Home

Delegating rights for Team(s) creation

Marcel Stock
New Contributor

Hey there, i got two questions regarding Microsoft Teams.

 

I was wondering what the best practice is to limit the creation of teams (in Microsoft Teams..) to specific users only? Currently everyone in our infrastructure is able to create teams - which is absolutely not to our liking. Does this have to be done via a security group or are there any other options yet?

 

Also, is it possible yet to get a full list of all existing teams including the members that joined the teams? There are a few powershell scripts online, but sadly they only show me teams that i am a member of (and i was running those scripts as a Global Admin).

 

Thanks!

 

Best Regards

3 Replies
Highlighted

Marcel, you can define who is allowed to create Teams by defining a group and applying that to the groups policy, take a look at my blog that covers this

 

https://medium.com/@smcollier/self-service-in-microsoft-teams-f8a1536167bc

 

If you have AzureAD Premium this group can be dynamic, so it's membership is based on rules rather than needing to be maintained.

 

While it's certainly complicated, you can also configure a workflow with approval to create Teams, as everything is exposed by an API. Only your system account then needs the permissions. e.g. https://blog.leitwolf.io/create-a-microsoft-team-with-flow-custom-connector/

 

In terms of your list, Teams powershell can do this, see useful notes from @Tony Redmond at

 

https://www.petri.com/teams-powershell-primer

 

Hello Steven,

 

thanks for the quick response!

 

Sadly the link you posted for my second question doesn't really explain how to get a list of all teams including the members of the team. It still seems like its an requirement to be a member of each team as well if you want to export a list of all teams + members (even as a global admin!)

 

The best way I've found to get a list of all Teams and Owners/Members for now is to use the UnifiedGroups commandlets.  These aren't only Teams, since they include all Groups but a Team requires a Group so it works in a pinch.  Depending on how pretty you want the data to be, you could script this out but this may help:

 

List of all Groups: Get-UnifiedGroup

Details of a specific Group: Get-UnifiedGroup -identity [groupname]

List Owners of a Group: Get-UnifiedGroupLinks -identity [groupname] -linktype owner

List of Members of a Group: Get-UnifiedGroupLinks -identity [groupname] -linktype member

 

https://itspartlycloudy.com/2018/07/24/finding-members-owners-of-an-office-365-group-or-microsoft-te...

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies