As our organization moved to Office 365, by default we turned a some of the features off for end-users, like Sharepoint site creation and Office 365 group creation as when we first got our tenant we saw groups starting top pop up, like Test group, my first group, etc.
After reading a blog post and I forget where, it talked about IT not being a blocker, but should empower our users as they may be more savvy than IT thinks. I do know about the naming policies that are in Azure, but that the policies didn't cross all the services.
Not sure everyone needs the permissions and wondering how others might have approached this without too much control, but enough control to make sure data is only seen by those who need it.
It’s a tough question! Is dependent on many factors such as licensing, number of employees, type of users, training, structure etc. If you have / want to pay for P1 licenses you can utilize naming policies, group expiration , and group restriction with more people in the allowed to create groups group! For example using managers for this responsibility! Other possibilities is automatic provisioning of teams that people can request a team and it will be provisioned with a an approval and so on! Aren’t there many people in the org, you can have it freely, but have proper training and structure so people know when and how to create the teams!
It’s really hard to say without more information! I normally have several hours of workshopping with customers regarding things like this