How To: Limit Office 365 Group Creation with PowerShell

In our webinar, Drive Adoption of Office 365 Groups and SharePoint Sites, we were asked how to limit creation of new SharePoint Sites. Our answer: Start by limiting who can create groups.

For the bigger reference, use this Microsoft article.

However, here’s my personal Coles Notes I keep so I can get right down to it (replace items in green with your appropriate values).

Note: “Allow Creation of Office 365 Groups” is the name of a Security Group created already in Office 365 that contains the names of users that we wish to be able to create Office 365 groups.


install-module azureadpreview

import-module azureadpreview


Get-AzureADGroup -SearchString "Allow Creation of Office 365 Groups"

$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}

$Setting = $Template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $Setting 

#****the above should return an ID****

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

$Setting["EnableGroupCreation"] = $False

$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "Allow Creation of Office 365 Groups").objectid

Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting


This is the desired result:


Interior Design: SharePoint Framework and Sass

The SharePoint Framework (SPFx) is a great tool for hooking into SharePoint in a modern, understandable way. Creating a custom webpart is simple, and styling it is done in an extremely modular fashion. This is because SPFx solutions are integrated into a page’s DOM, which is great for removing restrictions.

3 responses to “How To: Limit Office 365 Group Creation with PowerShell

  1. Hi,
    Thanks for the reply to my question, much appreciated 🙂
    I heard that switching off the access for users to create groups will break the creation of Planner as that needs a group to work. Is that correct as we are adopting planner as a replacement for Trello?
    Cheers, Ellya

    1. Hey Ellya,

      That’s a good point and while I haven’t tried it (and I’m on vacation so not near a PC), I suspect that would be absolutely correct by design. If you create a Plan that is attempting to create a new group, you’d need permissions to do it. While that would create a bottleneck obviously, I personally defer to the preference of Governance over this new ‘free lovin’ style Microsoft is trying. And I LOVE Trello but also see the value in wanting to use Planner as a replacement (we’ve been exploring it ourselves and are waiting on some key functionality).

      One thought/suggestion as it is our typical approach for clients to the “I need a new SharePoint Site” request is…

      1. Put a form in front of this process (perhaps use Microsoft Forms) that asks “Why” they need the site (or in your case, the Plan). Questions might include Who is it for? What need does it address? Who needs to approve it?
      2. Do whatever workflow you need to have it be approved/validated updating the requester along the way (in Flow)
      3. If it is approved, CREATE the group for the person, along with the Plan and send them a link to the finished result

      The benefit of the above is some governance/control, some awareness of new objects/systems being added to your environment (avoiding potential sprawl) and folks taking a moment to ask “do I really need this plan? Is there one out there that already exists?”, etc.

      Hope that helps.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.