As Yammer becomes a core service for your organization, you'll want users to be able to log into it seamlessly, just like any other Office 365 service. Additionally, you'll probably want to maintain a single identity for all Office 365 users for easier user management. You can achieve both of these goals by enforcing Office 365 identity in Yammer. By enforcing Office 365 identity in Yammer and configuring password hash sync, pass-through authentication, or Understanding Office 365 identity and Azure Active Directory for Office 365, admins can achieve single sign-on (SSO) capabilities for all services in Office 365, including Yammer.
How enforcing Office 365 identities in Yammer works
In the Microsoft 365 (previously known as Office 365) Connected Yammer Groups section, the Status for your network will change to Enabled. Any new groups created in Yammer that are eligible will automatically be created as Microsoft 365 connected groups. After about one week, existing eligible groups will be converted to Microsoft 365 groups. This blog provides a short comparison between Office 365 Groups and Yammer Groups. Office 365: The New Flagship Offering. Office 365 is a suite of Microsoft products that used to be on-premise offerings and now are available as a SaaS offering. Office 365 Groups was announced in the fall of 2014 and at the recent Microsoft Ignite Conference—a.
The following flowchart shows what happens when a user logs in to Yammer.
- Yammer Office 365 Our digital workplace expertise coupled with our Microsoft technical knowledge means we are perfectly placed to help you roll out Yammer across your employee community and encourage its adoption.
- Rely on the same enterprise-level security, compliance, and management features of Microsoft 365 to help protect data. Analytics from the Office admin center and insights in Yammer make it easy to understand activity and measure impact.
- If your group is a Microsoft 365 connected group, you can manage many aspects of your group through the Microsoft 365 admin center, in addition to managing them through Yammer as discussed above. All groups from Yammer networks that are in Native Mode will be manageable through these admin centers.
Below is the user's login experience when Office 365 identity is and is not enforced for Yammer:
A user tries to login to Yammer, and is presented with a login dialog box.
The user enters his or her email address.
When Office 365 identity is enforced, the user is prompted to login with his/her Office 365 identity. If the customer has implemented the federated identity model in Office 365, the user will log in with single-sign-on.
When Office 365 identity is not enforced (this is the default setting), if there is an Office 365 account corresponding to the user's email address, the user is prompted to log in with his or her Office 365 identity.
When Office 365 identity is not enforced (this is the default setting), if there is no Office 365 account corresponding to the user's email address, the user is prompted to log in with his or her Yammer identity (email and password)
The following table compares the user login behavior when Office 365 Identity is enforced or not enforced. Note that Office 365 identity is not enforced by default.
Is Office 365 identity enforced? | Is there an Office 365 account for that user's email address? | What happens when the user logs in: |
---|---|---|
Yes | Yes | The user is prompted to log in with his or her Office 365 identity. |
No | Yes | The user is prompted to log in with his or her Office 365 identity. |
No | No | The user is prompted to login with his or her Yammer identity (email and password). |
Start enforcing Office 365 identity in Yammer
It takes just a few steps to start enforcing Office 365 identities in Yammer. However, turning this setting on can accidentally disrupt users' access to Yammer. So before you begin, do the following to make sure your Yammer users can continue working smoothly:
Make sure all current Yammer users have a corresponding Office 365 identity. When you enforce Office 365 identities for Yammer, any user without a corresponding Office 365 identity will be locked out of Yammer. So before you begin, make sure that all of your current Yammer users have corresponding Office 365 identities. One method to check this is to go to the Export Users page in Yammer and export all users. Then compare that list to the list of users in Office 365 and make any changes required.
Tell your users about this change. We strongly recommend that you tell users that you are switching to enforce Office 365 identities, because it can disrupt their day to day usage of Yammer. We have provided a sample email you can use in the settings below.
You must be a global administrator on Office 365 who was synchronized to Yammer as a Verified Admin to perform these steps. To check if your account was synchronized, you can go to the Network Admin page on Yammer and check the Admins section. Global administrators will sync to Yammer only if their user principal name (UPN) in Office 365 matches a domain on Yammer. The following screenshot shows what a synced admin looks like on the Admins page in Yammer.
If you are ready to enforce Office 365 identity in Yammer, follow the steps below.
To start enforcing Office 365 identity in Yammer
Yammer Office 365 Download
In Yammer, go to the Network Admin section, and choose Security Settings.
In the Security Settings page, go to the Office 365 Identity Enforcement section and select Enforce Office 365 identity.
You must be both a Yammer verified administrator and a global administrator to see this section.
You see a confirmation message that asks you to select the most appropriate level of enforcement:
Committed Enforcement: Choose this option if all of your Yammer users already have an Azure Active Directory (AAD) account.
Important
Once you save this change, you won't be able to undo it, and your users won't be able to log in using their Yammer usernames and passwords anymore.
Temporary 7-Day Enforcement: Choose this option if you're testing the enforcement of Office 365 identity on your network, and may need to revert it back. Once you save this change, a temporary enforcement period of seven days will begin, and your users won't be able to log in using their Yammer usernames and passwords anymore. After seven days, your network will automatically be committed to Office 365 Identity enforcement.
If you want, you can automatically log out all current users, so that you can be sure that everyone using the Yammer service has logged in with their Office 365 identities. If you want to do this, select the Log out all users checkbox. If you choose to do this, we recommend that you communicate this change to your users by using the following sample email.
Subject Line: [Action Required] Log back in to Yammer
Hi,
This email is to let you know that [ORGANIZATION'S NAME] is making changes to the way we all access Yammer. If you're currently working on Yammer, then we may temporarily interrupt you by logging you out. It's necessary for us to securely set up Office 365 sign-in for Yammer.
You can resume your work immediately by logging in to Yammer using your Office 365 username and password.
We've made this change so that you can access all of Office 365 with a single identity. If you're unable to log in using your Office 365 username and password, please let your network administrator know.
Thank You,
[SIGNATURE]
If you are ready to start enforcing this setting, select Okay. This returns you to the Security Settings page where the Enforce Office 365 identity in Yammer checkbox is now selected.
Note
You can also select Start blocking users who don't have Yammer licenses to ensure that only users with Yammer licenses can login to Yammer.
Choose Save to save all your settings on the page.
If you don't choose Save but instead navigate away from the page, your settings will not take effect.
Stop enforcing Office 365 identity in Yammer
Important
You can only stop enforcing Office 365 identities in Yammer when you are in the temporary 7-day enforcement period.
When you stop enforcing Office 365 identities in Yammer:
Any users who were already logging into Yammer with their Office 365 identities will be unaffected by this change.
Other users can join your network by signing up with their work email and verifying it.
If you no longer want to enforce Office 365 identities, you can follow the steps below to stop. You must be both a Yammer verified admin and a global administrator to perform these steps.
To stop enforcing Office 365 identity in Yammer
In Yammer, go to the Network Admin section, and choose Security Settings.
In the Security Settings page, go to the Office 365 Identity Enforcement section and clear the Enforce Office 365 identity checkbox.
You see a confirmation message so you can verify that you are ready to stop enforcing Office 365 identity.
Select Okay to confirm your choice.
This returns you to the Security Settings page where the Enforce Office 365 identity in Yammer checkbox is now cleared.
Choose Save to save all your settings on the page.
If you don't choose Save but instead navigate away from the page, your settings will not take effect.
FAQ
Q: Once Office 365 Identity Enforcement is set to 'Committed Enforcement', why can't I revert it back?
A: Once your organization has committed to enforcing Office 365 identity and has one Office 365 tenant associated with a single Yammer network, connected groups will be enabled for this network.. In this configuration, whenever a group is created in Yammer, a connected Microsoft 365 group is also created, and users can take advantage of tools like SharePoint, Planner and OneNote connected to the group. At this point, reverting the Enforce Office 365 Identity setting will be disruptive to the user experience, since users who login with their user names and passwords cannot access these connected resources any more.
Q: How will this change impact guest and external users?
A: Guests and external users will continue to follow the login settings and requirements of their home network, and will be unaffected.
Q: How long does it take for this setting to be applied?
A: Enforce Office 365 Identity is applied immediately after the setting is set.
Q: We use the same ADFS configuration in Yammer and Office 365. Should we log users out during the transition?
A: Yes. Logout ensures all users logged in after that are connected to their Office 365 identity, which connects users for user lifecycle management from Office 365 and also provides a consistent experience for them, with things like Office 365 suite navigation.
Q: What is the experience for users being logged-out when enforcing Office 365 identities?
A: Users will be logged out of their web and mobile sessions immediately and will be required to login in all their devices and browser sessions again, this time using their Office 365 identity configuration and credentials.
Q: How can I audit and clean up Yammer users when compared to Office 365 and Azure AD?
A: You can audit Yammer users in networks connected to Office 365 and take appropriate actions based on it. See more information and examples in How to audit Yammer users in networks connected to Office 365.
-->If your Yammer network is eligible, you can use Microsoft 365 connected groups in Yammer.
You can tell if a group in Yammer is a Microsoft 365 connected group when you see the Microsoft 365 Resources section in the right navigation of the Yammer group:
Advantages of using Microsoft 365-connected groups
Microsoft 365 connected groups have many advantages over non-connected Yammer groups:
- Access Microsoft 365 services, including a SharePoint Online team site and document library, a OneNote notebook, a plan in Planner, from within Yammer. Also includes integration with Power BI and Stream.
- Create and host live events (Live events in Yammer)
- Use Office 365 connectors to add apps to classic Yammer (Add apps to Yammer)
- Manage who can create Microsoft 365 groups (Manage who can create Groups)
- Use dynamic groups to automatically update group membership from Azure Active Directory (Create a dynamic group)
- Edit group membership from various apps. Changes to membership made in one Microsoft 365 app apply to other Microsoft 365 apps.
- Use data classification to create your own classifications of Microsoft 365 groups, such as unclassified, corporate confidential, or top secret. (Configuring group settings)
- See the group in the Global Address List (GAL) in Outlook.
- Monitor group usage with the Microsoft 365 groups activity report. (Microsoft 365 Groups activity report)
- Create optional groups naming policies. (Microsoft 365 Groups naming policy)
- Use the optional group expiration policy to help clean up unused groups. See Microsoft 365 Group Expiration Policy
- Use planned additional features that will only be available with connected groups. This includes getting local data center residency for newly uploaded files that are stored in SharePoint. (Microsoft 365 Roadmap)
Yammer configuration required to use Microsoft 365 connected groups
To use Microsoft 365 connected groups in Yammer, make sure your Yammer network meets the following requirements:
You must enforce Office 365 identity for Yammer users. When you first enforce Office 365 identity there is a seven-day trial period, after which the Status of your Office 365 Identity Enforcement changes to Committed.
Since October 16, 2018, all Yammer networks must be in a 1:1 network configuration. This means you have one Yammer network that is associated with one Office 365 tenant. This is required as of October 16, 2018. For more information, see FAQ: Consolidating multiple Yammer networks.
Note
If you want to ensure that all of your groups are connected, please align your network to Native Mode. To learn more about Yammer in Native Mode, see Overview of Native Mode.
Here's how the process works after your network becomes eligible for connected groups:
About 24 hours after the Status in Office 365 Identity Enforcement changes to Committed:
In the Microsoft 365 (previously known as Office 365) Connected Yammer Groups section, the Status for your network will change to Enabled.
Any new groups created in Yammer that are eligible will automatically be created as Microsoft 365 connected groups.
After about one week, existing eligible groups will be converted to Microsoft 365 groups.
For a group to be eligible, the following criteria must be met:
The group owner must have Microsoft 365 group creation privileges. By default, all Microsoft 365 users have this privilege.
The group must be a public or private internal group. Unlisted private groups and external groups can't be Microsoft 365 connected groups.
The group must have an owner, and it must have members.
What happens when you create a new Microsoft 365 connected Yammer group
When you create a Microsoft 365 connected group from Yammer, in addition to your regular Yammer group features, the new Microsoft 365 group is created, and a new SharePoint site and document library, OneNote notebook, and Planner are created for the group. These resources can be accessed from the Yammer group page in Yammer.
If your network has the Yammer files stored in SharePoint feature that began rollout in December 2018, new files added to the group are stored in SharePoint. To see where Yammer files are stored for your network, go to How do I tell where my Yammer files are stored?
Important
If you create a Microsoft 365 group from any other app such as Outlook, it will not include Yammer. To have the connected group include Yammer, you must create the group in Yammer.
Yammer networks in Native Mode
When your group is a Microsoft 365 connected group, you can manage many aspects of your group through the Microsoft 365 admin center, in addition to managing them through Yammer as discussed above. All groups from Yammer networks that are in Native Mode will be manageable through these admin centers. Some of the management capabilities that can be done through the Microsoft 365 admin center include:
- Add or remove group members
- Manage group ownership
- Delete a group
- Restore a deleted group
- Rename the group
- Update the group description
- Change the group's privacy setting
Email and Microsoft 365 connected groups
In a connected group set up from Yammer, you can have group conversations in Yammer or in Outlook. You can send an email to a group in Yammer and it will appear in the group's Yammer messages, or use the group's name from the Outlook global address list (GAL) to send email to the group that goes directly to Outlook.
Your company can continue to use groups in Yammer and groups in Outlook based on which group type better fits the scenario for a team.
Email notifications for Yammer messages may be sent to users depending on the preferences that they have set in their Yammer notification settings. This applies both to connected and non-connected groups.
Plans for additional integration with Microsoft 365 groups
Yammer's integration with Microsoft 365 Groups started in 2017. Subsequent phases will address remaining groups types and deliver integration with Outlook calendar and enhancements for SharePoint and Planner. The best place to stay informed of change management is to follow the Yammer updates on the Microsoft 365 Roadmap.
FAQ - Network eligibility
Q: I'm an admin, how do I know if my Yammer network is configured correctly and eligible for Microsoft 365 connected Yammer groups?
A: In the Yammer admin center, go to Network Admin > Security Settings. In the Microsoft 365 (previously known as Office 365) Connected Yammer Groups section, the status for your network will show as Enabled.
Q: Can I disable Microsoft 365 Yammer connected groups?
A: No, but you can Manage who can create Groups. These restrictions do not apply to tenant admins.
Q: If I restrict who can create Microsoft 365 groups for my tenant, will the groups that restricted users create in Yammer be Microsoft 365 connected?
A: No. Groups created by people who you have restricted from creating Microsoft 365 groups will not be Microsoft 365 connected.
Q: If I have multiple Yammer networks that are mapped to Microsoft 365, will the Microsoft 365 connected Yammer groups work?
A: No. The Microsoft 365 connected Yammer groups experience will work only for Office 365 tenant that is associated with a single Yammer network. See Network migration: Consolidate multiple Yammer networks for information on how to consolidate your Yammer networks. This is required for all Yammer networks as of October 16, 2018.
Q: I don't want my existing groups to get connected to Microsoft 365. Can I turn this off?
A: No, but you can [Manage who can create Groups, which will also apply to the conversion of existing groups. Only groups with at least one admin with group creation privileges can be connected to Microsoft 365.
If you apply new a creation policy, this will not retroactively change groups that are already connected to Microsoft 365. This will only impact new groups moving forward.
Q: I have an unconnected group. How can I get it to be connected?
A: When your network first becomes eligible for connected groups, all groups that meet the criteria are converted to connected groups. After that, if a group that wasn't eligible becomes eligible, for example if your network has Microsoft group creation policies applied and you add a group admin with group creation permission, the group is not automatically connected. To have a group connected, you can submit a support request to have all eligible groups in your network connected.
FAQ - General
Q: What kinds of Yammer groups can be Microsoft 365 connected Yammer groups?
A: Currently, only private and public internal groups can be connected groups. External groups and private-unlisted groups will be included in a later wave.
Q: Can I make my Microsoft 365 connected Yammer group private and not list it in the Group Directory (secret)?
A: No. That setting is not available for Microsoft 365 connected Yammer groups.
Q: Can I use an existing group or SharePoint site for a Microsoft 365 connected Yammer group?
A: No, a new group and resources specific to that new group are created when you create a Microsoft 365 connected group in Yammer. You can't connect a new Yammer group to an existing Microsoft 365 group, an existing SharePoint site or SharePoint document library, or an existing OneNote notebook.
Q: Can I hide a Microsoft 365 connected group from the Global Address Book?
A: Yes. This requires using PowerShell. Use the following cmdlet:
Set-UnifiedGroup -Identity [group_name] -HiddenFromAddressListsEnabled $true
For more information about Set-UnifiedGroup, see Set-UnifiedGroup.
Q: Where can I create Microsoft 365 connected Yammer groups?
A: Microsoft 365 connected Yammer groups can only be created in Yammer. Microsoft 365 groups created in other locations do not include a Yammer group.
Q: Can I create a Microsoft 365 connected Yammer group from the Microsoft 365 admin center?
A: No, this will be added in later waves. However, for Microsoft 365 connected Yammer groups, you can manage members and delete groups from the Microsoft 365 admin center. Metadata updates can also be applied to groups from the admin center.
Q: Can I add external users to Microsoft 365 connected Yammer groups?
A: No. This will cause a sync failure because external users are not managed by Azure AD.
Q: How many members can my group have?
A: More than 1,000.
Q: What happens if I delete a Microsoft 365 connected Yammer group?
A: All the associated Microsoft 365 content associated with the group is deleted. This includes the document library, OneNote notebook and Planner plans. These resources are soft-deleted, and can be restored by your administrator for up to 30 days.
For more information about deleting a community or group, see Delete a community or group in Yammer.
Q: Does the Microsoft 365 group expiration policy apply to Microsoft 365 connected Yammer groups?
A: Yes. When a Microsoft 365 group is deleted because it expired, the Yammer group is deleted.
Q: Can I have a Microsoft 365 connected Yammer group with dynamic membership
A: Yes. Any Microsoft 365 connected Yammer group can be converted to dynamic membership. See Create a dynamic group for requirements and limitations.
Q: In a connected group, I see there are Yammer Files and a SharePoint Online Doc Library, are these the same thing?
A: No, these are separate locations to store files but the members of the group have access to both locations. Files attached to Yammer messages or uploaded in a Yammer Files page are stored in Yammer cloud storage, and files uploaded directly to the groups SharePoint document library are stored in SharePoint.
We recommend storing content that needs the structure and management capabilities of SharePoint in the group document library. For easy, quick sharing of images and documents, or to stream videos in Yammer, we recommend continuing to use the default Yammer cloud storage.
Note
As of December 2018, we are in process of rolling out Yammer files stored in SharePoint. When your network gets this new feature, new files uploaded to Yammer are stored in the group's SharePoint document library in the Apps/Yammer folder. Any files uploaded before your network gets this new feature remain in Yammer cloud storage. To see where Yammer files are stored for your network, go to How do I tell where my Yammer files are stored?
Q: Do my Microsoft 365 connected Yammer groups follow my Microsoft 365 group naming policy?
A: Yes. Any new group created in Yammer will add the prefix and suffix from the group naming policy, and will not allow blocked words in the group name. For more information, see Microsoft 365 Groups naming policy.
Note that Yammer group names can't contain the following characters: @, #, [, ], <, or >. If the naming policy includes any of these characters, regular Yammer users will not be able to create groups in Yammer. Microsoft 365 admins can still create groups in Yammer.
FAQ - Troubleshooting
Q: Only some of my groups were converted to Microsoft 365 groups. How do I get the rest of them converted?
When the automated conversion happened, it didn't convert groups that didn't meet the eligibility criteria. You can make the needed changes to make those groups eligible, and then create a support ticket to get them converted.
Before opening the support ticket:
Make sure all groups have an owner, and the owners all have Microsoft 365 group creation privileges.
Make sure all groups have members.
If you have unlisted (secret) groups, change them to private or public groups.
Yammer Office 365 Login
To find this information, you can do a data export and look in the groups.csv file. You'll need to cross-reference the owner list with the list of people who have Microsoft 365 group creation privileges.