Control creation of Microsoft 365 Groups
Disable creation of groups in the Azure Portal
Disable creation of groups using PowerShell
In the default configuration, all users can create Microsoft 365 Groups. With the introduction of EasyLife you can disable the creation of Groups for all users. By disabling this option, you ensure that Microsoft 365 Groups (and Teams) are only created through EasyLife 365.
While we recommend disabling group creation outside of EasyLife 365, it is not a requirement for EasyLife to function. EasyLife has a default policy that can be used to manage groups that are created outside of EasyLife.
Disable creation of groups in the Azure Portal
You can disable the creation of Microsoft 365 Groups in the Azure AD Portal. Follow the steps below to disable the creation of Microsoft 365 Groups:
- Open the Azure Portal and navigate to Entra ID (Azure Active Directory)
- In the Entra ID (Azure Active Directory) portal, click on Groups
- Under
Settings, click onGeneral - Disable the setting
Users can create Microsoft 365 groups in Azure portals, API or PowerShell - Click
Saveto save the changes
There is currently no way to allow creation of Microsoft 365 Groups for a subset of users in the Azure Portal. If you want to allow creation of groups for some users, please use the PowerShell method below.
Disable creation of groups using PowerShell
You can find the official documentation here. You can disable the Group creation for your tenant with an administrative account using following PowerShell
# Install the latest version of the AzureAD preview PowerShell module from the gallery
Install-module azureadpreview -AllowClobber -Force
# specify here the displayname of the security group to add as exception group (if required)
$groupException = "GroupCreationExceptions"
# set this to $false to disable group creation in your tenant. you can set this to $true to enable group creation again.
$allowGroupCreation = $false
AzureADPreview\Connect-AzureAD
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $allowGroupCreation
if ([String]::IsNullOrWhiteSpace($groupException) -eq $false) {
$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $groupException).objectid
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values