Hello, Is there any way to limit the creation of Office 365 Groups? I have found this article here by Microsoft, but requires Azure AD Premium. https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618 Is it possible without Azure AD Premium and just Basic Azure AD? Seems silly that this function would be limited to Azure AD Premium users as O365 Group creation gets out of hand very quickly.Thanks, -Emett

This is the only method currently available to limit group creation overall, and it does require Azure AD Premium. The PowerShell commands will work with any licensing level, but Microsoft could enforce the licensing for that at any time.You're not alone in your feedback on this, and it's a common ask. Technically, only the administrator who performs this action (the PowerShell commands) needs an Azure AD Premium P1 license, so you could just get 1. Otherwise, be sure to share your feedback on UserVoice (https://office365.uservoice.com/forums/286611-office-365-groups).The more feedback we can share the better!

Limit creation of Office 365 Groups | Microsoft Community Hub

FRDev Microsoft
Copper Contributor
Sep 07, 2018
Referring to the documentation from Microsoft: https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618 - We find the licensing model a bit unclear :).

As Max Fritz mention "someone need" Azure AD P1 Premium license. BUT what does it really mean, quote Microsoft

Doing the steps in this article requires a subscription to Azure Active Directory (Azure AD) Premium. The administrator who configures the settings, and the members of the affected groups, must have Azure AD Premium licenses assigned to them.

Okei - admin who execute the script needs an Azure AD P1 license - that one is clear
"and the members of the affected groups" we interpret this as the members of the Azure AD security group that still can create Office 365 Groups (and Teams etc.) - they all need an Azure AD P1 license - Can anyone confirm this ? anyone from Microsoft ?
Because using the term groups might be interpret as all the affected members of all the created Office 365 Groups - in real life, meaning almost everybody needs an Azure AD P1 license - Can anyone confirm that this is an incorrect understanding of the documentation = nr 2 is a correct understanding ?
And finally if you are an global admin you don't need an Azure AD P1 license (unless you are in the mentioned security group, or executed the script) - Can anyone confirm this ? anyone from Microsoft ?

Just trying to understand the licencing requirements from Microsoft :)
Nestori Syynimaa
MVP
Jul 11, 2018
Sure, you can limit the creation of Office 365 Groups, Teams and Planner without AAD premium. Take a look at my blog post, there also other tips for managing Office 365 Groups.
- Max Fritz
  Iron Contributor
  Jul 11, 2018
  According to the Microsoft documentation, the administrator has to be licensed for Azure AD Premium in order to run the Set-AzureADDirectorySetting commandlet in Azure AD PowerShell. I agree that this is not enforced right now, but that doesn't change what they're saying.
Max Fritz
Iron Contributor
Jul 10, 2018
This is the only method currently available to limit group creation overall, and it does require Azure AD Premium. The PowerShell commands will work with any licensing level, but Microsoft could enforce the licensing for that at any time.
You're not alone in your feedback on this, and it's a common ask. Technically, only the administrator who performs this action (the PowerShell commands) needs an Azure AD Premium P1 license, so you could just get 1. Otherwise, be sure to share your feedback on UserVoice (https://office365.uservoice.com/forums/286611-office-365-groups).
The more feedback we can share the better!
- John Peluso
  Iron Contributor
  Jul 10, 2018
  Hey guys--- I think there are actually 2 different ways to limit group creation. One option is a binary "on/off" switch where the you disable all ability for all your users to create O365 Groups/Teams through the native O365 end user interfaces (admins can still create groups through the O365 admin interfaces and PowerShell. This SHOULD NOT require AAD Premium, except for the admin running the PowerShell- I've seen this setting as well in the new AAD admin portal but never used this method myself. If it works, it may bypass the AAD P1 requirement for the admin). The second option is like the first except that you define a specific AAD Security Group that has the ability to create Groups/Teams through the native O365 Interfaces, but all other users are blocked from doing so. This option does require AAD Premium. The full licensing implications are hard to track down officially, but they are listed here: https://support.office.com/en-us/article/Learn-about-Office-365-Groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2#ID0EAADAAA=Feature_availability_and_licensing&ID0EAACAAA=Features_&_Licensing
  
  The PowerShell is essentially the same for both option 1 and 2 above, but option 2 has the additional step of creating the Security Group and adding it to the AAD Directory Settings Template. The process is described here: https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618
  - mattboese390
    Copper Contributor
    Mar 14, 2019
    Hi John,
    I am quite new to the O365 scene and am still learning best practices as we roll out. You said there was a on/off switch to turn off group creation for users in the web ui? Where is that setting? All the documentation I can find says you can only do it in powershell and only with some form of azure license.

Forum Discussion

Limit creation of Office 365 Groups

Share

Resources