Disable Self-Service Microsoft Teams Creation in Office 365

Description:

About Microsoft Teams governance, you probably need/want to prevent normal users from new Teams creation.

This can be achieved only with a PowerShell script because, right now, standard Office 365 UI do not give us this option.
Important: in order to be able to execute the script you need the Preview of AzureAD module for PowerShell. This is called "AzureADPreview".
If you already have installed production AzureAD module, you need to uninstall it and then install new preview version of the same module.

Uninstall-Module AzureAD

Install-Module AzureADPreview

Script:

Once you have this module correctly installed, all you need is to execute this script.Change the $groupName variable to fit your environment. This AzureAD Security Group will be the only that later can create Teams.Keep in mind that also Global Admin members can create Microsoft Teams.

#Connect to AAD

$AzureAdCred = Get-Credential 

Connect-AzureAD -Credential $AzureAdCred

#Get reference to your AAD Group

$groupName = "UsersCanCreateTeams"

Get-AzureADGroup -SearchString $groupName 

#Disable Group Creation (on which a Team rely)

$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}

$Setting = $Template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $Setting

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

$Setting["EnableGroupCreation"] = $False

#Enable your AAD Group to group Creation

$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $groupName).objectid

Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting

Updated on: 31/01/2023