SysKit Point
Schedule a DemoStart a Free TrialContact UsProduct Site
Search
⌃K
Links

Restrict Microsoft 365 Groups Creation

This article explains how to restrict who can create Microsoft 365 groups in your tenant.
If you are using SysKit Point to manage the creation of new workspaces in your tenant, you might want to restrict the creation of new workspaces outside the SysKit Point Teams app.
By default, all users can create Microsoft 365 groups in your tenant, and, with that, the various workspaces that rely on groups for access. Such workspaces might not comply with your business policies, which, on the other hand, can be easily controlled with the help of SysKit Point provisioning templates.
Here, you can find how to restrict Microsoft 365 group creation, and thus ensure that all created workspaces comply with your business policies defined in SysKit Point.
Please note! Restricting group creation affects all services that leverage groups for access - Outlook, SharePoint, Yammer, Microsoft Teams, Microsoft Stream, Planner, Power BI (classic), Project for the web (roadmap) However, Office 365 Global Administrators will be able to create groups via various admin centers, for example, Microsoft 365 admin center.

Requirements

Note the following requirements:
  • The admin who configures the group creation settings needs the Azure AD Premium license or Azure AD Basic EDU license assigned to them
  • Preview version of Azure AD PowerShell module needs to be installed

PowerShell Command

To restrict group creation:
  • Open a PowerShell window
  • Copy & paste, and run the PowerShell script given below
  • Sign in with your administrator account when prompted
Connect-AzureAD
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $False
$settingsCopy["GroupCreationAllowedGroupId"] = $Null
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Please note! Changes can take 30 minutes or more to take effect.

Verify Changes

To verify that groups and thus workspaces that rely on groups cannot be created, do the following:
  • Open Microsoft Teams app
  • Click Teams
  • Click Join or create a team option at the bottom of the teams' list
The Build a team from scratch option is no longer available.

Additional information

You can find additional information about this topic in the following Microsoft's article.
Previous
Enable Sensitivity Labels
Next
Templates
Last modified 4mo ago