By default, all users can create Microsoft 365 groups. This is the recommended approach because it allows users to start collaborating without requiring assistance from IT.
If your business requires that you restrict who can create groups, you can do so by following the procedures in this article. When you limit who can create a group, it affects all services that rely on groups for access, including:
• Outlook
• SharePoint
• Yammer
• Microsoft Teams
• Microsoft Stream
• Planner
• Power BI (classic)
• Project for the web / Roadmap
You can restrict Microsoft 365 Group creation to the members of a particular Microsoft 365 group or security group. To configure this, you use Windows PowerShell. This article walks you through the needed steps.
The steps in this article won't prevent members of certain roles from creating Groups. Office 365 Global admins can create Groups via any means, such as the Microsoft 365 admin center, Planner, Teams, Exchange, and SharePoint Online.
Requirements:
• Add Subscriptions who is able to create Group (Administrator don’t need subscriptions)
• One Security Group (only in this group members are able to create Groups, Other users not able to create Groups).
• PowerShell commands (you must use the preview version of Azure Active Directory PowerShell for Graph (AzureAD) (module name AzureADPreview)
docs.microsoft...
Setp 1:
1. First create a Security Group in Office 365. For example: "Restrict Group Creation"
2. Add Owner and members who are able to create Groups.
Setp 2:
1. Open PowerShell as Administrator privileges then follow the commands:
2. Uninstall-Module AzureAD
3. Install-Module AzureADPreview -AllowClobber
4. Copy the bellow Script into a test editor, such as Notepad and Replace "GroupName".
Run the script by typing: .\GroupCreators.ps1
and sign in with your "administrator account" when prompted.
*****************************************************************************
$GroupName = "GroupName"
$AllowGroupCreation = $False
Connect-AzureAD
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
if($GroupName)
{
$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}
else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
*****************************************************************************
5. (Get-AzureADDirectorySetting).Values ((This command will display the update settings))
More Details: docs.microsoft...
12 сен 2024
