replies when asked why it’s open source. Microsoft did not want to withhold the tool from the public while it waits for a home in within a product.

“What’s cool about GMM, the version that’s on GitHub, is that it’s actually the same version that we run internally,” Daly says.

Key Takeaways
Group Membership Management has been a lifesaver for Microsoft groups, and its engineers continue to enhance its sophistication. Here are words of wisdom for anyone wanting to leverage the benefits of Group Member Management for their organization.

  • Consider leveraging GMM to take advantage of a variety of scenarios that Group Member Management enables, including creating Yammer communities for specific audiences, giving live broadcasts via Microsoft Stream to individual organizations, and making secure, collaborative environments for teams to finish projects.
  • Evaluate your data so that you have the right attributes in place for automated group member management.
  • Think about who gets access as part of your governance policy. Good group member management encourages strong security practices while also promoting inclusivity.
  • Tell your IT developer that the opensource code for Group Member Management is on GitHub today. (Eventually this functionality will be incorporated into an existing Microsoft product.)
  • Once you’ve deployed Group Membership management, have fun creating groups with commonalities––such as holidays and regions––to craft personalized messages that enhance company culture and inclusivity.

Related links

Recent