cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Control a user's ability to become a Team Owner with a Security Group

simpkinspete
Brass Contributor

‎Nov 24 2021 11:53 AM

‎Nov 24 2021 11:53 AM

Control a user's ability to become a Team Owner with a Security Group

Is there a way to use a security group to control if a user can be added as an owner of a team?  My organization requires that users go through training before they can become a Team Owner.  It is easy to control this requirement as we're setting up new teams, but Team Owners can promote other members to the owner role without our validation.  

1,238 Views
1 Like
4 Replies
Reply
4 Replies
Steven Collier

‎Nov 24 2021 01:49 PM

‎Nov 24 2021 01:49 PM

Re: Control a user's ability to become a Team Owner with a Security Group

@simpkinspete No, there is no policy that would prevent someone becoming an owner.

 

If you have Azure AD P1 you can have a group that defines who can create a Team, or any M365 group, would that work for you?

 

Manage who can create Microsoft 365 Groups | Microsoft Docs

0 Likes
Reply
simpkinspete

‎Nov 24 2021 02:11 PM

‎Nov 24 2021 02:11 PM

Re: Control a user's ability to become a Team Owner with a Security Group

Unfortunately, that wouldn't help in this case. We have that group defined and have implemented a provisioning process for new teams. We're looking for a way to help drive team owner accountability and validate that they have been properly trained to manage their teams.
0 Likes
Reply
simpkinspete

‎Nov 24 2021 02:17 PM - edited ‎Nov 24 2021 02:18 PM

‎Nov 24 2021 02:17 PM - edited ‎Nov 24 2021 02:18 PM

Re: Control a user's ability to become a Team Owner with a Security Group

@simpkinspete 

 

If we can't control that permission, we could set up an activity alert based on a "changing of a team member's role (MemberRoleChanged)" event to trigger a helpdesk ticket to review the event.  

0 Likes
Reply
Steven Collier

‎Nov 24 2021 02:37 PM

‎Nov 24 2021 02:37 PM

Re: Control a user's ability to become a Team Owner with a Security Group

@simpkinspete 

 

Yup, however your helpdesk would need to check every owner to see if they were already qualified.

 

Why not just have a PowerShell that runs every few hours that gets all the Team Owners and sees if they are already a member of some group of trained people, then sends them instructions on where they need to go to get trained.

1 Like
Reply