Restrict Office 365 Group Creation​

Published by Shubham Bansal on

Restrict Office 365 Group Creation

An office 365 group connects the different services in office 365 to provide a unified user experience across the platform.

Following services have an ability to associate to an office 365 group:

Outlook

SharePoint

Yammer

Microsoft Teams

Microsoft Stream

Planner

PowerBI

Project for the web and Roadmap

Users can consume these service without the need of IT admins. It works till you have smaller number of groups. But for larger tenants, where the governance for the office 365 groups is needed, the self service option creates more problems for the group management.

For these situations, you can restrict the Office 365 group creation from the tenant for your business users and allow only the valid users/IT Admins to perform the group creations.

To achieve this, you have to create a security group o365GroupCreators where the valid users/IT admins will be added to be able to create groups.

Open Windows PowerShell and install the AzureADPreview module

Install-module AzureADPreview

If you have already installed the AzureAD powershell module, uninstall it first and then install the AzureADPreview module

Execute below PowerShell script:

$GroupName = "o365GroupCreators"
$AllowGroupCreation = "False"
Connect-AzureAD
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
      $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
if($GroupName)
{
    $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -Filter "DisplayName eq '$GroupName'").objectId
}
 else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

After executing this script only the users in the security group o365GroupCreators and the admins of corresponding service(Teams, SharePoint Online, Exchange Online etc) will be able to create the groups.

The business users will not see any group creation/associate to any existing group options in any of the services.

Care to Share?
      
Categories: Microsoft 365
Tags:

0 Comments

Leave a Reply

Related Posts

How To Guides Microsoft 365 Power Automate SharePoint SharePoint Guides

Add Power Automate History with SharePoint List Item

Attach Power Automate History with SharePoint At some point you must have experience an issue to identify Power Automate instances ran on a SharePoint List item to troubleshoot any problem with application. Power Automate can Read more…

OneDrive For Business

File Requests in OneDrive

File Requests in OneDrive File requests allows you to request files from other users in your OneDrive without exposing the other files. If you request files from 10 different people, they will get a link Read more…

Microsoft 365 News SharePoint

Collablogic featured in top Office 365 and SharePoint blogs in 2020

We are pleased and honoured to be featured on Feedspot’s top blogs, websites and influencers in the below two categories in 2020.  Top 30 Office 365 blogs in 2020 (ranked #24) Top 75 SharePoint blogs Read more…