29.5 C
Dubai
Sunday, October 2, 2022
spot_img

Managing Office 365 Groups

Managing Office 365 Groups is a key factor in Office 365 Implementation. if you don’t manage your Office 365 Groups Properly. It goes unmanageable from a governance point of view. As most of the below products allow group creation by default. So it’s wise to place a restriction on a top-level and manage the members who can create teams for mid and large Organizations.

  • Outlook
  • SharePoint
  • Yammer
  • Microsoft Teams
  • Microsoft Stream
  • Planner
  • PowerBI
  • Roadmap

Once you map a group/group ID,

you can nest them or use Azure AD premium License to have dynamic membership for the security group to allow limited users to create teams for example. Yes, you can configure the naming policy and group expiration policies later. Purpose: Disable Teams Creation by all users. Only members of this security group can create Teams

Let’s see how to create group creators.

azureadpreview.png
Install AzureADPreview

If you don’t install AzureADPreview, you will get a command not recognized. If you already have azureAD module. you need to uninstall and install the same.

Uninstall-Module AzureAD
Install-Module AzureADPreview

if you already installed it. running the script should initiate connect-azureAD

Office 365 Admin Center – Groups – Create a Security Group

Office 365 - Groups Creator
SecurityGroup.png

Save the below script as ps1 fill the group name in the first line, save and run it.




$GroupName = "Office 365 - Groups Creator"
 $AllowGroupCreation = "False"
 Connect-AzureAD
 $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 if(!$settingsObjectID)
 {
       $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
     $settingsCopy = $template.CreateDirectorySetting()
     New-AzureADDirectorySetting -DirectorySetting $settingsCopy
     $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
 }
 $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
 $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
 if($GroupName)
 {
     $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
 }
  else {
 $settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
 }
 Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
 (Get-AzureADDirectorySetting -Id $settingsObjectID).Values

User is not a member of this Security Group

The user is a member of the security group to get a create team option.

Retrieving Assigned Group ID after implementing

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Let’s see how to check which group is assigned to create teams – GroupCreationAllowedGroupID – Search with this group ID in Azure AD portal.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Specialized in Microsoft Azure - Office 365 / Microsoft Exchange; conducted numerous projects worldwide in designing, supporting, and implementing messaging and virtualization infrastructure for medium-sized and large enterprises. Further, I am a Cloud Architect and Technical Advisor for various start-ups.

Related Articles

2 COMMENTS

  1. I have applied this script. I am a member of the allowed group and when i go into teams i cannot create a team. The option is missing! Help.
    I changed the group name as outlined in your article. What has gone wrong or is it just a matter of propagation time?

LEAVE A REPLY

Please enter your comment!
Please enter your name here