mardahl · May 27, 2020 19:00
diff --git a/restrict_Office365Groups_creation.ps1 b/restrict_Office365Groups_creation.ps1
 <#
 .DESCRIPTION
  Quick and dirty script to limit the creation of Office 365 Group or Microsoft Teams (Teams) to a specific security group in Azure AD (or One Synced form on-prem AD)
 #>
 #security group that is allowed to create Office 365 Groups
 $secGroup = "Teams Creation Administrators"

 #importing AzureAD Module (should be installed!)
 try {
  Import-module AzureADPreview
 }catch{
  Write-host "AzureADPreview module missing! Installing..."
  Install-Module AzureADPreview
 }

 #Connect to Azure AD
 Connect-AzureAD
 

 #setting it up...

 $Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}

 $Setting = $Template.CreateDirectorySetting()

 New-AzureADDirectorySetting -DirectorySetting $Setting

 $Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

 $Setting["EnableGroupCreation"] = $False

 $Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $secGroup).objectid

 Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting

 

 #verify

 Write-Host "Allowed Group ID:" -ForegroundColor Green

 (Get-AzureADGroup -SearchString $secGroup) | Select-Object ObjectId -ExpandProperty ObjectId

 Write-Host "Effective settings:" -ForegroundColor Green

 $Effective = $(Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq "Group.Unified"}).Values
 $Effective | Where-Object {$_.Name -eq "GroupCreationAllowedGroupId"} | select Value -ExpandProperty Value
	<#
	.DESCRIPTION
	Quick and dirty script to limit the creation of Office 365 Group or Microsoft Teams (Teams) to a specific security group in Azure AD (or One Synced form on-prem AD)
	#>
	#security group that is allowed to create Office 365 Groups
	$secGroup = "Teams Creation Administrators"

	#importing AzureAD Module (should be installed!)
	try {
	Import-module AzureADPreview
	}catch{
	Write-host "AzureADPreview module missing! Installing..."
	Install-Module AzureADPreview
	}

	#Connect to Azure AD
	Connect-AzureAD


	#setting it up...

	$Template = Get-AzureADDirectorySettingTemplate \| where {$_.DisplayName -eq 'Group.Unified'}

	$Setting = $Template.CreateDirectorySetting()

	New-AzureADDirectorySetting -DirectorySetting $Setting

	$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting \| where -Property DisplayName -Value "Group.Unified" -EQ).id

	$Setting["EnableGroupCreation"] = $False

	$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $secGroup).objectid

	Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting \| where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting



	#verify

	Write-Host "Allowed Group ID:" -ForegroundColor Green

	(Get-AzureADGroup -SearchString $secGroup) \| Select-Object ObjectId -ExpandProperty ObjectId

	Write-Host "Effective settings:" -ForegroundColor Green

	$Effective = $(Get-AzureADDirectorySetting \| Where-Object {$_.DisplayName -eq "Group.Unified"}).Values
	$Effective \| Where-Object {$_.Name -eq "GroupCreationAllowedGroupId"} \| select Value -ExpandProperty Value