Disable "Leave Group" functionality in Office 365 Groups

Iron Contributor

Is it possible to configure Office 365 Groups so that users cannot leave a group? It would be nice if you could have a fully managed group where only the owner of the group can add or remove users.

13 Replies

I'm not aware of a way to do this. I have been reviewing the options available at both the EXO Admin Center and set-UnifiedGroup cmdlet and apparently this is a feature not provided Today. But since I'm not a 100 % sure, tagging here @Tony Redmond @Christophe Fiessinger

 Make the group private. Only group owners can add or remove members from private groups.

But still, even if the group is private, the user has the option to leave the group at anytime if he wants to? I haven't tested it myself but at least the option is there in all applications (Outlook, Teams etc)...

Yeah, that's true. The pesky leave group option appears in OWA and Outlook. Distribution groups allow owners to dictate that members need permission to leave... I guess I had a brain fart and assumed that the work Microsoft did for distribution group migration made this feature available to Office 365 Groups, but it doesn't. You can only insist on approval when people ask to join the group.

 

See New-UnifiedGroup documentation:

 

ConvertClosedDlToPrivateGroup

Optional

System.Management.Automation.SwitchParameter

The ConvertClosedDlToPrivateGroup switch specifies whether to migrate the closed distribution group to a private Office 365 Group. You don't need to specify a value with this switch.

By default, this switch is always applied when migrating closed distribution groups, and will eventually be deprecated.

If the distribution group has the value Closed for the MemberDepartRestriction or MemberJoinRestriction parameters, the distribution group will always be migrated to a private Office 365 Group. For open distribution groups, the migrated Office 365 Group is always public, not private.

But (second thought)...

 

For groups where you wanted to "protect" group membership, you could write some PowerShell to run in the background and validate group memberships. Paul Cunningham posted an example at https://practical365.com/collaboration/groups/powershell-script-generate-reports-groups-office-365/

 

It would then be easy to find when users left a "protected" group and add them back again.

Can you please explain the use case/scenario to force users to "stay"?

(note you could use dynamic membership to achieve this)

For example, if you have a dedicated Office 365 Group for collaboration (Teams, Planner, Mail) for each Team or Department in you organization the users should not be able to just leave the group!

 

Yes, Dynamic Groups could possibly be used to achieve this but as far as I know that requires a Premium Azure AD license?

 

In my opinion, if Microsoft wants us to replace Distribution Lists with Office 365 Groups, this is functionality that should be there by default and without any extra cost!

Dynamic groups are actually a pretty good suggestion because they absolutely do work if your Azure Active Directory is populated accurately in terms of department or other information. The downside, as you note, is cost, If you don't have a reason to use Azure AD Premium licenses, dynamic groups can be an expensive option. See https://www.petri.com/microsoft-clarifies-premium-features-office-365-groups for more information.

I cought up with this problem today also. There is no way I can hold the user from leaving from the group. I know that the possibility in my organization is low for that to happen, but still. I agree with previous responders that why isn't this possibility enabled for Office 365 Groups if Office 365 groups should be upgrade for Distribution groups not downgrade from the simple functionality.

Indeed we should be able to "lock" an Office 365 group so members can't leave from it. Especially with Teams, it's really easy to leave a Team and so the group.

 

Also we should have a way to prevent Office 365 groups deletion by owners.

 

 

The other problem with Dynamic Groups is the limited subset of attributes you can use. I'd like to create my own multi-clause filter for a Dynamic Group, but was restricted. Note that you can create a dynamic group in Exchange Online without Azure AD Premium.

I stand corrected. The Azure AD Dynamic group membership is much more feature-rich than the Exchange Online one.

@Christophe Fiessinger Here is another use case. In trying to dig out of past bad practices, we want every user to be in a Departmental TEAM.  We want that TEAM to be one of the primary places that a user goes to look for and get to their departmental Document Library.  (no intranet, no SharePoint intranet, currently no hierarchy to guide users to files. 

 

In this scenario, if a user just "leaves" their departmental TEAM, then in a month they'll be asking "how do I get to my department files...."

 

JL