Tutorial: How to prevent new Microsoft Teams from being created.
By design, anyone can create new teams in Microsoft Teams .
In this blog I will explain how to prevent new Microsoft Teams can be created. For some specific users we will allow Teams creation.
Thanks to an AD group, after the activation of this blog, it will be possible to give users the rights to belong to the group of Teams-creators.
Why block the creation of Microsoft Teams ?
Mailboxes don't let everyone in your organization create them. This may be one of the reasons you don't let users create Teams either.
If you wish to create permanent Teams and do not want to allow anyone to create Teams .
Technical preparations
This article is based on Microsoft's instructions.
Install AzureADPreview
Open Powershell as Administrator
If you still have the old AzureAD module you can uninstall it via: Uninstall-Module AzureAD
Install-Module AzureADPreview
Create a Azure AD group
Browse to https://portal.azure.com
Navigate to Azure Active Directory
Create a group for example: 'Teams Creation'
Add members who should be able to create Teams
Connect AzureAD
Connect PowerShell To Azure Active Directory
Login to in AzureAD in PowerShell
Good, you're logged in.
Copy this string into PowerShell:
$GroupName = "Teams Creation"Technical implementation
Create a PowerShell script
Copy the text below into a notepad document. and save it as PS1.
The only adjustment you need to make in the first line. Copy the group name between the brackets.
You can also copy this scrip from Microsoft Docs: https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/manage-creation-of-groups?view=o365-worldwide
$GroupName = "Teams Creation"
$AllowGroupCreation = "False"
Connect-AzureAD
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
$settingsCopy = $template.CreateDirectorySetting()
New-AzureADDirectorySetting -DirectorySetting $settingsCopy
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation
if($GroupName)
{
$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
}
else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Run the script from the file location
- I put this script on C:scripts
- Navigate to the path.
The script has been completed
Here you will see an ID appear
Check if the script works?
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Also check Teams to see if your recently added members can now create Teams .
That's it!
If you want to add additional people, you can do so through Azure Active Directory.
Also read
How to prevent users from deleting others' tasks in Microsoft Planner
These are the 10 success factors when setting up Microsoft Teams
How to activate weatherman mode or presenter mode in Microsoft Teams?
About the author
Hi, I implemented this as stated in the manual, but now no one can join an external team. Any idea how I can activate that again?
Hi Karel, that doesn't really have anything to do with it. So you guys can't join external teams anymore? OR the other way around?