Jun 23 2016 04:30 PM
The steps necessary to create and enable an Azure Active Directory policy (directory setting) to limit creation of new Office 365 Groups to a set of users defined in a nominated group. All good clean honest fun.
Jul 10 2016 10:50 PM
Great article as always @Tony Redmond
Jul 17 2016 04:05 AM
Jul 22 2016 06:43 AM
You might like the write-up I did on Azure Information Protection at https://www.itunity.com/article/azure-information-protection-3492. I think this product will be very popular with enterprise Office 365 tenants, especially as IRM and rights management in general is so much easier to implement inside Office 365 than it is on-premises.
Jul 25 2016 01:05 AM
Great blog, it was very helpful to configure this new feature.
I was able ton create a group and update the settings Template
Now the dedicated group members can create a "Planner" which created an unified Group ...
But, group members are unable to create a Groups from OWA or Outlook even if I set the OwaMailboxPolicy GroupCreationEnabled to True.
Strange, i've opened a Suport Request from MS Premier., will let you know why :)
/Christophe
Jul 25 2016 01:15 AM
You need to keep the OWA mailbox policy in place until Microsoft has fully deployed the feature to all parts of Office 365. There are many ways to create a group:
1. Office 365 Admin Center
2. Exchange Admin Center
3. PowerShell
4. Outlook 2016
5. OWA
6. Outlook Groups app
7. Power BI
8. Dynamics CRM Online
9. Microsoft Planner
All of these have to be updated to understand and obey the new policy...
Jul 25 2016 01:33 AM
Thank you for your quick answer.
Yes, this feature is in "Rolling out" as reading the Fastrack portal , I tought it was already available for my Tenant and from OWA/Outlook Rich Client.
Let's wait for the launch phase then ...
Aug 01 2016 01:43 AM
Hello,
From Microsoft Support Premier, there is no roadmap for AAD Policy to manage every way to create a group.
OWA Policy remain the answer for o365 groups creation privilege in Exchange Online.
AAD Policy handles the O365 group creation privilege from Planner.
It's easier to manage a group membership than a dedicated OwaMailboxPolicy :\
/Christophe
Aug 01 2016 01:59 AM
My understanding was that a single policy was being introduced that would control creation across all workloads. It obviously doesn't make much sense to keep two policies in place, unless it's just for a short period to allow Outlook and OWA to adjust their permission checks. Outlook is particularly slow in this kind of thing. The C2R version can be changed quickly but the MSI version cannot. In any case, I have reached out to the engineering group to determine what the situation really is.
Sep 29 2016 05:07 AM
Admin users do not have to be part of this AllowGroupCreation group. But in my tenant the admins are the only ones that have the right to create groups. So... the best scenario here is to create the group as discribed in the post, whithout any users?
Sep 29 2016 05:43 AM
Remember that the AAD policy still doesn't cover all workloads. Remember too that the evolution of policy-driven management might take different courses over time. For these reasons, although tenant administrators can run New-UnifiedGroup and use other tools to create groups today without being explicitly listed, I think it's better to be precise and list those who should be able to create groups in the "permitted group".