HomeMicrosoft 365Limit who can create Microsoft Teams – Quick tutorial

Limit who can create Microsoft Teams – Quick tutorial

For governance reason you need to configure who can create Office 365 Groups in Outlook, Teams or SharePoint Site ?

There are no out of the box way to disable in two click. For SharePoint Sites, it is possible to disable the creation by everybody from the SharePoint admin.

But why disabling Teams Creation for everybody ?

If not, you could end up with so many Teams without business context, way to know when to archive them and without knowing who is the main responsible for this workplace. Some companies want this to test out the product but once you want to ensure two groups doesn’t serve the same purpose : Office 365 Admin needs to block the creation authorization that every users have by default.

So below is a procedure for the Office 365 Admin, to restrict who can create Office 365 Groups.

This is a summary of this microsoft article

To go further, Chris Obrien has created a tutorial to allow users to request Office 365 Groups using SharePoint list and Flow

Tutorial objective

Limit who can create Office 365 Groups. Groups are created when you create a new TEAM / Planner / Outlook Group / SharePoint Site

Pre requisite

  • Global admin access
  • Office 365 Admin center access
  • PowerShell


For info, you will need to add users to a security group, to allow only certain people to add office 365 Groups

Step Detail
Install PowershellGet Install-Module -Name PowerShellGet -Force
Install or re install azureADPreview Uninstall-Module AzureADPreview

Install-Module -Name PowerShellGet -Force

Create security group, https://admin.microsoft.com/AdminPortal/Home#/groups

New > Security Group

Add inside the group who can create office 365 Groups Filter security groups only

Click the group, click edit

  Import-Module AzureADPreview


Run those commands


If you get an error in last command, ignore it

Get-AzureADGroup -SearchString “Office 365 Groups Admins”

$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq ‘Group.Unified’}

$Setting = $Template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $Setting

  $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id
  $Setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Office 365 Groups Admins”).objectid

Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id -DirectorySetting $Setting

Verify that your group can create Office 365 Groups

It shows the id of your group

If you want to cancel this configuration, run this command $SettingId = Get-AzureADDirectorySetting -All $True | where-object {$_.DisplayName -eq “Group.Unified”}

Remove-AzureADDirectorySetting –Id $SettingId.Id

Verify by trying to create a team or planner, with a non admin account

Wrap up

Disabling Teams Creation for everybody is the pre-requisite for Digital Workplace Team to implement a request system for Teams, Office 365 Groups.

- Advertisement -


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.



Recent Comments