Description:

This setting controls whether regular users can create Microsoft 365 groups. When it is set to No, only administrators can create these groups. This prevents users from creating unnecessary or unauthorized Microsoft 365 groups and helps maintain better control over group creation in the organization.


Rationale:

Setting this option to No prevents regular users from creating Microsoft 365 groups without approval. This reduces the chance of unnecessary, duplicate, or insecure groups being created and keeps group creation under administrator control. It improves security and governance.


Impact:

This setting improves security and reduces clutter by ensuring that only administrators can create Microsoft 365 groups. It prevents regular users from creating unwanted or unmanaged groups, which helps avoid confusion and reduces the risk of unauthorized access.


Default Value:

By default, Microsoft Entra ID allows users to create Microsoft 365 groups. The setting must be changed to No if you want to restrict this.


Pre-requisites:

  • You must sign in with a Global Administrator or Privileged Role Administrator account.


Test Plan:

  1. Go to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Microsoft Entra ID.

  3. In the left-side menu, under Manage, select Groups.

  4. In the Settings section, click General.

  5. Scroll to the Microsoft 365 Groups section.

  6. Locate the setting where Users can create Microsoft 365 groups in Azure portals, API, or PowerShell.

  7. Verify that the setting is set to No.

  1. If it is Yes, follow the implementation Plan.

Implementation Plan:

  1. Go to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Microsoft Entra ID.

  3. In the left-side menu, under Manage, select Groups.

                                       

  1. In the Settings section, click General.

                         

  1. Scroll to the Microsoft 365 Groups section.

  2. Locate the setting where Users can create Microsoft 365 groups in Azure portals, API, or PowerShell.

  3. Set the toggle to No.

  1. Click Save to apply the change.

Backout Plan:

  1. Go to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Microsoft Entra ID.

  3. In the left-side menu, under Manage, select Groups.

  4. In the Settings section, click General.

  5. Scroll to the Microsoft 365 Groups section.

  6. Locate the setting where Users can create Microsoft 365 groups in Azure portals, API, or PowerShell.

  7. Set the toggle back to Yes.

  8. Click Save to apply the change.

Reference: