Editor’s note: This story was written by a bot powered by Microsoft Azure OpenAI. The bot interviews subject matter experts in Microsoft Digital to generate new stories quickly. We have humans in the loop to ensure the accuracy and completeness of our AI-powered stories.
Engage with our experts!
Customers or Microsoft account team representatives from Fortune 500 companies are welcome to request a virtual engagement on this topic with experts from our Microsoft Digital team.
Just like it is for all large enterprises, maintaining accurate and secure group memberships enables our employees to collaborate effectively while also safeguarding our sensitive information internally here at Microsoft.
The Microsoft Group Membership Management (GMM) tool addresses this challenge head-on by providing a robust solution that simplifies group membership management while enhancing security and productivity across Microsoft. Initially developed to solve a challenge within Microsoft, GMM is now available on GitHub, giving other organizations to access to its capabilities.
The need for group membership management
GMM was designed to address two critical issues that companies like ours face:
- Collaboration barriers: When the right people aren’t in the group, collaboration tools are less effective.
- Security risks: When individuals retain access to groups unnecessarily, organizations face potential data exposure.
“One of our main priorities was to create a solution that balances seamless collaboration with stringent security,” adds Olivia Han, Senior Product Manager for GMM. “We wanted organizations to feel confident in their group memberships while making the process as intuitive as possible.”
Key features of GMM
The Group Membership Management (GMM) tool enables you to systematically manage your Microsoft 365 Groups by syncing members based on existing security groups, organizational structure, and personnel information. This tool helps you manage Microsoft 365 Groups in Viva Engage, Teams, Outlook, and other modern apps, enabling cloud-based collaboration and secure access to resources.
GMM was initially adopted across Microsoft organizations to help reduce the administrative overhead of keeping Microsoft 365 Groups membership updated. It was later launched as an open-source tool on GitHub, making it available to external customers. Go here to learn more on how to manage your groups.
GMM is a multi-source, multi-destination membership synchronization tool. It enables organizations to define group memberships based on user information from multiple sources and project those memberships into groups and even Microsoft Teams channels. Its standout features include:
- Flexible membership definition: Membership can be defined based on organizational structure, user attributes, and exclusionary rules. Depth limits ensure precision and control.
- Empowered group ownership: Group owners can define and manage their memberships independently, while administrators retain tools to protect sensitive HR information.
- Change threshold protection: To prevent accidental disruptions, GMM includes increase and decrease thresholds that require owner confirmation before large-scale membership changes.
Development journey and challenges
GMM began as a solution to project nested security group hierarchies into flattened Microsoft 365 groups, addressing the lack of native nesting support in Microsoft 365. Over time, the tool evolved into a comprehensive solution that uses a variety of Azure services, including Storage, Service Bus, SQL, Azure Data Factory, and Key Vault, among others.
“We’ve been laser-focused on adopting Microsoft Secure Future Initiative best practices,” says Paul Daly, a principal software engineering manager for GMM in Microsoft Digital. “Eliminating secrets, adopting managed identities, and moving resources to private networks have significantly improved our security posture. Scalability has been another ongoing focus, with innovations like a ‘multi-lane’ process to handle large membership changes without delays.”
Impact and integration
Internally at Microsoft, GMM has simplified maintenance for thousands of groups.
“Automating user additions increased the use of collaboration tools like Viva Engage, Teams, and Outlook groups,” Han says. “Removing unnecessary access not only boosts security but also gives us the confidence to enable features like Copilot.”
GMM has had a significant impact on personalizing and enhancing the employee experience at Microsoft. By managing groups based on tenure, GMM enables targeted content delivery on the intranet website and HR portal via Viva Connections, providing relevant information to new employees during their crucial onboarding period.
“Based on what our internal customers have told us, we know that GMM has eliminated days and even weeks of manual work that our business admins have to do to maintain accurate groups rosters,” Han says. “It has also mitigated security concerns, including reducing the risk of oversharing.”
Externally, organizations that have adopted GMM from GitHub have experienced similar benefits, and their feedback has driven continued improvements.
GMM integrates seamlessly with Entra ID groups and Team channel memberships, extending its impact across the Microsoft 365 suite, including Viva Engage, Teams, Outlook groups, Viva Connections, and CoPilot.
Looking ahead
The future of GMM is bright, with enhancements focused on usability, performance, and deployment:
- Improved user interface: Updates driven by internal and external feedback reduce admin effort and empower users.
- Enhanced scalability: The multi-lane process ensures timely completion of membership changes, even during large onboardings.
- Simplified deployment: Streamlining installation will make GMM more accessible for external organizations.
“We hope GMM’s features resonate with organizations and their use cases,” Daly says. “If so, we encourage them to give it a try and share their feedback via the GitHub repository.”
GMM exemplifies how Microsoft uses its own tools to solve real-world challenges and shares those solutions to help others achieve their goals. With its powerful capabilities and user-centric design, GMM is transforming the way organizations manage group memberships, fostering both collaboration and security.
Here are some tips for rethinking group management at your company:
- Simplified group management: GMM streamlines group membership management, enhancing both security and productivity across organizations.
- Addressing key issues: GMM tackles collaboration barriers and security risks by ensuring that the right people are in the right groups and removing unnecessary access.
- Robust features: GMM offers flexible membership definitions, empowered group ownership, and change threshold protection to prevent accidental disruptions.
- Development and scalability: Initially created to solve internal challenges, GMM has evolved into a comprehensive solution using various Azure services and focusing on scalability and security.
- Impact and future enhancements: GMM has significantly improved group management at Microsoft with ongoing enhancements aimed at usability, performance, and deployment.
