Restrict Groups Creation in Office 365

Restrict Groups Creation in Office 365




How to disable the ability to create groups in all Office 365 services that use groups:

·        Outlook

·        SharePoint

·        Yammer

·        Microsoft Teams:
Both admins and users won't be able to create teams

·        StaffHub
Both admins and managers won't be able to create teams

·        Planner
Users won't be able to create a new plan in Planner web and mobile apps

·        PowerBI

The best way to do this is to create a security group, and then only the people in that security group will be able to create Office 365 Groups and teams in these apps.



NOTE:
You should verify your impact to Microsoft Teams. The creation of Teams, which go along with a Groups365 creation might impact the work efficiency of your users.

N
ote:
Groups can have a
n "end date", where the group will automatically be deleted.

However, restricting group creation will not prevent the listed members from creating Office 365 Groups from the apps and it prevents other users from creating teams (because you can't create teams in the Office 365 admin center).

·        Office 365 Global admins

·        Mailbox Administrator

·        Partner Tier1 Support

·        Partner Tier2 Support

·        Directory Writers



Setting  Set-MSOLCompanySettings -UsersPermissionToCreateGroupsEnabled $True only enables permissions for users to create Security groups, not Office 365 groups.




Start: Login to Office 365 and Activate AzureAD Module

Verify if the correct AzureAD Module is installed

Get-InstalledModule -Name "AzureAD*"
Uninstall-Module AzureADPreview or Uninstall-Module AzureAD



IMPORTANT:
You cannot install both the preview and GA versions on the same computer at the same time
.



Login to Office 365 with an Org-Admin and connect to AzureAD

Set-ExecutionPolicy RemoteSigned
$credential = Get-Credential
Connect-MsolService -Credential $credential
Install-Module AzureADPreview




Step 1: Create a security group for users who need to create Office 365 Groups

Create a Group in Office 365 Users & Groups and name the Group as you require by your naming convention.



Step 2: Run PowerShell commands

Import-Module AzureADPreview
Connect-AzureAD

Get-AzureADGroup -SearchString "<Name of your security group>"
$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
$Setting = $Template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $Setting

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["EnableGroupCreation"] = $False
$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "<Name of your security group>").objectid
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value
"Group.Unified" -EQ).id -DirectorySetting $Setting
(Get-AzureADDirectorySetting).Values







Step 3: Verify that it works

e.g login to Planner or Teams and try creating a group



https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618?ui=en-US&rs=en-US&ad=US  


Comments

Popular posts from this blog

How to hide users from GAL if they are AD Connect synchronized

Cannot join external Lync Meeting: Lync Edge Server Single IP Address (Lync Edge Server Single IP Web Conferenceing Problem)

MFA with Guest Access and different tenants settings