SOLVED

How to stop end user creating public groups in office 365

Brass Contributor

Hi All,

Our organization is planning to allow all staff to create groups (we want to allow staff to create Teams, Planner,etc) in office 365. But I would like to know is it possible to do followings before we go ahead.

1. Are there any way stopping staff creates public groups, I mean disable public group creation option from end users? If so how?

2. Are there any way to limit the number of groups that a staff member can create, I know there is a max limit in O365, as I can remember it is more than 100, but I want to limit it to 10 groups by default and increase for the individual user as required/ request.

3. When we allow staff to create groups in O365 , I think they will be able to create distribution groups in exchange as well. is this correct? if so I hope I can stop end user creating distribution groups by Click to clear the MyDistributionGroups checkbox and the MyDistributionGroupMembership checkbox as follows.

 

exchangeRole.png

Much appreciate your professional advice.

7 Replies
best response confirmed by nipW (Brass Contributor)
Solution

To answer the additional questions,

 

1) You cannot limit users to creating just Private groups. It's all or nothing.

 

2) No, only the default limits apply, we cannot define any additional ones.

 

3) DG creation settings are not related to the O365 Group creation ones. The former are indeed controlled by the OWA policies. Removing those two checkboxes will however disallow users to manage existing groups they own, which might not be the desired behavior. If you only want to block creation of DGs, a better approach is to create a new OWA policy and remove the New-DistributionGroup from it.

Juan Carlos González MartínIf you want to put in some governance and control on how groups are created in your workplace, I suggest locking the group creation feature to select trained users across various departments as suggested by @Juan Carlos González Martín

Make sure you have at least two or more users from each department/business unit and not just system admins from IT.

Then have group creation approval process using SP List / PowerApp or Forms and route the approval and group creation to concerned department power users either in serial or parallel. use flow for this.

Just a thought to minimise group creation sprawl.

All you can do is to limit group creating permissions to a specific security group. I recently blogged about this at http://o365blog.com/post/limit-o365-groups/

@Nestori Syynimaa 

 

its crazy that MS would allow this.  I am new to this company and when I was getting familar with our O365 environment I noticed hundreds and hundreds of Email distribution groups and tracked it down to users making groups in Teams so that makes a group in O365. so much clutter of obsolete crap.  How do large companies deal with this?

@nipW You should check out Microsoft Teams app templates - Teams | Microsoft Docs with code available on Github.  You can turn off the ability for people to create Teams in the admin center and instead pin this app on the left rail of Teams that people can use to create new Teams.  You can add an approval process using Power Automate that will not create a Public Team unless it is approved by whomever you decide needs to approve such requests or you can simply not allow the creation of a Public Team ever with this app.  You can also manage who can have external guests in their Teams as well as enforce naming standards, e.g. putting External in the name of an Team with external guests.  This is a free way to get some governance around Teams creation.  It will also make sure every Team has at least 2 owners.  

1 best response

Accepted Solutions
best response confirmed by nipW (Brass Contributor)
Solution

To answer the additional questions,

 

1) You cannot limit users to creating just Private groups. It's all or nothing.

 

2) No, only the default limits apply, we cannot define any additional ones.

 

3) DG creation settings are not related to the O365 Group creation ones. The former are indeed controlled by the OWA policies. Removing those two checkboxes will however disallow users to manage existing groups they own, which might not be the desired behavior. If you only want to block creation of DGs, a better approach is to create a new OWA policy and remove the New-DistributionGroup from it.

View solution in original post