Skip to content

How to Restrict Users from Creating new Microsoft Teams and Office 365 Groups

Published by lazy-admin on Jun 25, 2019

The following process will prevent users in your Office 365 Tenant from creating Office 365 groups and new Microsoft Teams.

To get started you will have to create a new group in Office 365 and this group will be used to manage who can create Office 365 groups in the organisation.

Office 365 groups is used in:

  • Outlook
  • SharePoint
  • Yammer
  • Microsoft Teams
  • StaffHub
  • Planner
  • PowerBI
  • Roadmap

From the Office 365 Admin console navigate to groups and create a new group called “AllowedToCreateGroups

  1. Click on Add a group
  1. Provide the group name and description

Now that the security groups have been created, you will now have to install the latest AzureADPreview PowerShell module.

Open PowerShell and run the following.

Install-Module AzureADPreview

Once you have the new PowerShell AzureAD module installed, run the following PowerShell script which can be found here.

$GroupName = "AllowedToCreateGroups"
$AllowGroupCreation = "False"

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
	  $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
	$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}

Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Modify the $GroupName of the script to that of your Office 365 security group.

Example

Once you have added your Office 365 security group name, run the script.

The bottom output of the script will show if group creation has been disabled.

How do you know if this worked?

Open Microsoft Teams and Navigate to Join or create new Team.

As you can see the option to create new Teams is not available and if you are the Owner of an existing Office 365 Group you will only be allowed to create a new Team from an existing Office 365 Group.

To allow user to create new Teams add them to the “AllowedToCreateGroups” security group. Once added the user will be able to create Office 365 security groups.

To remove this restriction in your Office 365 Tenant rerun the script and change the following:

$GroupName = ""
$AllowGroupCreation = "True"

Once you have rerun the script with the above changes all users in your Office 365 Tenant will be able to create groups again.

Post Views: 3,828

Sharing is caring!

Published inOffice 365Teams

7 Comments

  1. Angel Angel

    This was great! Thank you so very much! Solved our issue!

    Feb 18, 2020 Reply
  4. Darren Darren

    Are there any Licensing requirements to perform theses steps?

    Mar 12, 2020 Reply
  5. bob bob

    Thank you!

    Apr 2, 2020 Reply
  6. Paul Paul

    Worked for us, cheers for that.

    Apr 7, 2020 Reply
  7. Martijn Martijn

    Worked! Thanks!

    Sep 17, 2020 Reply

Leave a Reply

Your email address will not be published.