SDS Created Security Groups

Overview

School Data Sync (SDS) imports user data from the Student Information System (SIS). As each student and teacher is synced, SDS writes the student or teacher roles as an attribute on each user object in Azure Active Directory. Each student and teacher synced is also associated to one or more schools, which is written as another attribute on each user object. SDS uses this same information to create and manage several Security Groups, which has a variety of administrative uses within Azure Active Directory and Office 365.

SDS will create and keep these security groups updated over time as they change, as new students and teachers are synced, or school associations are updated in the SIS. To enable SDS Security Groups, navigate to the SDS Setting Page, and toggle on the Security Groups you want to create.

All Teachers

  • Contains all teachers synced via SDS

All Students

  • Contains each student synced via SDS

School Security Groups

SDS will create three Security Groups for each School synced:

  • Teachers - School Name

    • Contains all teachers synced and associated with the school
    • Example: Teachers – Contoso High School
  • Students - School Name

    • Contains all students synced and associated with the school
    • Example: Students – Contoso High School
  • School Name

    • Both the Teachers & Students security groups will be nested within the top level School Security Group
    • Example: Contoso High School

Enabling and Disabling the Security Groups

On the SDS Settings page, Security Groups can be quickly enabled or disabled by clicking the toggle switch for each group type.

Edu-Security-groups-1.png

Enabling Security Groups

After enabling the Security Groups in SDS, the groups will be created on the next sync cycle. SDS will create new groups and update group memberships on every sync cycle from that point forward.

Note

If you have already enabled Blocking students from using third-party apps, the "All Students" security option will be grayed out as it was created and is managed with this feature.

Disabling Security Groups

If the SDS Security Groups are disabled, SDS will stop creating and updating memberships for groups of that type. Once disabled, any existing Security Groups created by SDS can be edited or deleted manually, as needed. SDS will not delete previously created SDS Security Groups.

Using the SDS Created Security Groups

The SDS Security Groups can be used in a variety of administrative functions within Azure Active Directory and Office 365. Below are some of the most common uses of the SDS Security Groups:

  1. Intune for Education Device Policy - What is Intune for Education?
  2. Mobile Device Management - Create and deploy device security policies
  3. Group Based Licensing - Assign licenses to users by group membership in Azure Active Directory
  4. Conditional Access - What is conditional access?
  5. Group and Team Creation Policy - Manage creation of Groups
  6. Self Service Password Reset - Let users reset passwords
    - To target security groups for Password Reset, choose "Selected" instead of "All" on step 5.