Freigeben über


restrict the Office 365 groups creation on Outlook (en-us)

1) Install AzureAD and AzureADPreview and connect into them and Connect on MsolService too
Install-Module azuread
Install-Module azureadpreview
Connect-AzureAD
Connect-MsolService

2) Check your tenant is allowed to create groups:
Get-MsolCompanyInformation | fl UsersPermissionToCreateGroupsEnabled
3) You need to have a security group, which members will have the capability to create new groups:
New-MsolGroup
ObjectId DisplayName GroupType Description
-------- ----------- --------- -----------
465439e2-7ffb-4ea7-b778-33a65e65daee Security

Set-MsolGroup -ObjectId 465439e2-7ffb-4ea7-b778-33a65e65daee -DisplayName AllowedGroupCreation
Get-MsolGroup -SearchString allowed

4) Get and save your custom template, based on the existing template based on the “Unified Groups”:
$template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.displayname -eq "Group.Unified"}

5) Save the settings extracted from this custom template:
$setting = $template.CreateDirectorySetting()

6) Modify this custom settings, so now we don’t allow users to create groups, and stamp your MSOLgroup ObjectID:
$setting["EnableGroupCreation"] = "false"
$setting["GroupCreationAllowedGroupId"] = "465439e2-7ffb-4ea7-b778-33a65e65daee"

7) Now you can create the new Azure Setting, that will apply to the whole tenant, based on your custom settings created in previous steps 4 and 5:
New-AzureADDirectorySetting -DirectorySetting $setting

8) Test with a user in Outlook to see if the button to create group is gone