How to Restrict Users from Creating new Microsoft Teams and Office 365 Groups

0
86
views

The following process will prevent users in your Office 365 Tenant from creating Office 365 groups and new Microsoft Teams.

To get started you will have to create a new group in Office 365 and this group will be used to manage who can create Office 365 groups in the organisation.

Office 365 groups is used in:

  • Outlook
  • SharePoint
  • Yammer
  • Microsoft Teams
  • StaffHub
  • Planner
  • PowerBI
  • Roadmap

From the Office 365 Admin console navigate to groups and create a new group called “AllowedToCreateGroups

  1. Click on Add a group
  1. Provide the group name and description

Now that the security groups have been created, you will now have to install the latest AzureADPreview PowerShell module.

Open PowerShell and run the following.

Install-Module AzureADPreview

Once you have the new PowerShell AzureAD module installed, run the following PowerShell script which can be found here.

$GroupName = "AllowedToCreateGroups"
$AllowGroupCreation = "False"

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
	  $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
	$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}

Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Modify the $GroupName of the script to that of your Office 365 security group.

Example

Once you have added your Office 365 security group name, run the script.

The bottom output of the script will show if group creation has been disabled.

How do you know if this worked?

Open Microsoft Teams and Navigate to Join or create new Team.

As you can see the option to create new Teams is not available and if you are the Owner of an existing Office 365 Group you will only be allowed to create a new Team from an existing Office 365 Group.

To allow user to create new Teams add them to the “AllowedToCreateGroups” security group. Once added the user will be able to create Office 365 security groups.

To remove this restriction in your Office 365 Tenant rerun the script and change the following:

$GroupName = ""
$AllowGroupCreation = "True"

Once you have rerun the script with the above changes all users in your Office 365 Tenant will be able to create groups again.

Sharing is caring!

Previous articleCopy Active Directory Group Members Script
Next articleHow to send an Email to Microsoft Teams Channel
About Me ? I Guess i would start by saying i am a family guys and full time SysAdmin and Tech Junky. This Blog is my first attempt to share information about daily issues i come across as a SysAdmin as well as some new deployments i am part of. Topics that i will cover will mostly be about Office 365,Windows,Exchange as well as Active Directory. I hope some of my Blog posts helps someone #LiveLongAndBeLazy #Exchange #Office 365 #ActiveDirectory #Hyper-V
SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here