Forum Discussion
Is Azure Active Directory (Azure AD) Premium still the only way to prevent group sprawl?
Hi,
we don't use Exchange Online and the number of O365 groups created through various O365 applications are increasing. I've long been looking for a way to prevent group sprawl but the only https://support.office.com/en-us/article/manage-who-can-create-office-365-groups-4c46c8cb-17d0-44b5-9776-005fced8e618?ui=en-US&rs=en-US&ad=US I can find requires an Azure Active Directory (Azure AD) Premium subscription.
Does anybody have any idea if there's something else that can be done to limit who can create O365 groups?
Thanks for your input.
- No, as you well mention to absolutely prevent Groups creation in your tenant, you need an Azure AD Premium subscription
10 Replies
- cfiessinger I don’t doubt Juan’s reply for a moment but can you double confirm this from Microsoft itself? This license requirement seems extraordinary. Is there a PowerShell command that could be scripted?
- cfiessinger
Microsoft
Licensing requirements are documented here: https://support.office.com/en-us/article/learn-about-office-365-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2?ui=en-US&rs=en-US&ad=US#ID0EAACAAA=Features_&_Licensing
Thanks cfiessinger.
That page's Feature's and Licensing section ends with this curious note:
IMPORTANT: For all the Groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an AAD P1 license assigned to them. Licensing isn't enforced.
Periodically we will generate usage reports that tell you which users are missing a license, and need one assigned to them to be compliant with the licensing requirements. For example, let's say a user doesn't have a license and they are added to a group where the naming policy is enforced. The report will flag for you that they need a license.
It sure seems that Microsoft is highly dis-incentivizing organizations from managing their Groups. (Dynamic membership; Creation controls; Naming Policies; etc. all require a premium license)
- No, as you well mention to absolutely prevent Groups creation in your tenant, you need an Azure AD Premium subscription
