Saturday, October 24, 2020
Home Microsoft 365 PowerShell Prevent office 365 users from creating groups

Prevent office 365 users from creating groups

Office 365 Groups is a service that works with the Office 365 tools you use already so you can collaborate with your teammates when writing documents, creating spreadsheets, working on project plans, scheduling meetings, or sending email. But you may want to disable to Office 365 Group creation for any reasonand give this to just couple of users.
This will apply to all Office 365 services that use groups, including:

Outlook
SharePoint
Yammer
Microsoft Teams
Microsoft Stream
StaffHub
Planner
PowerBI
Roadmap

Create a security group for users who need to create Office 365 Groups

In the admin center, go to the Groups > Groups page.
Click on Add a Group.
Choose Security as the group type. Remember the name of the group

Run PowerShell commands

$GroupName = "<SecurityGroupName>"
$AllowGroupCreation = "False"

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
	  $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
	$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}
 else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

The last line of the script will display the updated settings:

If in the future you want to change which security group is used, you can rerun the script with the name of the new security group.

If you want to turn off the group creation restriction and again allow all users to create groups, set $GroupName to “” and $AllowGroupCreation to “True” and rerun the script.

Most Popular

Microsoft 365 All Tenants in the admin center

More than one-third of admins that use the Microsoft 365 admin center manage multiple tenants. This applies to two-thirds of enterprise customers...

Windows Defender Advanced Threat Protection (ATP) software is undergoing some changes

Microsoft has announced that its Windows Defender Advanced Threat Protection (ATP) software is undergoing some changes. The antivirus program is expanding beyond...

Improvements to SharePoint news feeds and digests

The news feed delivers an intelligent view of news, targeted to you based on factors like your role or location, and further...

Microsoft Endpoint Management Deploy an application to a device

From the Microsoft Endpoint Management admin center, you can initiate an application install in real time for a tenant attached device.