Approval driven cloud O365 group membership


By default, any cloud O365 group created at AAD is Public and anyone in company can join it. I want to restrict that either one of the appraoch

  1. member sends a request which should be approved by the Owner of that group
  2. only owner can add other members.
4 Replies

You cant. Public means public, anyone can join and/or be invited.


The default type is actually changing to Private now. And you can also toggle it on the org level:


Set-OrganizationConfig -DefaultGroupAccessType Private

Would it possible to create a new cloud O365 group as private without updating the OrganizationConfig as I don't have access on it?

Yes, it's possible. It's actually one of the options you need to specify when creating a Group. I'd strongly recommend you at least review the documentation first:

I'm creating these groups from Azure Portal ( -> AD -> Groups screen which does not provide an options to create a group with private setting. Will check the options mentioned by you.


I will also validate that the group created using suggested links is type of cloud O365 group (not a master on-premise group sync to AAD) as the Microsoft Graph API can not add a member into on-premise sync group.