Groups Restriction in Office365 Back

April 12 2020
Question:
how to restrict groups creation for students in Office365 (Teams, planner, Outlook, etc..)
Answer:
You can create an Office 365 security group in admin panel and add necessary users who needs to create O365 groups and you can restrict others.

Step by step process for O365 group restriction:

Step1:
Login into O365 admin panel
Step2:
Create a security group and add members to provide access who need to create Office 365 Groups
messaging-poilcy

Screenshot of choosing a group type.

messaging-poilcy

Screenshot of o365 group restriction

Step3:
Open PowerShell arrow run as administrator in your local pc and install the commands as given below

Security measure to be taken:

  • PS C:\WINDOWS\system32> Install-Module AzureAD
  • PS C:\WINDOWS\system32> Install-module AzureADPreview
  • PS C:\WINDOWS\system32> Get-Installedmodule
This shows the Azure AD Preview is available and its version details.
Module Type Version Name ExportedCommands
Binary 2.0.0.7 azureadpreview Add-AzureADAdmini
messaging-poilcy

screenshot of the PowerShell command prompt

Step4:
Copy the script below into a text editor, such as Notepad, or Windows PowerShell ISE
Replace with the name of the security group that you created as shown below example.
$Group Name = " O365 group restriction"
Save the file as O365 group restriction.ps1.
messaging-poilcy

screenshot of the Group name – script

Method 1:
In the PowerShell window (as administrator), navigate to the location where you saved the file (type “CD “).
Run the script by typing:
.\O365 group restriction.ps1
Method 2:
Open the window PowerShell ISE( as administrator) and copy and paste the command as shown below,
PowerShell command in Editable form:

$GroupName = “O365 group restriction”

$AllowGroupCreation = “False”

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value “Group.Unified” -EQ).id

f(!$settingsObjectID)

{

$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq “group.unified”}

$settingsCopy = $template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $settingsCopy

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value “Group.Unified” -EQ).id

}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID

$settingsCopy[“EnableGroupCreation”] = $AllowGroupCreation

if($GroupName)

{

$settingsCopy[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString $GroupName).objectid

}

else {

$settingsCopy[“GroupCreationAllowedGroupId”] = $GroupName

}

Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Step5:
Once the PowerShell script run successfully, GroupCreationAllowedGroupID is been set to some alphanumeric id and the EnableGroupCreation is Set to False, as shown below.
messaging-poilcy

screenshot of the group creation

If you want to turn off the group creation restriction and again allow all users to create groups, set $Group Name to “Microsoft O365 group restriction” and $AllowGroupCreation to “True” and rerun the script.