Thursday , February 20 2020

Managing Office 365 Groups

Managing Office 365 Groups is a key factor in Office 365 Implemenation. if you don’t manage your Office 365 Groups Properly. It goes really un manageable in a governance point of view. As most of the below products allow group creation by default. So its wise to place a restriction in a top level and manage the members who can create teams for mid and large Organizations.

  • Outlook
  • SharePoint
  • Yammer
  • Microsoft Teams
  • Microsoft Stream
  • StaffHub
  • Planner
  • PowerBI
  • Roadmap

Once you map a group ID you can nest them or use Azure AD premium Licenese to have dynamic membership for the security group to allow limited users to create teams.Yes you can configure naming policy and group expiration policies later.

Lets see how create group creators.

azureadpreview.png
[/powershell]Install AzureADPreview[/powershell]

If you don’t install AzureADPreview you will get command not recognized. If you alreay have azureAD module. you need to uninstall and install the same.

 Uninstall-Module AzureAD 
 Install-Module AzureADPreview

Office 365 Admin Center – Groups – Create a security Group

Office 365 – Groups Creator

SecurityGroup.png

Save below script as ps1 fill the group name in the first line, save and run it.

$GroupName = ""
 $AllowGroupCreation = "False"
 Connect-AzureAD
 $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 if(!$settingsObjectID)
 {
       $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
     $settingsCopy = $template.CreateDirectorySetting()
     New-AzureADDirectorySetting -DirectorySetting $settingsCopy
     $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 }
 $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
 $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
 if($GroupName)
 {
     $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
 }
  else {
 $settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
 }
 Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
 (Get-AzureADDirectorySetting -Id $settingsObjectID).Values

User is not a member of this Security Group


withRestricition.png

Users is a member of the security group to get a create team option.


withoutrestriction.png

Reference –


https://docs.microsoft.com/en-us/office365/admin/create-groups/manage-creation-of-groups?view=o365-worldwide

					
									

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

Moving Databases and logs in Exchange Server

Moving Mailbox Databases – (Needs DownTime) Preferred to do only for small databases as if …

Leave a Reply

Your email address will not be published.