Forum Discussion

Mihir Yelamanchili's avatar
Mihir Yelamanchili
Brass Contributor
Feb 16, 2018

Is there a way to disable users from creating office 365 groups?

I came to know that we can disable the users from creating office 365 groups globally. According to Office article  we can give permission to only one or few groups to create groups permission using ...
groups
powershell
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 16, 2018

    open a Powershell session to Exchange online

    export the settings of the default owamailbox policy
    Get-OwaMailboxPolicy -identity default | Export-Csv C:\policy.csv
    then create a new-owamailboxpolicy with the same settings as default
    https://technet.microsoft.com/en-us/library/dd351067(v=exchg.160).aspx
    after that edit the policy
    Set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity OwaMailboxPolicy:NewPolicy
    And finally assign the policy to the user
    Set-CASMailbox -Identity user@domain.com -OwaMailboxPolicy:NewPolicy

Mihir Yelamanchili's avatar
Mihir Yelamanchili
Brass Contributor
jcgonzalezmartin wrote:

Bear in mind that the approach to disable Groups creation via OWA policy is only going to work when trying to create Groups from OWA. Your users will be able to create Groups from any other App in Office 365: Outlook in the desktop, Teams or Planner...

Is it? That means there is no solid way to prevent users from creating Office 365 groups? Ideally user should not create from any app.

jcgonzalezmartin's avatar
jcgonzalezmartin
MVP
Feb 16, 2018

There is a way by configuring the Azure AD Policy. You can find the the URL of the related support article in the attachment to this message

  • Mihir Yelamanchili's avatar
    Mihir Yelamanchili
    Brass Contributor
    Feb 16, 2018

    Same article I am referring to earlier.  This article is saying create a group which will have access to create office 365 groups. Disable group creation permission globally for every user by default. Add the required users to the group for whom I am intend to give permission for group creation. 

    But I want to handle in bit another way. I just want to disable for only one user, not globally. Want to know is there any such feasibility!

    • Dean_Gross's avatar
      Dean_Gross
      Silver Contributor
      Feb 16, 2018
      you could add everyone except for the one user to the security group that is authorized to create the Office Groups
    • Pablo R. Ortiz's avatar
      Pablo R. Ortiz
      Steel Contributor
      Feb 16, 2018

      oh, yes, that's right! then your options are: create a group with all members but one

       

      (BTW, I'm experiencing the same issue with this link, but only this link)

    • cfiessinger's avatar
      cfiessinger
      Icon for Microsoft rankMicrosoft
      Feb 16, 2018

      Mihir  one approach to fulfill your requirement is to leverage dynamic membership for the security group controlling who gets to create groups and have something like : <include all users>  -and -not (user.userPrincipalName -eq "johndoe@contoso.com")

      • Mihir Yelamanchili's avatar
        Mihir Yelamanchili
        Brass Contributor
        Feb 16, 2018
        cfiessinger wrote:

        Mihir  one approach to fulfill your requirement is to leverage dynamic membership for the security group controlling who gets to create groups and have something like : <include all users>  -and -not (user.userPrincipalName -eq "johndoe@contoso.com")

        Dynamic membership required Azure AD P1 licence, which I want to avoid :)

Resources