In the modern workplace, collaboration is key to driving innovation and productivity. Microsoft 365 Groups are a powerful tool that allow teams to easily share files, communicate, and work together. However, as an administrator, you may need to control who can create these groups to ensure they align with your organization’s governance policies.

This comprehensive guide will walk you through the steps to manage who can create Microsoft 365 Groups in your organization. We’ll cover the default settings, the benefits and drawbacks of restricting group creation, and the step-by-step process to implement these controls using PowerShell. By the end, you’ll have the knowledge and tools to empower your users to collaborate effectively while maintaining the necessary governance guardrails.

The Default Group Creation Experience

By default, all users in your Microsoft 365 environment can create new groups. This is the recommended approach, as it allows employees to start collaborating quickly without requiring IT intervention. This self-service model enables agility and flexibility, which are critical in today’s fast-paced business landscape.

However, there may be situations where your organization needs tighter control over group creation. Perhaps you’re concerned about users creating groups that don’t align with your branding, security, or compliance standards standards. Or maybe you need to restrict group creation tod to restrict group creation to specific teams or departments. In these cases, you can implement group creation restrictions.

Restricting Group Creation

If your business requires more control over group creation, you can limit this capability to the members of a specific Microsoft 365 group or security group. This means that only users who are part of the designated group will be able to create new Microsoft 365 Groups.

The benefits of this approach include:

  • Ensuring group creation aligns with your organization’s standards and policies
  • Reducing the proliferation of unmanaged or rogue groups
  • Streamlining governance and administration of your collaboration environment

However, there are a few drawbacks to consider as well:

  • It may create friction for users who are accustomed to the self-service group creation experience
  • It requires more involvement from IT to manage the designated group and its membership
  • Users outside the allowed group may feel restricted or disempowered

Ultimately, the decision to restrict group creation should be based on your organization’s specific needs, policies, and collaborative culture. The key is to find the right balance between empowering users and maintaining the necessary governance controls.

Implementing Group Creation Restrictions

To restrict group creation, you’ll need to follow these steps:

  1. Create a Group for Allowed Users: In the Microsoft 365 admin center, create a new group (either a security group or Microsoft 365 group) and add the users who should be able to create new groups. Remember the name of this group, as you’ll need it in the next step.

  2. Run PowerShell Commands: Use the Microsoft Graph PowerShell Beta module to configure the group creation settings. The script below will set the allowed group and disable group creation for all other users.

Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
Import-Module Microsoft.Graph.Beta.Groups

Connect-MgGraph -Scopes "Directory.ReadWrite.All