<link href="https://fonts.googleapis.com/css?family=Roboto:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&amp;display=swap" rel="stylesheet"/>
By using this website, you agree to the use of cookies as described in our Privacy Policy.
2 minutes reading time (397 words)

Stop users from being able to create Microsoft Teams

11506 Hits

How to block users from being able to create Teams by restricting who can create Microsoft 365 groups using PowerShell Set-AzureADDirectorySetting

  • Teams use Microsoft 365 groups, and by default all users can create Microsoft 365 groups. 
  • Access to create Teams can be controlled by restricting who can create Microsoft 365 unified groups.  

In the next steps, we will use Azure AD PowerShell to change the Azure AD directory setting to restrict access to create unified groups to a group called "Teams Admins".

Install Azure AD PowerShell Modules

You'll need to install both the Azure AD PowerShell general availability module and the public preview module because the Get-AzureDirectorySetting cmdlet is available in the Azure AD preview module. 

# Install Azure AD PowerShell Modules
Install-Module AzureAD
Install-module AzureADPreview -AllowClobber -Force

Create Azure AD security group for Teams Admins

Users in this group will have permissions to create Teams

# Connect to Azure AD Preview Powershell
AzureADPreview\Connect-AzureAD

# Create Azure AD group
New-AzureADGroup -Description "Members of this group can create Teams" -DisplayName "Teams Admins" -MailEnabled $false -SecurityEnabled $true -MailNickName "teamsadmins"

Get existing group creation settings using PowerShell Get-AzureADDirectorySetting

Before we begin, lets check what the existing settings are for creating M365 groups

# Get Azure AD directory settings for unified groups
$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Change AzureADDirectorySetting to restrict creating Teams

The following PowerShell will restrict creation of Teams to members of the group "Teams Admins"  

$GroupName = "Teams Admins"
$AllowGroupCreation = $False

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
    $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
  $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
} else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

Check that users can't create Teams

Buy me a coffee

References:

Manage who can create Microsoft 365 Groups
https://docs.microsoft.com/en-gb/microsoft-365/solutions/manage-creation-of-groups

Manage security groups with PowerShell
https://docs.microsoft.com/en-us/microsoft-365/enterprise/manage-security-groups-with-microsoft-365-powershell

0
Tags:
Office 365 Teams PowerShell

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 13 June 2026
You can help support this website by buying me a coffee!
Buy Me A Coffee