Control Microsoft 365 Group Creation

Control Microsoft 365 Group Creation

Controlling who can and can’t create Microsoft 365 groups can be a very powerful tool. In this post, I will detail step-by-step how to prevent users from creating Microsoft 365 groups unless they are members of a specific security group.

Prerequisites

The Process

The beginning of the script should look something like this.

Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
Import-Module Microsoft.Graph.Beta.Groups

Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All"

$GroupName = "Group Creators"
$AllowGroupCreation = "False"

$settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
Code language: PowerShell (powershell)

The script will use Microsoft Graph to connect your Microsoft 365 tenant and turn off group creation and set it so that only members of the security group we created are allowed to make Microsoft 365 groups and it will output the Object Id of that group in the results.

If you want to read more about Microsoft Graph I wrote a post that goes into more detail on the setup of Microsoft Graph called Microsoft 365 Setup Microsoft Graph PowerShell SDK.

You should get an output similar to the image below.

Output from the script

Let’s confirm it worked.

OWA for a user that is not a member of Group Creators
OWA for a user that is a member of Group Creators

That’s all it takes to control who can and can’t create a Microsoft 365 Group in your Microsoft 365 tenant.

If you want to read more about restricting who can create Microsoft 365 Groups you can read the Microsoft Documentation about it here.

Exit mobile version