**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody else.
I was working with a company last week and they could not wrap their heads around the need for so many different types of groups in Microsoft 365. To help them (and you) out, let me give you a quick primer.
There are five different types of groups in Microsoft 365. They are:
Security Group (SG): This is exactly what it sounds like… a group that you will assign security permissions to for cloud resources – OneDrive, SharePoint, and so on. Security groups can be added to teams in Microsoft Teams, and they can be configured for dynamic membership in Azure AD.
Distribution Group (DG): This is exactly what it sounds like… a group that has an e-mail address and to which you can send e-mail, which will then be distributed to all members of the group. While you cannot assign permissions to it (like a security group), they can also be added to teams in Microsoft Teams.
Mail-enabled Security Group: This combines a Security Group with a Distribution group. The group has an e-mail address (like a DG), and you can assign security permissions (like a SG). These groups cannot contain devices and cannot be managed dynamically.
Microsoft 365 Group (M365 Group): The M365 group is used for collaboration between users, who can be outside your organization. There is a group e-mail, as well as a shared workspace for conversations, files, and calendar events. Again, membership can be dynamic or static. Additionally, and this is another improvement over DGs, group members can send e-mail on behalf of the group.
Some features of M365 groups (including external collaboration and sending e-mail on behalf of the group) require an administrator to enables them.
Shared mailboxes: While these are not really groups per se, they are still a method of sharing information, and so we add them in. They give members access to a single mailbox (and calendar, if so configured). Because they are not strictly speaking a group, they cannot be converted or migrated to a M365 group.
I first learned about Security Groups and Distribution Groups in Windows Server 2000 classes; they have been around for a very long time. Mail-enabled distribution groups may have started in Exchange Server 2010, but they may pre-date that. Obviously, Microsoft 365 Groups are cloud-only, and are the newest of these. While the M365 is the newest, they are not supplanting any of the others as long as it does not have the complete functionality of the other groups. For example, devices can still only be added to Security Groups.
Knowing what type of group you have – or more importantly, what type of group you need to create – is a vital part of administering your Microsoft 365 environment.