Nov 24 2021 11:53 AM
Is there a way to use a security group to control if a user can be added as an owner of a team? My organization requires that users go through training before they can become a Team Owner. It is easy to control this requirement as we're setting up new teams, but Team Owners can promote other members to the owner role without our validation.
Nov 24 2021 01:49 PM
@simpkinspete No, there is no policy that would prevent someone becoming an owner.
If you have Azure AD P1 you can have a group that defines who can create a Team, or any M365 group, would that work for you?
Nov 24 2021 02:11 PM
Nov 24 2021 02:17 PM - edited Nov 24 2021 02:18 PM
If we can't control that permission, we could set up an activity alert based on a "changing of a team member's role (MemberRoleChanged)" event to trigger a helpdesk ticket to review the event.
Nov 24 2021 02:37 PM
Yup, however your helpdesk would need to check every owner to see if they were already qualified.
Why not just have a PowerShell that runs every few hours that gets all the Team Owners and sees if they are already a member of some group of trained people, then sends them instructions on where they need to go to get trained.