For governance reason you need to configure who can create Office 365 Groups in Outlook, Teams or SharePoint Site ?
There are no out of the box way to disable in two click. For SharePoint Sites, it is possible to disable the creation by everybody from the SharePoint admin.
But why disabling Teams Creation for everybody ?
If not, you could end up with so many Teams without business context, way to know when to archive them and without knowing who is the main responsible for this workplace. Some companies want this to test out the product but once you want to ensure two groups doesn’t serve the same purpose : Office 365 Admin needs to block the creation authorization that every users have by default.
So below is a procedure for the Office 365 Admin, to restrict who can create Office 365 Groups.
This is a summary of this microsoft article
To go further, Chris Obrien has created a tutorial to allow users to request Office 365 Groups using SharePoint list and Flow
Tutorial objective
Limit who can create Office 365 Groups. Groups are created when you create a new TEAM / Planner / Outlook Group / SharePoint Site
Pre requisite
- Global admin access
- Office 365 Admin center access
- PowerShell
Steps
For info, you will need to add users to a security group, to allow only certain people to add office 365 Groups
| Step | Detail |
| Install PowershellGet | Install-Module -Name PowerShellGet -Force |
| Install or re install azureADPreview | Uninstall-Module AzureADPreview
Install-Module -Name PowerShellGet -Force |
| Create security group, | https://admin.microsoft.com/AdminPortal/Home#/groups
New > Security Group |
| Add inside the group who can create office 365 Groups | Filter security groups only
|
| Import-Module AzureADPreview
Connect-AzureAD |
|
| Run those commands
If you get an error in last command, ignore it |
Get-AzureADGroup -SearchString “Office 365 Groups Admins”
$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq ‘Group.Unified’} $Setting = $Template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $Setting |
| $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id | |
| $Setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Office 365 Groups Admins”).objectid
Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id -DirectorySetting $Setting |
|
| Verify that your group can create Office 365 Groups
It shows the id of your group |
(Get-AzureADDirectorySetting).Values |
| If you want to cancel this configuration, run this command | $SettingId = Get-AzureADDirectorySetting -All $True | where-object {$_.DisplayName -eq “Group.Unified”}
Remove-AzureADDirectorySetting –Id $SettingId.Id |
| Verify by trying to create a team or planner, with a non admin account | 
|
Click the group, click edit 
Wrap up
Disabling Teams Creation for everybody is the pre-requisite for Digital Workplace Team to implement a request system for Teams, Office 365 Groups.