macslui: Disable Self-Service Microsoft Teams Creation in Office 365

Wednesday, November 29, 2017

Disable Self-Service Microsoft Teams Creation in Office 365

About Microsoft Teams governance, you probably need/want to prevent normal users from new Teams creation.

This can be achieved only with a PowerShell script because, right now, standard Office 365 UI do not give us this option.

Important: in order to be able to execute the script you need the Preview of AzureAD module for PowerShell. This is called "AzureADPreview".

If you already have installed production AzureAD module, you need to uninstall it and then install new preview version of the same module.

Uninstall-Module AzureAD
Install-Module AzureADPreview

Once you have this module correctly installed, all you need is to execute this script.
Change the $groupName variable to fit your environment.
This AzureAD Security Group will be the only that later can create Teams.
Keep in mind that also Global Admin members can create Microsoft Teams.

#Connect to AAD
$AzureAdCred = Get-Credential
Connect-AzureAD -Credential $AzureAdCred

#Get reference to your AAD Group
$groupName = "UsersCanCreateTeams"
Get-AzureADGroup -SearchString $groupName

#Disable Group Creation (on which a Team rely)
$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
$Setting = $Template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $Setting
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
$Setting["EnableGroupCreation"] = $False

#Enable your AAD Group to group Creation
$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $groupName).objectid
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting

That's all.

9 comments:

Microservices Training in Hyderabad said...: Thank you for sharing wonderful information with us to get some idea about it.
Office 365 Training
Office 365 Online Training; February 21, 2019 at 12:43 PM
Ola said...: Works! Thanks; March 25, 2020 at 10:45 AM
Unknown said...: It works great!
But now I have tested the working of the scrip I would like to revert it again.
I cannot find the right way to accomplish that.

Any ideas

Thanks

Frans; April 14, 2020 at 7:43 PM
Unknown said...: how can i revert it ?; April 24, 2020 at 3:51 PM
Unknown said...: To revert it I would imagine you need to change the following;

$Setting["EnableGroupCreation"] = $False

to

$Setting["EnableGroupCreation"] = $True; May 5, 2020 at 4:17 PM
Manish Ranglani said...: This will also disable creation of Planner, Yammer and other apps driven by office 365 group; July 20, 2020 at 8:24 PM
Unknown said...: Does this work if you don't have Azure AD Premium?; October 6, 2020 at 4:56 PM
Keerthi55 said...: Great article
Manual Testing training
Open stack training
SAP ABAP on Hana training; November 2, 2020 at 10:56 AM
Fochi said...: Guys please HELP!!
i WANT TO ALLOW THE CREATIONS BUT, I DON'T KNOW HOW :(
Please guys give me a hand. I beg you; November 27, 2020 at 12:49 AM