👥 Why Use SharePoint Groups?
SharePoint groups are collections of users that share the same permission level. Instead of managing permissions for individual users, you manage them for groups - making permission management much more efficient.
Benefits of Group-Based Permissions:
- Scalability: Add 50 new employees to a group instead of setting 50 individual permissions
- Consistency: All group members have identical access, reducing confusion
- Maintenance: Change permissions once for the group, not individually for each user
- Auditing: Easily see who has access by reviewing group membership
- Delegation: Allow team leads to manage their own team's group membership
💡 Business Example: Your marketing team needs access to campaign materials. Instead of adding each marketer individually to every campaign folder, create a "Marketing Team" group. When a new marketer joins, simply add them to the group and they instantly have access to all marketing content.
🏗️ Default SharePoint Groups Explained
Every SharePoint site automatically creates three groups. Understanding their purpose helps you decide when to use them versus creating custom groups.
👑 [Site Name] Owners
Permission Level: Full Control
Default Members: Site creator
Can Do:
- Everything on the site
- Manage permissions
- Delete the site
- Access usage analytics
⚠️ Keep this small: Only 2-3 trusted administrators
👥 [Site Name] Members
Permission Level: Edit (customisable)
Default Members: None
Can Do:
- Create and edit content
- Manage lists and libraries
- Edit others' content
- Create pages
💡 Most common: Your regular team members go here
👁️ [Site Name] Visitors
Permission Level: Read
Default Members: None
Can Do:
- View content only
- Download files
- Subscribe to alerts
- View version history
🔍 Perfect for: External stakeholders, read-only users
📷 IMAGE NEEDED: Screenshot of SharePoint site permissions page showing the three default groups with their member counts and permission levels clearly visible
🚀 Modern Best Practice: Use Entra (Azure AD) Groups
Organisations will generally manage groups through its Entra ID instance, users should use an existing group where possible.
⭐ Why Entra Groups Are Superior
🔄 Unified Management
- Single source of truth for user memberships
- Automatic sync across all Microsoft 365 services
- Consistent access across Teams, SharePoint, Exchange
🤖 Better Automation
- Dynamic group membership based on user attributes
- Automatic access provisioning/deprovisioning
- Integration with HR systems
🛡️ Enhanced Security
- Conditional access policies
- Multi-factor authentication enforcement
- Better audit trails and governance
Entra Groups vs SharePoint Groups Comparison
| Feature |
Entra Groups ✅ |
SharePoint Groups |
| Scope |
Entire Microsoft 365 tenant |
Single SharePoint site only |
| Management |
Azure AD admin center |
SharePoint site settings |
| Automatic Membership |
Yes (dynamic groups) |
No (manual only) |
| Teams Integration |
Seamless |
No integration |
| Conditional Access |
Full support |
Limited |
| PowerShell Management |
Azure AD PowerShell |
PnP PowerShell |
💡 Business Recommendation: For new SharePoint implementations, always start with Entra groups. For existing sites with SharePoint groups, plan a gradual migration to Entra groups during your next governance review.
When to Use Each Type
✅ Use Entra Groups For:
- Department access: "Marketing Team"
- Role-based access: "Project Managers"
- Cross-service access: Teams + SharePoint + Exchange
- Dynamic membership: Auto-add based on job title
- Security requirements: Need conditional access
⚠️ SharePoint Groups Only For:
- Site-specific roles: "Site Collection Administrators"
- Temporary access: Short-term project contributors
- External users: Guests who aren't in your Entra
- Legacy migrations: During transition periods
📹 Video Tutorial: Adding Users to an Existing Group
Watch this step-by-step demonstration of how to add users to SharePoint groups efficiently.
🎥 VIDEO PLACEHOLDER
Content to include:
• Navigate to Site Settings → Site Permissions
• Select a group (e.g., "Marketing Team Members")
• Click "New" → "Add Users to this Group"
• Enter user emails or names
• Customise welcome email
• Demonstrate bulk adding multiple users
Duration: 3-4 minutes
💡 Pro tip: You can add multiple users at once by separating emails with semicolons
🆕 When to Create Custom Groups
Default groups work well for simple sites, but most businesses need custom groups for specific roles or departments.
Common Custom Group Scenarios:
- Department Groups: "HR Team", "Finance Department", "Sales Team"
- Project Groups: "Project Alpha Contributors", "Client XYZ Reviewers"
- Role-Based Groups: "Content Approvers", "Document Reviewers", "External Consultants"
- Location Groups: "Main Office", "Branch Office", "Remote Workers"
💡 Naming Convention: Use descriptive names that make the group's purpose clear. "Marketing_Contributors" is better than "Group1" or "Marketing".
📹 Video Tutorial: Creating a Custom Group
Learn how to create custom SharePoint groups with specific permission levels for your business needs.
🎥 VIDEO PLACEHOLDER
Content to include:
• Navigate to Site Settings → Site Permissions
• Click "Create Group"
• Set group name (e.g., "Marketing Team")
• Choose permission level (Contribute/Edit/Custom)
• Configure group settings (who can view membership, etc.)
• Add initial members
• Save and test permissions
Duration: 4-5 minutes
📋 Step-by-Step: Creating a Custom Group
Follow these steps to create a custom group for your marketing team:
Navigate to Site Permissions
Go to Site Settings → Site Permissions (or use the gear icon → Site Permissions)
📷 IMAGE NEEDED: Screenshot of Site Settings page with "Site permissions" option highlighted
Create New Group
Click "Create Group" in the ribbon menu
📷 IMAGE NEEDED: Screenshot of Site Permissions page with "Create Group" button highlighted in the ribbon
Configure Group Settings
Fill in the group details:
- Name: "Marketing Team"
- Description: "Marketing team members with contributor access"
- Group Owner: Usually yourself or the marketing manager
📷 IMAGE NEEDED: Screenshot of "Create Group" form with fields filled out for Marketing Team
Set Permission Level
Choose the appropriate permission level:
- Contribute: For content creators who don't need to edit others' work
- Edit: For collaborative teams (recommended for marketing)
- Read: For view-only access
Add Initial Members
Add the marketing team members' email addresses, separated by semicolons
Example: maria.garcia@company.com; carlos.rodriguez@company.com; ana.lopez@company.com
Review and Create
Review all settings and click "Create". The group will be created and members will receive welcome emails.
📹 Video Tutorial: Creating Custom Permission Levels
Sometimes the four standard permission levels don't fit your business needs. Learn to create custom permission levels.
🎥 VIDEO PLACEHOLDER
Content to include:
• Navigate to Site Settings → Site Permissions
• Click "Permission Levels" in the ribbon
• Click "Add a Permission Level"
• Name the custom level (e.g., "Content Reviewer")
• Select specific permissions (e.g., Read + Add Items + Edit Items they created)
• Save and assign to groups
Duration: 3-4 minutes
⚠️ Advanced Feature: Custom permission levels require careful planning. Test thoroughly before applying to production content.
✅ Group Management Best Practices
1. Naming Conventions
- Be descriptive: "Marketing_Contributors" not "Group1"
- Include location: Helpful for multi-office companies
- Include permission level: "HR_ReadOnly" vs "HR_FullAccess"
- Use underscores: Easier to read than spaces
2. Regular Maintenance
- Monthly reviews: Remove employees who have left
- Quarterly audits: Check if group purposes still align with business needs
- Document purposes: Keep a list of what each group is for
- Monitor membership: Watch for groups that grow too large
3. Security Considerations
🚨 Security Warnings
- Avoid nested groups: Can create unexpected permission inheritance
- Limit "Everyone" usage: Be careful with company-wide groups
- Review external users: Regularly audit guest access
- Document exceptions: Keep notes when breaking standard patterns
🔧 Troubleshooting Common Group Issues
User Can't Access Content
- Check group membership: Are they actually in the group?
- Verify inheritance: Has inheritance been broken somewhere?
- Check individual permissions: Do they have conflicting individual permissions?
- Review external sharing: Are there guest access issues?
Group Appears Multiple Times
This often happens when groups are created at different levels (site vs library). Check where each group was created and consolidate if needed.
Permission Changes Not Taking Effect
- Wait time: Changes can take 5-10 minutes to propagate
- Browser cache: Clear cache or use incognito mode
- Check inheritance: Ensure changes haven't been overridden
📷 IMAGE NEEDED: Screenshot of SharePoint permission inheritance indicators showing which items have unique permissions vs inherited permissions