Home

Managing Users with Teams Messaging Policies

%3CLINGO-SUB%20id%3D%22lingo-sub-362671%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362671%22%20slang%3D%22en-US%22%3E%3CP%3EUnderstood%2C%20but%20that's%20still%20really%20just%20a%20point%20in%20time%2C%20per%20user%20configuration.%26nbsp%3B%20You%20would%20need%20to%20write%20a%20regularly%20running%20job%20to%20keep%20policy%20application%20fresh%20since%20users%20join%20and%20leave%20groups%20on%20a%20daily%20basis.%26nbsp%3B%20We%26nbsp%3Bneed%20to%20be%20able%20to%20set%20policy%20and%20let%20group%20membership%20manage%20who%20gets%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegardless%2C%20thank%20you%20for%20the%20great%20write%20up.%26nbsp%3B%20I'm%20checking%20with%20our%20Microsoft%20team%20to%20see%20if%20this%20is%20something%20that%20is%20on%20the%20roadmap.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362663%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362663%22%20slang%3D%22en-US%22%3E%3CP%3ECorrect.%20These%20policies%20are%20designed%20for%20per-user%20application.%20If%20you%20want%20to%20use%20groups%2C%20you%20have%20to%20do%20so%20through%20PowerShell.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20Create%20DL%20with%20list%20of%20people%20to%20receive%20a%20policy.%3C%2FP%3E%0A%3CP%3E2.%20Read%20the%20group%20membership%20with%20PS.%3C%2FP%3E%0A%3CP%3E3.%20Assign%20the%20policy%20to%20the%20members...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESomething%20like%3A%3C%2FP%3E%0A%3CP%3E%24Members%20%3D%20Get-DistributionGroupMember%20-Identity%20%22MyPolicyGroup%22%3C%2FP%3E%0A%3CP%3EForEach%20(%24M%20in%20%24Members)%20%7B%3C%2FP%3E%0A%3CP%3E%26nbsp%3BIf%20(%24M.RecipientType%20-eq%20%22UserMailbox%22)%20%7B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%20Grant-CsTeamsMessagingPolicy%20-Identity%20%24M.Name%20-Policy%20%22My%20Teams%20Messaging%20Policy%22%20%7D%3C%2FP%3E%0A%3CP%3E%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362652%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362652%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20if%20I'm%20understanding%20it%20correctly%2C%20there%20isn't%20currently%20a%20way%20to%20apply%20meeting%20and%20messaging%20policies%20to%20groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362649%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362649%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20use%20PowerShell%20to%20apply%20a%20messaging%20policy%20to%20a%20set%20of%20users.%20That's%20the%20best%20way.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362648%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362648%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20apply%20messaging%20and%20meeting%20policies%20to%20groups%3F%26nbsp%3B%20Managing%20this%20at%20the%20user%20level%20doesn't%20scale%20well%20for%20large%2C%20complex%20organizations.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-421485%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-421485%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20I%20can%20apply%20the%20Teams%20license%20with%20group%20licensing%20but%20I%20can't%20apply%20the%20policies%20to%20that%20group.%26nbsp%3B%20That%20figures.%26nbsp%3B%20This%20needs%20to%20change.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64%22%20target%3D%22_blank%22%3E%40Tony%20Redmond%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-654291%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-654291%22%20slang%3D%22en-US%22%3Eyeah%20this%20is%20a%20deal%20breaker%20for%20us.%20We%20dont%20want%20to%20be%20managing%20powershell%20scripts%20for%20denial%20of%20access%20to%20calling%20etc.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362642%22%20slang%3D%22en-US%22%3EManaging%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362642%22%20slang%3D%22en-US%22%3E%20%26nbsp%3B%20If%20you%20have%20a%20small%20Office%20365%20tenant%2C%20you%20probably%20don't%20need%20to%20use%20Teams%20messaging%20policies%20to%20control%20user%20access%20to%20Teams%20features.%20But%20larger%20tenants%20soon%20discover%20that%20policy-based%20management%20is%20a%20great%20way%20to%20control%20the%20functionality%20available%20to%20select%20sets%20of%20Teams%20users.%20Here's%20how%20to%20create%20and%20assign%20a%20policy%20to%20users%20through%20the%20Teams%20Admin%20Center%20or%20PowerShell.%20%3CA%20href%3D%22https%3A%2F%2Fwww.petri.com%2Fmanaging-users-teams-messaging-policies%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Fwww.petri.com%2Fmanaging-users-teams-messaging-policies%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-362642%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-786495%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-786495%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20only%20are%20the%20powershell%20functions%20limited%20to%20a%20single%20identity%2C%20they%20also%20are%20slow%20to%20process%20granting%20policies%20to%20users(at%20least%20on%20my%20E3%20tenant).%20If%20you%20put%20a%20large%20group%20of%20users%20into%20a%20foreach%20loop%2C%20there%20is%20a%20very%20good%20chance%20that%20your%20script%20will%20lose%20access%20to%20the%20tenant%20because%20the%20token%20timed%20out.(I%20believe%201%20hour)%20This%20means%20you%20need%20to%20make%20multiple%20scripts%20or%20connections%20to%20the%20tenant%20to%20do%20a%20large%20group%20of%20users%20or%20you%20need%20to%20just%20do%20a%20one%20size%20fits%20all%20and%20set%20the%20global%20defaults%20as%20most%20restrictive.%20This%20does%20not%20work%20well%20in%20an%20EDU%20setting%20where%20you%20have%20multiple%20usage%20case%20needs%20and%20you%20want%20to%20control%20how%20minors%20can%20use%20the%20system.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-805106%22%20slang%3D%22en-US%22%3ERe%3A%20Managing%20Users%20with%20Teams%20Messaging%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805106%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F386620%22%20target%3D%22_blank%22%3E%40JRoosen%3C%2FA%3E%26nbsp%3BCompletely%20agree.%26nbsp%3B%20It%20is%20crazy%20that%20this%20can't%20be%20managed%20at%20the%20group%20level.%26nbsp%3B%20%26nbsp%3BWhen%20we%20have%20thousands%20of%20students%2C%20running%20a%20script%20every%20day%20doesn't%20make%20sense.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Tony Redmond
MVP
 
If you have a small Office 365 tenant, you probably don't need to use Teams messaging policies to control user access to Teams features. But larger tenants soon discover that policy-based management is a great way to control the functionality available to select sets of Teams users. Here's how to create and assign a policy to users through the Teams Admin Center or PowerShell.
9 Replies

Is there a way to apply messaging and meeting policies to groups?  Managing this at the user level doesn't scale well for large, complex organizations.

You can use PowerShell to apply a messaging policy to a set of users. That's the best way.

So if I'm understanding it correctly, there isn't currently a way to apply meeting and messaging policies to groups.

Correct. These policies are designed for per-user application. If you want to use groups, you have to do so through PowerShell.

 

1. Create DL with list of people to receive a policy.

2. Read the group membership with PS.

3. Assign the policy to the members...

 

Something like:

$Members = Get-DistributionGroupMember -Identity "MyPolicyGroup"

ForEach ($M in $Members) {

 If ($M.RecipientType -eq "UserMailbox") {

     Grant-CsTeamsMessagingPolicy -Identity $M.Name -Policy "My Teams Messaging Policy" }

}

Understood, but that's still really just a point in time, per user configuration.  You would need to write a regularly running job to keep policy application fresh since users join and leave groups on a daily basis.  We need to be able to set policy and let group membership manage who gets it.

 

Regardless, thank you for the great write up.  I'm checking with our Microsoft team to see if this is something that is on the roadmap.

So I can apply the Teams license with group licensing but I can't apply the policies to that group.  That figures.  This needs to change.  @Tony Redmond 

yeah this is a deal breaker for us. We dont want to be managing powershell scripts for denial of access to calling etc.

Not only are the powershell functions limited to a single identity, they also are slow to process granting policies to users(at least on my E3 tenant). If you put a large group of users into a foreach loop, there is a very good chance that your script will lose access to the tenant because the token timed out.(I believe 1 hour) This means you need to make multiple scripts or connections to the tenant to do a large group of users or you need to just do a one size fits all and set the global defaults as most restrictive. This does not work well in an EDU setting where you have multiple usage case needs and you want to control how minors can use the system.

 

 

@JRoosen Completely agree.  It is crazy that this can't be managed at the group level.   When we have thousands of students, running a script every day doesn't make sense.