Limit who can create Microsoft Teams – Quick tutorial

For governance reason you need to configure who can create Office 365 Groups in Outlook, Teams or SharePoint Site ?

There are no out of the box way to disable in two click. For SharePoint Sites, it is possible to disable the creation by everybody from the SharePoint admin.

But why disabling Teams Creation for everybody ?

If not, you could end up with so many Teams without business context, way to know when to archive them and without knowing who is the main responsible for this workplace. Some companies want this to test out the product but once you want to ensure two groups doesn’t serve the same purpose : Office 365 Admin needs to block the creation authorization that every users have by default.

So below is a procedure for the Office 365 Admin, to restrict who can create Office 365 Groups.

This is a summary of this microsoft article

To go further, Chris Obrien has created a tutorial to allow users to request Office 365 Groups using SharePoint list and Flow

Tutorial objective

Limit who can create Office 365 Groups. Groups are created when you create a new TEAM / Planner / Outlook Group / SharePoint Site

Pre requisite

Global admin access
Office 365 Admin center access
PowerShell

Steps

For info, you will need to add users to a security group, to allow only certain people to add office 365 Groups

Step	Detail
Install PowershellGet	Install-Module -Name PowerShellGet -Force
Install or re install azureADPreview	Uninstall-Module AzureADPreview Install-Module -Name PowerShellGet -Force
Create security group,	https://admin.microsoft.com/AdminPortal/Home#/groups New > Security Group
Add inside the group who can create office 365 Groups	Filter security groups only Click the group, click edit
	Import-Module AzureADPreview Connect-AzureAD
Run those commands If you get an error in last command, ignore it	Get-AzureADGroup -SearchString “Office 365 Groups Admins” $Template = Get-AzureADDirectorySettingTemplate \| where {$_.DisplayName -eq ‘Group.Unified’} $Setting = $Template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $Setting
	$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting \| where -Property DisplayName -Value “Group.Unified” -EQ).id
	$Setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Office 365 Groups Admins”).objectid Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting \| where -Property DisplayName -Value “Group.Unified” -EQ).id -DirectorySetting $Setting
Verify that your group can create Office 365 Groups It shows the id of your group	(Get-AzureADDirectorySetting).Values
If you want to cancel this configuration, run this command	$SettingId = Get-AzureADDirectorySetting -All $True \| where-object {$_.DisplayName -eq “Group.Unified”} Remove-AzureADDirectorySetting –Id $SettingId.Id
Verify by trying to create a team or planner, with a non admin account

Wrap up

Disabling Teams Creation for everybody is the pre-requisite for Digital Workplace Team to implement a request system for Teams, Office 365 Groups.

The post Limit who can create Microsoft Teams – Quick tutorial appeared first on Collabmania.

Collabmania
Programmatically remove every Teams except some by PowerShell Script
31 octobre 2020 à 20:46

Collabmania

Programmatically remove every Teams except some by PowerShell Script

Why such script ?

My customer was a school, each year they need to recreate the Teams classroom, to reset the content and canal

The solution was to remove every Teams except the permanent one (workgroup Teams)

Below is the PowerShell Script. I use an xml file to connect easily to the Microsoft 365, avoiding re entering login / password

#By Jeff ANGAMA
#02.09.2020

#************GOAL************#
#This script remove every TEAMS except the one specified in variable $keepThoseTeams
#Write the list of TEAMS without ACCENT !!!

#************PRE REQUISITE - Run those commands to save your creds************#
#$pathToCred = "C:\credTenant.xml"
# $credential = Get-Credential
# $credential | Export-CliXml -Path $pathToCred

#************CONFIG************#
$keepThoseTeams = (
    'IT Team',
    'Support Informatique',
    'Training',
    'Administration',
    'College',
    'Coordinateurs lycee',
    'Documents de suivi lycee',
    'Budget',
    'Demande de creation de classe'
    )

#LOGS
$currentFolder = Get-Location
$timeStamp = $(((get-date).ToUniversalTime()).ToString("yyyyMMddThhmmssZ"))
$logFileName = "$currentFolder\logs\logDeleteTeams_" + $timeStamp + ".txt"
Start-Transcript -path $logFileName -append

#Connect
$pathToCred = "C:\credTenant.xml"
$credential = Import-CliXml -Path $pathToCred
Connect-MicrosoftTeams -Credential $credential

#remove accent from text, to avoid issue with contains or eq function containing accents
function get-sanitizedUTF8Input{   
    Param(
        [String]$inputString
    )
    #replace diacritics
    $sb = [Text.Encoding]::ASCII.GetString([Text.Encoding]::GetEncoding("Cyrillic").GetBytes($inputString))
    
    #remove spaces and anything the above function may have missed
    return $sb
}

Get-Team | ForEach-Object { 
    $valueToCheck = get-sanitizedUTF8Input -inputString $_.DisplayName

    if($keepThoseTeams -contains $valueToCheck){
        Write-Host -ForeGroundColor Green "Do not delete this Team " $_.DisplayName $_.GroupId
    }else {
        Write-Host "Deleting Team " $_.DisplayName $_.GroupId
        #Remove-Team -GroupId $_.GroupId
    }
}

Stop-Transcript

Write-Host -ForeGroundColor Green "END OF SCRIPT"

The post Programmatically remove every Teams except some by PowerShell Script appeared first on Collabmania.