How to disable Office 365 Groups for specific users

How to disable Office 365 Groups for specific users

With the release of Office 365 Groups Office 365 users get the opportunity to create groups quickly and easily. Using these groups to collaborate over the complete stack of Office 365 rather than just teamsites can be a great win. However in some organizations a little bit more compliancy is required. Groups can be managed with PowerShell as quite a few blogs already pointed out, but most of them focus on disabling groups for everyone. With all the innovation taking place in groups disabling them for everyone should not be focus.

Disable groups for specific users

A great write up has been done by Wictoron Office 365 Groups for Admins – Enable and disable user creation of Groups. However that applies to everyone on your tenant. As it turns out you can also create a policy and apply that policy to a specific user using the following snippet:

New-OwaMailboxPolicy –Name "Group Creation"
Set-OwaMailboxPolicy –Identity "Group Creation" –GroupCreationEnabled $false
Set-CASMailbox –Identity -OWAMailboxPolicy "Group Creation"

It was only after I wrote that small script that I found out that the Office Team already had a nice write up on it on Disable Group Creation. Now in real life scenario’s you might not want to apply a policy to each user but to a specific group as well. As it is all PowerShell and the maging happens in setting a policy, you can use the Get-User to retrieve the users with a filter you like. For instance you can select all users by a specific department:

Get-User | Where-Object {$_.Department -eq "Vendor"} | `
Set-CASMailbox -OWAMailboxPolicy "Group Creation"

But obviously you can use properties like the OrganizationalUnit or CountryOrRegion to target a specific group of users. By disabling or enabling the GroupCreationEnabled property you can manage who can and who cannot create groups. Keep in mind that the focus of Office 365 to have a approachable and easy to use interface that everyone could use. Disabling it for users will impact the ease of use of Groups. However by disabling it for users you can create a custom provisioning engine that allows you to force a specific naming convention.

Leave a Reply