Controlling Microsoft 365 Group Creation: A Comprehensive Guide

By default, all Microsoft 365 users have the ability to create groups, which can be a beneficial approach as it allows for seamless collaboration without the need for extensive IT involvement. However, in some business scenarios, you may need to restrict who can create these groups to maintain control and ensure compliance with your organization’s standards.

Restricting Group Creation

If your organization requires tighter control over group creation, you can restrict Microsoft 365 Groups creation to the members of a specific Microsoft 365 group or security group. This ensures that only authorized users can create new groups, affecting all services that rely on groups for access, such as Outlook, SharePoint, Viva Engage, Microsoft Teams, Planner, Power BI (classic), and Project for the web / Roadmap.

Considerations for Restricted Group Creation

• Licensing Requirements: To manage who can create groups, the admin configuring the settings and the members of the allowed group will need Microsoft Entra ID P1 or P2 licenses or Microsoft Entra Basic EDU licenses assigned to them.
• Roles with Unrestricted Access: Certain roles, such as Microsoft 365 global admins, Exchange administrators, and other privileged roles, can still create groups regardless of the restricted settings. If you need to create groups on behalf of restricted users, you can assign them as the owner of the group.
• Training and Compliance: If you’re concerned about users creating groups that don’t comply with your business standards, you can consider requiring users to complete a training course before adding them to the group of allowed users.

Step-by-Step Guide

1. Create a Group for Allowed Users: In the Microsoft 365 admin center, go to the Groups page and create a new group. This will be the group that you’ll use to control who can create Microsoft 365 Groups. Remember the name of this group, as you’ll need it in the next step.
2. Run PowerShell Commands: Use the Microsoft Graph PowerShell Beta module to configure the group-level settings that control group creation. The provided script will allow you to specify the name of the group you created and whether to allow or restrict group creation.
3. Verify the Changes: After running the script, changes may take up to 30 minutes to take effect. You can test the new settings by having a user who is not a member of the allowed group try to create a new group, which should result in a message indicating that group creation is disabled.

By following these steps, you can effectively control who has the ability to create Microsoft 365 Groups within your organization, ensuring that your collaboration governance policies are enforced and your business needs are met.

Related Resources

• Collaboration Governance Planning Recommendations
• Create Your Collaboration Governance Plan
• Getting Started with Office 365 PowerShell
• Set Up Self-Service Group Management in Microsoft Entra ID
• Microsoft Entra Cmdlets for Configuring Group Settings

Source: Manage who can create Microsoft 365 Groups