Aug 06 2018 06:49 AM
Aug 06 2018 06:49 AM
Hi,
we don't use Exchange Online and the number of O365 groups created through various O365 applications are increasing. I've long been looking for a way to prevent group sprawl but the only documented way I can find requires an Azure Active Directory (Azure AD) Premium subscription.
Does anybody have any idea if there's something else that can be done to limit who can create O365 groups?
Thanks for your input.
Aug 06 2018 07:36 AM
SolutionAug 06 2018 08:00 AM
Aug 06 2018 09:04 AM
Licensing requirements are documented here: https://support.office.com/en-us/article/learn-about-office-365-groups-b565caa1-5c40-40ef-9915-60fdb...
Aug 06 2018 10:52 AM
Thanks @cfiessinger.
That page's Feature's and Licensing section ends with this curious note:
IMPORTANT: For all the Groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an AAD P1 license assigned to them. Licensing isn't enforced.
Periodically we will generate usage reports that tell you which users are missing a license, and need one assigned to them to be compliant with the licensing requirements. For example, let's say a user doesn't have a license and they are added to a group where the naming policy is enforced. The report will flag for you that they need a license.
It sure seems that Microsoft is highly dis-incentivizing organizations from managing their Groups. (Dynamic membership; Creation controls; Naming Policies; etc. all require a premium license)
Aug 06 2018 03:29 PM
Aug 07 2018 01:34 AM - edited Aug 07 2018 03:02 AM
That is ridiculous !
I double checked the link as I'm pretty sure 18 months ago you never used to need AAD P!
Aug 07 2018 02:53 AM - edited Aug 07 2018 02:55 AM
Aug 07 2018 04:52 AM
Not only am I concerned because properly governing groups is an expensive feature, but if I use any of these features without licensing everyone, then I'll most likely be breaking our license agreement almost immediately. Why? Because our business users maintaining Groups will add people to the group without knowing the license requirements and Microsoft doesn't enforce it when they do.
We enabled Groups creation in late May and didn't announce, nor publicize, it in anyway within our company. In June, our end users created 180 groups, and in July they created another 209 -- all without these features enabled because only a fourth of our users have an Azure AD Premium license. I imagine by the end of the year, every person in the company will be a member of at least one group.
Licensing everyone in my company for AD premium is a million+ dollar decision, so we're forced to govern groups without Microsoft's help.
Aug 07 2018 05:15 AM
Aug 09 2018 09:02 AM
I agree with everyone here that it's pretty 'unfortunate' that Microsoft has made this decision. Admins can't even govern this 100% with managing licenses. For example, users can create an O365 group through planner even without having a license assigned.
Soon we'll be looking into AAD Premium but it will be costly, no question so I really wish there was another option. Thanks for your input.
Aug 06 2018 07:36 AM
Solution