SOLVED

Enforcing membership without using Dynamic Groups

Frequent Contributor

Hi

 

We are currently preparing to launch Yammer in our company with ~7,000 employees. We need a way to ensure users are following certain communities, typically a location-related community, but we do not want to use Dynamic Groups, because they do not allow manual adding of membership - we want to allow users to join a community that they a not automatically members of if they are interested.

 

My conclusion is that this is only possible to achieve by creating a synchronization job between an AD or AAD group with the Yammer group. Do you agree? Can you suggest other solutions?

3 Replies
Does it mean to enforce users to follow some communities, and for other communities they would have freedom to choose to follow by themselves? If that is the case, I would just assign members by myself for the enforced communities, and maybe post announcement in All Company communities about community directory they may interest.
best response confirmed by Dan Holme (Microsoft)
Microsoft Verified Best Answer
Solution

@Jakob Rohde yes there is!

 

I'm assuming the scenario here is enforce group membership, so that certain communities are well-defined and can be used to communicate with and engage specific employees. The caveat to this scenario is "hotel California" groups--you can never leave ;)  

 

I'm a huge fan of GROUP MEMBERSHIP MANAGEMENT (GMM), a tool which was built inside Microsoft to support our own group management--we use it heavily to manage and drive group memberships. We 'productized' and open-sourced the tool here:
Home · microsoftgraph/group-membership-management Wiki · GitHub

 

It's something that IT will need to set up, but it's not super burdensome.

 

At Microsoft, we then get a business-facing 'request form' where we can request that GroupA (the target group) should include members from GroupB and GroupC (the source or 'nested' groups).  Members are then synced--the source groups are authoritative

 

What that means is that you can't add "ad hoc" members to Group A--they will be removed if they're not a member of either B or C.  The solution is to have an additional group, let's call it GroupD, the sole purpose of which is to define the "additional" users who you need in GroupA.  While it sounds complex, it's a pretty standard approach and ends up with a true "role-based" group management--GroupD simply defines the "exceptions to the rule".

To avoid "hotel california", the trick is to allow people to "leave" the source groups. 

 

Having spent 20 years in group management, I can highly recommend GMM.  And it's free.


ADDITIONALLY:

  • You can turn to partners who have group management solutions. There are several out there, including AvePoint [for whom I worked awhile ago] that a number of customers use. These solutions have robust UXs for group management, workflows, approvals, attestations etc.  For a customer of 7k employees, I think a 'professional' group management tool is a very wise investment for all kinds of reasons!
  • Dynamic groups in Azure AD will be adding support for rules based on MemberOf in 2022. This will allow you to define a dynamic group, GroupA membership = MemberOf(GroupB)+MemberOf(GroupC)+MemberOf(GroupD). Will achieve the same result as GMM, with a native solution. Will still require the same workaround: GroupD is the "exception members of GroupA" group.

 

Hope this helps!

Thanks a lot, Dan. Much appreciated! We will check it out.
www.000webhost.com