2 min to read
Control Office365 Group creation permission using OwaMailboxPolicy
Momentum for the use of Office365 Groups increases and it is seen especially across the large educational institutions. These institutions wants to introduce better collaboration among the students community and staffs. They are already using OneNote for Classroom, and they are slowly introducing Office365 Groups. Office365 Groups shares calendar, files and OneNote.
There is a particular scenario where the admins in these institutions wants to control the usage of Office365 Groups, only the certain members are entitled to create Office365 Groups. By default, all the users have the permission to create Office365 Groups. Also the admins wants to follow naming conventions for the groups. Ex:- Append the Department name before the group name such as Maths_Everyone, Maths_Grade7 etc…
The objectives of this blog is
- Restrict the permission to create Office365 Groups to a set of users in a security group
- Imposing a naming convention for the newly created Office365 Groups
Restricting the permission for creating Office365 Groups:
To do this we will be using the powershell cmdlets related to OwaMailboxPolicy. The parameter “GroupCreationEnabled” holds the permission for creating Office365 Groups.
- Remove the default permission of creating the Office365 Groups from the default mailbox policy(OwaMailboxPolicy-Default)
- Create a new mailbox policy with “GroupCreationEnabled” to True
- Set this new mailbox policy to the particular security group who can create Office365 Groups
Below is the powershell script to do this. Replace the new Owa mailbox policy and security group name accordingly in the script.
$policyName = "OWAPolicyName" $securityGroupName = "securityGroupName" //Disable the permission of Office365 Group creation Set-OwaMailboxPolicy -Identity "OwaMailboxPolicy-Default" -GroupCreationEnabled $false //Create new policy with Office365 Group creation enabled New-OwaMailboxPolicy -Name $policyName Set-OwaMailboxPolicy -Identity $policyName -GroupCreationEnabled $true //Set the new policy to the required security group. Get-DistributionGroupMember -Identity $securityGroupName |Set-CASMailbox -OWAMailboxPolicy $policyName
Note: It will take up to 1 hour for the OwaMailboxPolicy settings get reflected on the individual user settings.
Imposing naming convention for the new Office365 Groups while creation
The “Group Naming Policy” available for Distribution can be used for Office365 Groups also. To do this
- Goto Exchange admin center from Office365 admin portal
- Click “recipients” in the left-side panel and select “groups”
- Click “…” and select “Configure group naming policy”
Group naming policy has two parts
- Prefix and Suffix
- Blocked words for the group name.
For prefix and suffix we can have either a generic text or an attribute value from the user who creates the group.