= Manage Office 365 Group Creation =
**Summary**: How to manage who can create groups in Office 365. \\
**Date**: Around 2018 \\
**Refactor**: 8 March 2025: Checked links and formatting. \\
{{tag>o365}}
I followed these steps to restrict users from creating Office 365 Groups:
= Install Azure AD Preview =
PS C:\Windows\system32> Get-InstalledModule
Version Name Repository Description
------- ---- ---------- -----------
1.1.183.8 MSOnline PSGallery Microsoft Azure Active Directory Module for Wind...
PS C:\Windows\system32> install-module azureadpreview
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): Y
PS C:\Windows\system32> Get-InstalledModule
Version Name Repository Description
------- ---- ---------- -----------
2.0.2.5 AzureADPreview PSGallery Azure Active Directory V2 Preview Module. ...
1.1.183.8 MSOnline PSGallery Microsoft Azure Active Directory Module for Wind...
PS C:\Windows\system32> import-module AzureADPreview
= Connect To Office365 / Azure Tenant =
> Note that if you enabled the MFA requirement for admins you need MFA to log on as an administrator:
PS C:\Windows\system32> connect-azuread
Account Environment TenantId TenantDomain AccountType
------- ----------- -------- ------------ -----------
sjoerd@getshifting.com AzureCloud 054d1a1f-e019-4fd7-8455-4fce0f07c7d5 getshifting.onmicrosoft.com User
= Find Object ID of Active Directory Security Group =
You don't really need the object ID, except you want to check that the correct security group is enabled for Office 365 Group creation:
PS C:\Windows\system32> Get-AzureADGroup -SearchString "Office365_GroupManagement"
ObjectId DisplayName Description
-------- ----------- -----------
8e72b950-35c0-46eb-96cf-979d2ac84230 Office365_GroupManagement Manage Office365 Group Creation
= Enable AD Security Group for Office 365 Group Creation =
PS C:\Windows\system32> $Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}
PS C:\Windows\system32> $Setting = $Template.CreateDirectorySetting()
PS C:\Windows\system32> $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id
PS C:\Windows\system32> $Setting["EnableGroupCreation"] = $False
PS C:\Windows\system32> $Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "Office365_GroupManagement" ).objectid
PS C:\Windows\system32> Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting
> Note that I skipped step 3 {{{New-AzureADDirectorySetting -DirectorySetting $Setting}}} as it was irrelevent for my environment.
= Check the Setting =
PS C:\Windows\system32> (Get-AzureADDirectorySetting).Values
Name Value
---- -----
CustomBlockedWordsList
EnableMSStandardBlockedWords false
ClassificationDescriptions
DefaultClassification
PrefixSuffixNamingRequirement
AllowGuestsToBeGroupOwner false
AllowGuestsToAccessGroups False
GuestUsageGuidelinesUrl
GroupCreationAllowedGroupId 8e72b950-35c0-46eb-96cf-979d2ac84230
AllowToAddGuests True
UsageGuidelinesUrl
ClassificationList
EnableGroupCreation False
These settings are the ones you need:
* GroupCreationAllowedGroupId 8e72b950-35c0-46eb-96cf-979d2ac84230
* This is the object ID of the AD Security Group that is enabled for Office 365 Group Management
* EnableGroupCreation False
* This setting prevents the creation of Office365 groups by other users.
= Useful Links =
* [[https://learn.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups?view=o365-worldwide |Manage who can create Office 365 Groups]]