Restrict Users from Creating New Teams in Microsoft Teams

Ever wondered why there are so many teams in your Microsoft Teams? Teamwork is great, but having too many teams can confuse rather than help. As a Microsoft 365 admin, you might find yourself dealing with a flood of teams, causing a mess, as all users have access to create teams. Don’t worry! In this guide, we’ll show you how to disable team creations for users, following the Microsoft Teams best practices.

Let’s simplify Microsoft Teams management by restricting new team creations and making it more efficient. 🚀

By default, all users from your tenant can create a team in the Microsoft Teams client or web app. However, as teams are inherently linked with Microsoft 365 groups, restricting users from creating teams seems challenging. Nevertheless, you can restrict permissions to create teams by preventing users from creating groups. It’s crucial to note that this restriction impacts users’ ability to create collaborative spaces in the following M365 services, as these are associated with Azure AD groups:

• Outlook
• SharePoint
• Viva Engage
• Microsoft Teams
• Planner
• Power BI (classic)
• Project for the web / Roadmap

The only individuals you want authorized to create teams and the admin who is going to configure this operation must hold any one of the following licenses:

• Microsoft Entra ID P1
• Microsoft Entra ID P2
• Microsoft Entra Basic EDU

In order to disable workers or stop students from creating teams, you must follow the below two steps:

• Create a group for users who can create teams in MS teams
• Restrict users from creating new teams using the PowerShell script

Important: Though the steps turn off the ability to create teams or groups, all M365 administrators retain the ability to create groups from the admin centers, aligning with their respective roles. Also, it’s essential to note that administrators can only create groups within the respective admin centers, not from collaborative spaces like MS Teams or SharePoint.

• Global Administrator: Microsoft 365 admin center, Planner, Exchange, and SharePoint
• Exchange Administrator: Exchange admin center and Microsoft Entra ID
• Directory Writers: Microsoft Entra ID
• Groups Administrator: Microsoft Entra ID
• SharePoint Administrator: SharePoint admin center, and Microsoft Entra ID
• Teams Service Administrator: Teams admin center, and Microsoft Entra ID
• User Administrator: Microsoft 365 admin center, and Microsoft Entra ID
• Partner Tier 1 Support: Microsoft 365 admin center, Exchange admin center, and Microsoft Entra ID
• Partner Tier 2 Support: Microsoft 365 admin center, Exchange admin center, and Microsoft Entra ID

To restrict Microsoft 365 users from creating new teams and manage which users can create teams, ensure authorized users are in a specific group. If such a group doesn’t already exist in your Microsoft 365 environment, you need to create a new one. Follow the steps below to create a new group:

• Go to the Entra admin center with your administrator account and navigate to the “Groups” tab.
• Select the “All groups” option, and then click on the “New group” option.
• Select the respective “Group type” (Security – preferable) and enter the “Group name”.
• Click on the “No members selected” option and go to the “Users” tab. Select the required users to limit who can create teams, Microsoft 365 groups, and their associated collaborative spaces.
• Click on the “Select” button and select the “Create” button.

You can also create and add users to groups using Microsoft Graph PowerShell.

Points to remember:

1. For added flexibility, you can nest other groups as members of this group.
2. Add individuals or groups who should be able to create groups or teams as members, not as owners.

After creating the group with users who have the ability to create teams or groups, you must execute the following PowerShell script using your global administrator account. Before proceeding, ensure that your machine has the Microsoft Graph PowerShell beta module installed.

Replace <GroupName> with the name of the group that contains users who are allowed to create teams or M365 groups.

Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement 
Import-Module Microsoft.Graph.Beta.Groups 
Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All" 
$GroupName = "<GroupName>" #Replace this with the name of the group that contains users who are allowed to create teams or M365 groups.  
$AllowGroupCreation = "False" 
$settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id 
if(!$settingsObjectID){ 
    $params = @{ 
        templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" 
        values = @( 
            @{ 
                name = "EnableMSStandardBlockedWords" 
                value = "true" 
            } 
        ) 
    }  
    New-MgBetaDirectorySetting -BodyParameter $params 
    $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).Id 
} 
$groupId = (Get-MgBetaGroup | Where-object {$_.displayname -eq $GroupName}).Id 
$params = @{ 
    templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" 
    values = @( 
        @{ 
            name = "EnableGroupCreation" 
            value = $AllowGroupCreation 
        } 
        @{ 
            name = "GroupCreationAllowedGroupId" 
            value = $groupId 
        } 
    ) 
} 
Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $params 
(Get-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID).Values

The script execution displays the object ID of the group that users are allowed to create teams and groups, along with specifying the state for other users’ ability to create groups. It may take thirty minutes or more for the changes to take effect for all users in your Microsoft 365 tenant.

After execution, users won’t be able to create new teams except those with permission to create teams or M365 groups. If a user without permission tries to create a team, the options will be greyed out, as seen in the image, and those options won’t be accessible.

Note: To revert the configuration and allow all users to create their own team, simply rerun the same PowerShell script by setting $GroupName to “” and $AllowGroupCreation to “true”.

The PowerShell and Microsoft admin centers offer the capability to identify the creator of a group through their auditing features, but it can be inconvenient because of the need for more filtration and syntax formations. Introducing AdminDroid – an efficient solution that delves into Entra ID, providing comprehensive reporting and auditing details regarding group creations at no charge.

The free group and membership reports from AdminDroid’s Azure AD auditing tool provide real-time monitoring of group creation events, including property changes, membership modifications, and more. Ensure the security of your M365 environment and facilitate smooth collaboration in groups with the following AdminDroid’s extensive free auditing reports.

• M365 group creation activities report
• Group property and setting changes
• Group deletion activities report
• M365 Group license activities report
• Group membership changes
• M365 group owner activities

The complementary Azure AD reports offer valuable insights into Microsoft 365 users, groups, licenses, license expiry, managers, and subscriptions. These reports provide admins with knowledge of the present status of their Microsoft 365 environment. Moreover, the Office 365 group creation report collection under the general category enables admins to find out the groups created via MS Teams, Yammer, SharePoint, Stream, and Outlook.

Overall, AdminDroid offers 120+ free reports on Azure AD management, empowering the admins with the ability to know the present status and monitor Entra ID activities in M365. But that’s not all! AdminDroid goes beyond the Entra ID and offers reports for all M365 services which includes MS Teams, Exchange, Viva Engage, SharePoint, Power BI, and more.

The 15-day free edition of AdminDroid imposes no restrictions on reporting functionalities such as alerting, scheduling, exporting, and compliance. It also grants access to the complete suite of 1800+ reports and 30+ dashboards on M365 management.

Explore how the AdminDroid – reporting tool enhances your Microsoft 365 management by downloading it today!

In conclusion, this guide offers a clear and effective solution for restricting Microsoft 365 users from creating new teams in MS Teams. The provided steps to disable team creations empower M365 admins to restrict all users and selectively allow just desired users to create teams, offering flexibility for configurations. Feel free to drop your queries or questions in the comments section. We’re here to help!