MS Teams: Prevent users from creating new Teams

Microsoft Teams Creation

In Microsoft Teams everyone can create a new Teams by default. It makes sense in terms of collaboration. But often companies want to prevent this cause nobody wants to clean up afterwords. The admins are left in chaos and can see there are a lot of groups, teams und exchange mailboxes but usage is almost zero. That’s why companies often disable the option. In this post i will show you how you can prevent users from creating new Teams while you define a AD Group whose members exceptionally can create Teams.

Microsoft Teams provides by default everyone the possibility to create a Team. Simple click on the Join or create a Team button:

Microsoft Teams Creation

If you disable the ability to create groups, it will have impact on other services:

  • SharePoint
  • Yammer
  • Microsoft Teams
  • Microsoft Stream
  • Planner
  • PowerBI
  • Project for the web

Administrators will still be able to create Groups, but the normal user will not be able to create a Planner if you disable Group creation. You should consider this in your plan.

Step 1 Create an AD-Group for those who are allowed to create a Teams

You can create a Security Group “MayCreateO365Group”. Then you can define people in your organization who are allowed to create O365 Groups.

Admin Center -> Groups -> Add a Group -> Choose Security Group -> Finish

Step 2: Prevent all other users from Creating Teams / Groups

Now we have to enable the creation of groups for a particular securyty group. The one we created in step 1 above. And we disable group creation for default. We are using the following script therefor.

# Install the Azure AD Module (make sure you have the latest version) In this case you need the AzureADPreview
Install-Module AzureADPreview
#Security Group in Azure AD for users who can create Office 365 Groups!
$GroupName = "MayCreateM365Group" #Change the Name of the group to your needs
$AllowGroupCreation = "False"
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
        $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

    $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -Filter "DisplayName eq '$GroupName'").objectId
else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Users who are not members of this group will not be able to create a Microsoft Teams or Offic 365 Group and related services. I found this pretty cool idea and script from this post.

It should look afterwords like this:

You should think about creating a self-service or a process, so that users know a way to request a teams or planner or whatever they need to get their work done.

If you like to change this group you can rerun this script with new groupname.

The article or information provided here represents completely my own personal view & thought. It is recommended to test the content or scripts of the site in the lab, before making use in the production environment & use it completely at your own risk. The articles, scripts, suggestions or tricks published on the site are provided AS-IS with no warranties or guarantees and confers no rights.

About Karsten Schneider 308 Articles
Consultant for Microsoft 365 Applications with a strong focus in Teams, SharePoint Online, OneDrive for Business as well as PowerPlatform with PowerApps, Flow and PowerBI. I provide Workshops for Governance & Security in Office 365 and Development of Solutions in the area of Collaboration and Teamwork based on Microsoft 365 and Azure Cloud Solutions. In his free time he tries to collect tipps and worthy experience in this blog.

Be the first to comment

Leave a Reply

Your email address will not be published.