Microsoft Teams: How to limit who can create Teams?

By default, in Microsoft Teams, all users are allowed to create Teams. Microsoft recommends this approach because they believe that his allows users to start collaboration without requiring assistance from IT department.

It make sense, but it could be also a big headache for IT admins and the management.

Note: To manage Entra ID (Azure) groups, you will need to have Microsoft Entra ID P1 or P2 licenses or Microsoft Entra Basic EDU

The question is, how do you limit this to only certain people?

Set up a Security Group and add members (users) that you want to be able to create a Teams. In my case, I created a group called “AllowToCreateTeams” and added members to it.

After creating a Security Group, you will need to use PowerShell to connect to your tenant.

Open PowerShell as Administrator. First, Install the module.

install-module azureadpreview

Note: you might want to uninstall-module azuread before running install-module azureadpreview

Now, run the script.

Note: Replace <group name>, with the Security group name.

$GroupName = "<group name>"
$AllowGroupCreation = "False"

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
    $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
  $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
} else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

To run the script, you must log in as an administrator. Follow the instructions below.

That should be it.

Let’s take a look at how Microsoft Teams looks for non-members and if they are able to create new Teams vs those who are members.

Can I go back and allow all users to create?

Yes, you can go back and set as it used to be. Run the same script, but instead $AllowGroupCreation = “False” set to “True”.

$AllowGroupCreation = "True"

Good luck. Please, as always, feel free to reach out.

Resources:

Official Microsoft documentation about this topic you can find here.

Latest Posts

May 17, 2022 Adin

How to limit who can create Microsoft Team sites

5 Comments

Rusmir says:

May 26, 2022 at 7:25 pm

This is very useful. Well done! Is there a way to prevent users/members to create/start 1:many chat room?

Thanks,
Rusmir

1. Adin says:
  
  May 27, 2022 at 5:01 pm
  
  Hi Rusmir, unfortunately this is not possible. You can only disable chat all together from Messaging policies. I hope Microsoft add the feature soon.
  
LD says:

August 14, 2023 at 9:01 pm

Hi Adin, Please add a note about licensing as per Microsoft, not all businesses have Premium AD even though they should.

1. Adin says:
  
  November 12, 2023 at 11:03 pm
  
  Hi LD, thanks for the feedback. I just added the license requirements.
  
DEDICATED TEAM says:

August 31, 2023 at 5:30 pm

Pretty nice post. I just stumbled upon your blog and wanted to
say that I’ve truly enjoyed browsing your blog posts.
After all I’ll be subscribing to your feed and I hope you write again very soon!

Latest Posts

5 Comments

Leave a Comment Cancel reply