How do you handle Groups / SharePoint / Teams creation

Not applicable

I've seen a few other posts that have brushed by this, but I'm curious how others handle this. It's really stressing me out as an admin because I like keeping things clean, however, I'm starting to think I need to just ignore the Office 365 Groups in the directory and treat it like any other cloud provider does with a public service and just let it run it's course. No sense in maintaining or paying attention to who creates what? 


Are you guys doing this? Or have you tried your best to lock down most creation items (I've already killed planner, having groups get made off plans is the dumbest things ever, having Username todo's show up all over and in GAL is just mudane). 


Already having issues where I have 2 users who have discovered how to create stuff in 365 (migrated exchange online) but for the most part it's quiet, however as time goes it'll just get worse, those 2 users have created about 10 groups each already in some form or fasion, many with 1 user..... and 2 have duplicate names so I'm guessing they created a sharepoint site for their team, then turned around and made another group or Team with the same name not knowing it had been created already on the back end...../sigh, this is just dumb guys....., I understand making a group for something because it's required for it to funciton but make that group hidden and only used for the service it has, don't create and spawn other services from it, trying to get users to understand this is a nightmare. 


15 Replies

We have locked down the ability to create groups to two Global Admins (me and one other) in a Security Group - but we are right at the beginning of our O365 journey (after close to a year of background research, documentation and governance preparation) so this group of people may expand.

We have a controlled SharePoint site creation process and expect to do the same with Groups.The only thing we have not yet really worked through is what happens to DLs - in most (but not all) cases they will become Groups, but this of course means they create all the other elements, which is fine as our migration strategy for SharePoint includes SharePoint on-prem to Group-based SPO sites.

Might I ask how you control the SharePoint site creation? 

For the moment one of the customers I'm working with is choosing to let it run its course for a couple of months and see who is doing what.
That way they can identify who wants to use the technology and work differently, and can then embrace those people as champions.
It will create a mess initially, but better to create a small mess and clean it up - knowing what to do when applying the logic to the rest of the organisation.
yeah, i'm torn with doing the same thing. I'm just too stingy on keeping things clean, but I think I need to just let it run it's course as well. My biggest issue is seeing multiple groups with near the same name, because they are creating one thing, then another for the same team not knowing that there is already that piece created.

I tried setting up an audit item for when groups get created but it's showing an alert for every time someone creates a sharing item as well for some reason. That way I can kind of audit whats going on as it happens vs. just ignoring or checking after it's too late.

End users cannot create SharePoint sites or sub-sites in both our on-prem and early O365 environment. We have a 'SharePoint Request' list form that users must complete to request a new site. We will do the same for O365 Groups (or merge the two as the same request) for O365. For on-prem, once the user submits the request I get notified and use a PS script to create the new site; for O365, we may use the script or just create them manually.

The point is control - but not too much. For example, Site Owners are largely responsible for setting up libraries and lists, and modifying pages as required.

We've had SharePoint running since early 2012 (2010 upgraded to 2013 two and a half years ago). In that time, we've created just on 245 sites collections, of which 94 are team sites (with 425 sub-sites) and 83 project sites (with 85 subsites). Note, we have different web applications for on-prem team and project sites, but they use the same template. We have around 8,000 staff across a widely dispered geographical area (State) in Australia.

Our current project sites will become Group-based sites, while the team sites will be a mixture of Group-based and SharePoint Admin-created.

I forgot to mention there are only two of us in the SharePoint team, my colleague is the primary SP Administrator.

I agree with the potential problem of ending up with two names the same if users can create a Group (which creates a site), or a Site (which creates a Group). Our users are used to the inability to do it themselves, so I think we'll be ok with continuing this level of control.

Yeah I'm heading down that path. Just trying to figure out how to turn everything off first. In the meantime I have an alert that lets me know when a group is created because people don't know about 365 just have people poking around that have created anything yet.

We have limited the ability to create Groups to the members of a Security Group in the O365 Admin portal (a process described already here and I think also in Tony Redmond's excellent and must-have book). We have also limited the ability to create SharePoint sites in the SharePoint Admin portal. This means that the option to 'Create Site' from the SharePoint portal is not there for end users, and they also don't get the option from Outlook.

The bit that I'm less certain about right now is how the DL to Group process is going to work, but I assume that I will be able to convert the DL to a Group, that it won't be automatic. We expect that our SharePoint model will change once we have more Group-based SharePoint sites replacing previous DLs plus a separate SharePoint site.

Based on what the majority of responses here I will say our approach was different. Our organization is about 9,000 people and we are global. That adds a big layer of complexity for us, that said, we opted to allow users to create groups on their own. We are still very early in adoption stage (marketing, promoting, educating) an considering the amount of groups created so far (less than 200) our users seem to be conservative about group creation so that is a good thing for now. There is a little bit of anxiety over what will happen once people start heavily using groups but we hope to mitigate this with continous education and governance. The one area that is grey for us is management of groups (i.e. activity/usage etc.) not sure if others have a better way of managing groups but we think usage of groups will be trigger for us to delete unused groups in an effort to keep things clean.

But do you guys have a training department and have you educated users prior to 365? My issue is lack of resources and no real Technical trainer / department at my organization and it makes it hard to educate without adding a lot of extra work to my plate on top of rolling things out :p.

Yes, I understand! Lack of resources are always a challenge. Although we have a talent development team,we are not engaging them for this. Instead, we decided to get a little creative (since we also faced limited resources) and we decided to go with the following training plan:

  1. (2) Open House Training (all-day). I have one resource that will support me with this and between the two of us we will make ourselves available to people all day in a conference room. People are welcome to stop by and we will help them get started with Groups, ask questions, etc.
  2.  In-house "how to use groups" training video (recorded so that our regional IT partners champion groups in their regions).
  3. "Get Going with Groups" YamJam (every Wednesday in Yammer ask anything sessions)
  4. Group series publications in our intranet with links to SP Group resources. The articles include topics on: creating groups, best practices, security topics, best use cases. (Note: Our SP groups page includes videos, job aids, yammer embed for real-time questions etc).

I'm interested in hearing if others have used a similar training plan or something better I am definitely looking to improve the model as we move forward.

Interesting. That looks doable and could be effective. Thanks for that :). 

hello lillian


you said:

"...The one area that is grey for us is management of groups (i.e. activity/usage etc.) not sure if others have a better way of managing groups but we think usage of groups will be trigger for us to delete unused groups in an effort to keep things clean."



What plans do you have in regards of analyzing the activity and usage of your O365Groups ?

Are you thinking of using the existing Group activity API + Compliance and Security API for parsing the logs + some sort of powershell code?


or would you prefer a 3rd party solution (covering all of these elements in a dashbaord), in case such solution exists ?





Hi Stefan,


For now, we are going with managing through API/powershell codes to track activity, usage, security ect. but I am open to adjusting the strategy as things evolve. What is your company doing to manage groups?