30.8 C
Dubai
Tuesday, March 19, 2024

Managing Office 365 Groups

Managing Office 365 Groups is a key factor in Office 365 Implementation. if you don’t manage your Office 365 Groups Properly. It goes unmanageable from a governance point of view. As most of the below products allow group creation by default. So it’s wise to place a restriction on a top-level and manage the members who can create teams for mid and large Organizations.

  • Outlook
  • SharePoint
  • Yammer
  • Microsoft Teams
  • Microsoft Stream
  • Planner
  • PowerBI
  • Roadmap

Once you map a group/group ID,

you can nest them or use Azure AD premium License to have dynamic membership for the security group to allow limited users to create teams for example. Yes, you can configure the naming policy and group expiration policies later. Purpose: Disable Teams Creation by all users. Only members of this security group can create Teams

Let’s see how to create group creators.

azureadpreview.png
Install AzureADPreview

If you don’t install AzureADPreview, you will get a command not recognized. If you already have azureAD module. you need to uninstall and install the same.

Uninstall-Module AzureAD
Install-Module AzureADPreview

if you already installed it. running the script should initiate connect-azureAD

Office 365 Admin Center – Groups – Create a Security Group

Office 365 - Groups Creator
SecurityGroup.png

Save the below script as ps1 fill the group name in the first line, save and run it.




$GroupName = "Office 365 - Groups Creator"
 $AllowGroupCreation = "False"
 Connect-AzureAD
 $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 if(!$settingsObjectID)
 {
       $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
     $settingsCopy = $template.CreateDirectorySetting()
     New-AzureADDirectorySetting -DirectorySetting $settingsCopy
     $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 }
 $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
 $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
 if($GroupName)
 {
     $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
 }
  else {
 $settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
 }
 Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
 (Get-AzureADDirectorySetting -Id $settingsObjectID).Values

User is not a member of this Security Group

The user is a member of the security group to get a create team option.

Retrieving Assigned Group ID after implementing

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Let’s see how to check which group is assigned to create teams – GroupCreationAllowedGroupID – Search with this group ID in Azure AD portal.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

2 COMMENTS

  1. I have applied this script. I am a member of the allowed group and when i go into teams i cannot create a team. The option is missing! Help.
    I changed the group name as outlined in your article. What has gone wrong or is it just a matter of propagation time?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?