Guideline Information
Scope
The Guidelines apply to all Office 365 Groups whether created through Outlook, Planner, Microsoft Teams, Stream, Yammer, or any other application using the Office 365 Groups membership service, and similarly covers content generated while using any of the resources and features within Office 365 Groups, including but not limited to:
- Shared inbox
- Shared calendar
- Shared OneNote notebook
- SharePoint Team site and document library
- Planner
- Microsoft Teams chat
- Yammer feed
Audience
The Guidelines apply to all Vanderbilt faculty, staff and students, as well as to contractors or agents engaged by a department or employee, or any individual using Vanderbilt University IT resources, whether on-campus or remotely. The Guidelines also apply to alumni, external consultants and partners, and any other guests or external users that may have authorized access.
Governing Policies
Users of the Office 365 service are governed by policies of the Electronic Communications and Information Technology Resources Policy and the Acceptable Use Policy. Failure to comply may result, at a minimum, with suspension of service.
Appropriate Use and Eligibility
- Office 365 Groups (herein referred to as “Groups”) enables teams to come together and communicate in a shared collaborative workspace and provides a collection of resources for team members to share, and as such Groups should only be created where there is a need to collaborate and communicate between a number of users, such as a team.
- Groups should never be created for individual use. Individuals should use their OneDrive for Business space when working on documents with a smaller number of collaborators (e.g. 1:1 or 1:few). Groups with less than three users may be subject to removal.
- All current staff, faculty, and students of Vanderbilt University, with an active Vanderbilt email account, are eligible to create Groups through self-service in Outlook, Planner, Microsoft Teams, Stream, Yammer.
Group Owners
- The user who creates a Group is automatically assigned the role of the Group owner.
- Group owners have administrative privileges in the Group. An owner can add or remove other owners, members and guests, approve requests from members to add a guest, and have unique permissions like the ability to delete conversations from the shared inbox. Group owners can change the display name of the Group, update the description or picture, change Group settings, and more.
- Owners have the ability to connect an existing Group (applies to private Groups without hidden membership) to a Microsoft Team (refer to: Create a team from an existing group).
Group Owners are responsible for:
- Reading, understanding and adhering to the Guidelines, including governing University policies, standards, and best practices.
- Ensuring that the Group has been named appropriately, a description of the Group has been provided.
- Ensuring that the Group has at least two active owners.
- Ensuring that new owners are appointed prior to their departure from the Group.
- Ensuring that access to the Group and associated content is managed appropriately. This includes removing access when access is no longer needed or warranted.
- Ensuring that storage space is used optimally and that University Records are managed in accordance with the Vanderbilt University guidelines and practices.
Group Members
- Group members are the individuals who use the Group to collaborate. They have shared access to everything in the Group but can’t change Group settings or manage users. Group members can invite guests (subject to owner approval) to join the Group.
Group members are responsible for:
- Reading, understanding and adhering to the Guidelines, including governing University policies, standards, and best practices.
Group Identification and Naming
- Group names should not give a false or ambiguous idea of, or misrepresent, the Group. As such they should not include unfamiliar acronyms, general terms, personal name(s), or names that have priority by other departments or business unit of which they are not affiliated with (e.g. HR, VUIT, Provost’s Office etc.).
- The Group name can include hyphens and/or underscores. Any other special characters will not appear in the Group ID, and thus the Group’s email address.
- A Group with an inappropriate or objectionable name or content may be removed at any time.
- Names containing offensive characters or words will be subject to immediate removal.
- If you are uncertain about naming the Group, please contact VUIT before creating it.
Privacy Settings
- Private Group: Only approved members and guests can access the Group.
- Public Group: Access is open to all Office 365 users including staff, faculty, students, alumni, retirees, and invited guests.
- Note: The default privacy setting for a Group is Private. Group owners can change the privacy setting (refer to: Make Office 365 groups public or private).
Hidden Membership
- Hidden membership parameter can only be set at the time of Group creation by an Office 365 administrator and cannot be changed after the Group has been created. If you would like a Microsoft Team with hidden membership, please create a “Classes” Team through Microsoft Teams self-service (refer to: Create a team for classes in Microsoft Teams).
Data Retention and Removal
- In establishing a Group, a Group owner is considered to be the Information Custodian. An Information Custodian is responsible for maintaining appropriate controls to guard against unauthorized access, modification or deletion, and inappropriate use or disclosure, whether intentional or unintended, of records within the Group’s shared space.
Inactive Groups
- Information Custodians need to be aware that Groups that have been inactive for a period of 2 years or more may be deleted by VUIT. VUIT will notify Information Custodians prior to deletion, but if they receive no response, the Group will be deleted. If a Group is deleted, by VUIT or proactively by an Information Custodian, all the records associated with the Group’s shared space will be deleted as well.
Group without Owners
- Information Custodians and Group members need to be aware that ownerless or orphaned Groups may be deleted by VUIT. VUIT will notify Group members prior to deletion, but if they receive no response, the Group will be deleted. If a Group is deleted by VUIT, all the records associated with the Group’s shared space will be deleted as well.
Recovery
- Group owners have the ability to delete a Group, but do not have the ability to recover a Group. Note: if you delete an Outlook group, Planner plan, Stream group, Microsoft Team or Yammer group, you are deleting the underlying Group and all of the Group’s content.
- The content of a deleted Group may be recoverable by an Office 365 administrator provided that a request to recover is made within 30 days from the date of Group deletion. Beyond the 30 days the Group cannot be recovered. The Group owner can make a recovery request by contacting VUIT.
Sharing with External and Anonymous Users
- Sharing with external and anonymous users is enabled for Groups.
- External and anonymous users are users who do not have a license to the Vanderbilt University Office 365 subscription and are limited to basic collaboration tasks through the use of sharing links. If you or your group perform work that involves sharing documents or collaborating directly with vendors, contractors, consultants, researchers, clients, or customers outside of Vanderbilt University, you can use external sharing features of SharePoint Online to give them access to certain areas of the Office 365 Group, Microsoft Team, or to specific files and folders in an associated SharePoint Team site or document library. For more information on sharing links and external sharing capabilities, refer to: Share SharePoint files or folders.
- External users must not be granted any admin privileges.
- Group owners and/or members are responsible for ensuring that external user access is removed and anonymous sharing links are disabled when no longer needed or warranted.
- If information within the Group should never be shared with external users, group owners can request a more restrictive sharing option by contacting VUIT.
Guest Access
- Guest access is enabled for Office 365 Groups and Microsoft Teams.
- Guests are users who do not have a license to the Vanderbilt University Office 365 subscription, and only require a valid email address to be added to a Group as a guest member.
- Guests can participate in Group conversations, receive and respond to calendar invitations, and access the Group files. For more information, including guest capabilities, refer to: Guest access in Office 365 groups and Guest Capabilities in Teams.
- Group owners are responsible for ensuring that only those that need access are added as guests and that guests are removed when access is no longer needed or warranted.