How to restrict Office 365 Groups Creation to IT Department Only

Currently, an Office 365 Group can be created in OWA, the Outlook 2016 Client, Office 365 Planner, SharePoint, Microsoft Teams and PowerBI.

You may want to restrict Office 365 Group Creation to a group of authorized users (example: the IT Department): for testing, preparing support desk & training materials, etc. Then when ready, you can add additional authorized users to this group. Decide if you will use an existing Office 365 Group or Distribution Group, or create a new group, ex: “O365GroupCreators.” The catch is that the group cannot have other groups in it, group members must be users directly added.

Note: Users with higher tenant roles will always have the ability to create O365 Groups (ex: Global Admins).

Instructions:

Uninstall preview versions of Azure Active Directory Powershell

Download and install Azure Active Directory Powershell v1.1.130.0 Preview from Connect:

http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185

Launch Azure Active Directory Powershell, then run these commands:

Connect-MSOLService
Set-MsolCompanySettings – UsersPermissionToCreateGroupsEnabled $True
^^If this is set to $false, then the settings below will not take effect.
$template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateSettingsObject()
New-MsolSettings –SettingsObject $setting
$group = Get-MsolGroup -All | Where-Object {$_.DisplayName -eq “ENTER GROUP DISPLAY NAME HERE”}
$settings = Get-MsolAllSettings | where-object {$_.displayname -eq “Group.Unified”}
$singlesettings = Get-MsolSettings -SettingId $settings.ObjectId
$value = $singlesettings.GetSettingsValue()
$value[“EnableGroupCreation”] = “false”
$value[“GroupCreationAllowedGroupId”] = $group.ObjectId
Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $value