🧩 Understanding Microsoft 365 Group Types

SharePoint Groups vs Microsoft 365 Groups vs Security Groups vs Contact Lists

🎯 Purpose

This article explains the different types of groups in Microsoft 365, what they are used for, and when to use each one. Understanding these differences helps ensure proper access control, governance, and collaboration across BYU-Idaho systems.

🧠 Quick Summary (Recommended Model)

📊 Full Comparison Table

🔍 Group Types Explained

1. SharePoint Groups (Site-Level Permissions)

What they are

• Groups that exist inside a SharePoint site
• Automatically created as:
  • Owners
  • Members
  • Visitors&wdpartid={c6c0f267-c91d-4ded-a1f9-a5a10db1c25b}{1}&wdsectionfileid={bc490b79-26f2-459f-a461-9efbc839af25})

What they’re used for

• Granting access to:
  • Sites
  • Document libraries
  • Lists

Key characteristics

• Not visible outside the site
• Cannot be used in Teams or apps
• Managed by site owners

✅ Best Practice

Use SharePoint Groups only as permission containers, and add other group types into them.

📌 Example (Music Department Site)

SharePoint Site: BYU Idaho Music Department

Owners Group
  → Luana (Office Manager)
  → Megan (Assistant)

Members Group
  → Security Group: Music Employees (Full Access)

Visitors Group
  → Security Group: Adjunct Faculty (Read Only)

2. Microsoft 365 Groups (Collaboration Groups)

What they are

A group that automatically provides:

• Shared mailbox
• SharePoint site
• Planner plan
• Teams (if enabled)

Adding a user gives access to all of the above at once&wdpartid={a540723d-d331-4f85-9030-4cc76010bc85}{153}&wdsectionfileid={d9f8ec3a-e305-4fa9-906e-ec761bdf6bd5})

What they’re used for

• Department collaboration
• Projects
• Committees
• Classes

📌 Example (Music Faculty Team)

Microsoft 365 Group: Full-Time Music Faculty

Members:
  → Faculty users

Resources automatically created:
  → Team (chat + meetings)
  → SharePoint site (files)
  → Outlook inbox
  → Planner board

✅ Best Practice

Use Microsoft 365 Groups when people need to:

• Communicate (chat/email)
• Share files
• Assign tasks

3. Security Groups (Entra ID Roles / “Modern Groups”)

What they are

• Centralized identity groups in Entra ID (Azure AD)
• Used for controlling access across systems

What they’re used for

• Assigning access to:
  • Applications
  • SharePoint sites
  • Teams
  • Licensing
  • Conditional Access policies

✅ Key Advantage

• Can be automated (dynamic membership)
• Supports future HR integration (e.g., Workday)
• Central source of truth

📌 Example (Role-Based Access Model)

Security Group: Music Employees
  → All full-time faculty

Security Group: Adjunct Faculty
  → Part-time instructors

Security Group: Music Admin Staff
  → Office assistants

Then:

SharePoint Members
  → Music Employees

SharePoint Visitors
  → Adjunct Faculty

✅ Best Practice (Recommended Governance Model)

Use Security Groups as the foundation:

Security Group (who should have access)
        ↓
Added to
        ↓
SharePoint Group (what access they get)

4. Contact Groups (Contact Lists)

What they are

• Personal email lists created in Outlook

What they’re used for

• Quick email distribution (personal use only)

🚫 Limitations

• Not visible to IT
• Not reusable by others
• Cannot assign permissions

📌 Example

Tony’s Outlook Contact List:
  “Music Leadership”

Used for:
  → Sending email to same group quickly

✅ Recommendation

Avoid using Contact Lists for:

• Departments
• Permissions
• Shared workflows

Instead use:

• Microsoft 365 Groups (collaboration)
• Mail-enabled Security Groups (distribution)

🧭 Putting It All Together (Visual Model)

            +-----------------------------+
            |   Security Groups (Roles)   |
            |  "Who should have access?"  |
            +-------------+---------------+
                          ↓
        +-------------------------------------+
        | SharePoint Groups (Permissions)     |
        | "What level of access?"             |
        +-------------------------------------+

        OR

        +-------------------------------------+
        | Microsoft 365 Groups (Collaboration)|
        | "Work together"                     |
        +-------------------------------------+

⚠️ Common Mistakes to Avoid

Mistake	Why it’s a problem
Using SharePoint groups across multiple systems	They only work within one site
Using Contact Lists for teams	Not governed or shared
Managing users manually everywhere	Hard to scale and maintain
Not using role-based groups	Prevents automation and HR alignment

✅ Recommended BYU-Idaho Approach

Based on current practices and future scalability:

1. Create Security Groups for roles

   • Tied to departments (Music Employees, Adjunct Faculty)

2. Use those groups in SharePoint

   • Assign permission levels

3. Use Microsoft 365 Groups for collaboration

   • When Teams / Planner / email are needed

This supports:

• Cleaner governance
• Easier onboarding/offboarding
• Future automation with HR systems

📌 Final Takeaway

• Security Groups = who gets access
• SharePoint Groups = what access they get
• Microsoft 365 Groups = how they collaborate
• Contact Lists = personal convenience only

---

Contact Us

If you still need help, call us at (208) 496-9009 or start a Live Chat with us.

Hours of Operation: Mon - Fri 7:30 AM - 8:00 PM, Sat 10:00 AM - 4:00 PM Mountain Time

(excluding weekly devotional, forum hour and University Recognized holidays)

Interested in learning more or getting your questions answered face-to-face?
Join our weekly Office Hour every Monday from 2–3 PM!
We meet at: https://itOfficeHour.byui.edu 

Everyone is welcome—bring your questions, ideas, or just drop in to connect!