Section 3 - Create the Exchange Distribution List Groups

SPARK utilizes Exchange Distribution List Groups to notify SharePoint Online site admins and owners who are required to review SPO sites for which they are responsible. SPARK automatically updates these distributions lists. All 10 distribution lists are required.

Distribution List Group names must exactly match the names provided within this guide.

Requirements

An Exchange Administrator will be required for this step. At minimum the installer must have:

• Access to the Microsoft Exchange admin center
• Exchange Administrator M365 RBAC role ¹

PowerShell Script

1. Review the script and install the required modules if needed
2. Comment out the appropriate Connect-ExchangeOnline line for your environment
3. Run the script and validate that the distribution list groups were created and configured

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
########################################## Required Modules ##########################################
#Install-Module ExchangeOnlineManagement

# Connection Troubleshooting
#Uninstall-Module -Name ExchangeOnlineManagement -AllVersions -Force
#Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.5.1 -Force

########################################## DL Group Owners ##########################################
# Set the owners to add to the distribution list groups
$owners = @(
    "owner1@contoso.com",
    "owner2@contoso.com"
)

########################################## Connect to Graph ##########################################
#region
# Connect to Exchange
Import-Module ExchangeOnlineManagement

# Commercia/GCC
#Connect-ExchangeOnline

# GCC High
#Connect-ExchangeOnline -UserPrincipalName <Tenant_Admin_Account@tenant.us> -ExchangeEnvironmentName O365USGovGCCHigh

# DoD
#Connect-ExchangeOnline -UserPrincipalName <Tenant_Admin_Account@tenant.us> -ExchangeEnvironmentName O365USGovDoD
#endregion
########################################## Create Distribution List Groups ##########################################
#region
# Create 10 distribution list groups
for($i=1; $i -le 10; $i++) {
    $dlName = "DL-SPARK-SiteOwners-$i"

    # Get the distribution list group
    $dl = Get-DistributionGroup -Identity $dlName -ErrorAction SilentlyContinue
    if($dl -eq $null) {
        # Create the group
        $dl = New-DistributionGroup -Name $dlName `
            -MemberJoinRestriction Closed `
            -MemberDepartRestriction Closed `
            -HiddenGroupMembershipEnabled

        # Log
        Write-Host "Created Distribution List Group: $dlName"
    } else {
        # Log
        Write-Host "Distribution List Group Exists: $dlName"
    }

    # Hide the group from the global address list
    Set-DistributionGroup -Identity $dl.Name -HiddenFromAddressListsEnabled $true -ErrorAction Stop

    # Log
    Write-Host "The group is now hidden from the global address list.";

    # Ensure owners are present (ManagedBy)
    # Using @{Add=} is idempotent—no duplicate owners will be created
    if ($owners.Count -gt 0) {
        Set-DistributionGroup -Identity $dl.Identity `
            -ManagedBy @{ Add = $owners } `
            -BypassSecurityGroupManagerCheck:$true `
            -ErrorAction Stop

        Write-Host "Owners ensured on $($dlName): `n  $(($owners -join ', '))"
    } else {
        Write-Host "No owners specified; skipping owner assignment for $dlName"
    }
}
#endregion
########################################## Disconnect ##########################################
Disconnect-ExchangeOnline

Manual Steps:

Video Walkthrough

Step 1: Create the first Exchange Distribution Group

1. Browse and sign into the Exchange Online Management Portal

Use the correct URL for your environment:

Worldwide (Commercial) & GCC

https://entra.microsoft.com

GCC-High and DoD

https://entra.microsoft.us

1. Expand Recipients from the left navigation
2. Select Groups under the Recepients navigation
3. Click on the Distribution list tab
4. Click on Add a group

1. Select Distribution for the group type, and click on Next

1. In the Basics step, enter the group’s Name and Description for the first group from the table below, then click Next.”

1. In the Owners step, Add each member from the SPARK Management Admins group that was populated in the previous two steps. When finished, click Next

😒 Unfortunately, you can’t add a group as an owner, so you will need to add each the user accounts here.

<div align="center"> </div>

1. On the Members step, Do not add any members, click on Next

SPARK uses Azure Automation to add and remove users to these groups dynamically.

1. In the Settings step, set the Group email address to match the name provided from the table
2. Under Joining the group select the option Closed for Joining the group
3. Under Leaving the group select the option Closed, then click Next
4. Finally, Click Create group to create the distribution list

Step 2: Hide the Distribution List from the Global Address List (GAL)

1. In the list of Distribution Groups, find and click on the Distribution List Group you just created
2. Select the Settings tab
3. Under General settings, ✅ CChheck he box next to Hide this group from the global address list
4. Click Save to enable this option

REPEAT THIS PROCESS!

Repeat this process using the table above until you have all 10 Distribution List Groups created.

Organizations may optionally configure Exchange Online mail flow rules to prevent unauthorized messages to the SPARK distribution lists.

Continue to creating the Entra App Registrations

References