Prevent Users from Creating Groups in Office 365

Standard

As Microsoft are starting to role out Groups to all Office 365 tenants we might have the need to disable the function of creating them.Disable-Creation-of-Office-365-Groups

Groups are a great feature but you may not be ready for them, want to create training material before giving them to user or only allow certain users to create them.

The PowerShell script to do this is based on the Outlook Web Access policy for your organisation but you can also create other and assign them to users if you want.

set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity OwaMailboxPolicy-Default

What is important here is that it does not remove Groups, it only prevent users from creating them.  Here are some screenshot of the experience to the user

When Groups are added to your Office 365 Tenant

image

While the OWA Policy is being replicated or the user hasn’t freshed their browser

image

When the change has been implemented

image

23 thoughts on “Prevent Users from Creating Groups in Office 365

  1. Matt Edwards

    Great Stuff – this is exactly what I wanted to do! – Before I go ahead and run the scripts, I’ve got 2 OWA Policies setup in the system – OwaMailboxPolicy-Default (Which is assigned to all staff) and Students_MailboxPolicy (Which is assigned to all students)

    If I want to disable students from creating new groups do I change the line -Identity OwaMailboxPolicy-Default to -Identity Students_MailboxPolicy

    Will this remove any other settings that I already have place in my Students policy or just add the new restriction to what already exists?

    Thanks

    Matt

    • A Pearce

      Hi Matt,
      Yes you can do this or you can do it to all of the OWA Policies Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -GroupCreationEnabled $false

  2. Matt

    Hi Alex, Is this parameter still working?

    I’ve tried to change it along with ‘FacebookEnabled’ on our default OwaMailboxPolicy and a test policy with no luck on either. Both parameters throw back a cannot be found error.

    Other parameters such as CalendarEnabled can be edited fine though?

  3. Marc Emond

    Thanks for the guide above. I have hit this problem so my policy was called Student Role Assignment Policy and when I ran set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity Student Role Assignment Policy

    I got an error

    A positional parameter cannot be found that accepts argument ‘Role’.
    + CategoryInfo : InvalidArgument: (:) [Set-OwaMailboxPolicy], Par
    ameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-OwaMailboxPolicy
    + PSComputerName : pod51031psh.outlook.com

    I assumed that it was because of the spaces in the name so I changed the name to Student_Role_Assignment_Policy

    Now when I run

    set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity Student_Role_Assignment_Policy

    I get an error

    The operation couldn’t be performed because object
    ‘Student_Role_Assignment_Policy’ couldn’t be found on
    ‘AMSPR06A001DC06.EURPR06A001.prod.outlook.com’.
    + CategoryInfo : NotSpecified: (:) [Set-OwaMailboxPolicy], Manage
    mentObjectNotFoundException
    + FullyQualifiedErrorId : [Server=DB4PR06MB347,RequestId=8de18193-4f3e-4cc
    a-a503-0876289baf02,TimeStamp=27/11/2014 13:59:15] [FailureCategory=Cmdlet
    -ManagementObjectNotFoundException] B50E92DF,Microsoft.Exchange.Management
    .Tasks.SetOwaMailboxPolicy
    + PSComputerName : pod51031psh.outlook.com

    Do you have any advice?

  4. A Pearce

    Hi Mark,
    As you have a space in your OWA Policy you need to put the name speech marks. Examples below:

    set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity “Student Role Assignment Policy”

  5. Tom

    What if you want it off for all users except the Admin account? I ran the script and it worked but has also prevented me from creating groups.

  6. Marc Emond

    Hi Alex

    I have followed what you said renaming my policy to Student Role Assignment Policy

    Then I ran the cmd set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity “Student Role Assignment Policy”

    But I am getting the following error

    The operation couldn’t be performed because object ‘Student Role Assignment Policy’ couldn’t be found on
    ‘AMSPR06A001DC09.EURPR06A001.prod.outlook.com’.
    + CategoryInfo : NotSpecified: (:) [Set-OwaMailboxPolicy], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=DB4PR06MB347,RequestId=3af46dff-8fbd-4cce-883a-a1594c52f3bf,TimeStamp=09/12/2014
    08:51:12] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] EB57B62B,Microsoft.Exchange.Management.Tasks
    .SetOwaMailboxPolicy
    + PSComputerName : pod51031psh.outlook.com

  7. Ajay

    Hi guys,

    I am trying to stop our students and staff from making groups…however just need a bit of help if possible.

    I have created 3 policies…and now I want to apply, however I keep getting an error.

    Policies are:

    IT Admin Policy
    Staff Policy
    Student Policy

    I can change the policy using Get-Mailbox (mailbox user) | where { $_.RoleAssignmentPolicy -Eq “Default Role Assignment Policy” } | Set-Mailbox -RoleAssignmentPolicy “Staff Policy”

    and this in theory changes the policy, however the user is still able to create groups. I have unchecked the boxes to create groups within the policies themselves.

    Any ideas? Or how I could use set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity OwaMailboxPolicy-Default in my scenario?

    Thanks in advance for help and replies.

    Ajay

  8. A Pearce

    Hi Ajay,
    As you’ve created 3 policies, you need to set the group creation policy for each.

    set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity -Identity “IT Admin Policy”
    set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity -Identity “Staff Policy”
    set-OwaMailboxPolicy -GroupCreationEnabled $false -Identity -Identity “Student Policy”

    Once you’ve done, you can then assign it to the user.

    set-mailbox -identity Username -RoleAssignmentPolicy “Staff Policy”

  9. Anton

    hi

    thanks for the info. i get an error stating that “WARNING: The command completed successfully but no settings of ‘Student_OwaMailboxPolicy’ have been modified.”

    any suggestions would be very much appreciated.

    thanks

    • Anton

      hi,

      for anyone else getting the same error, it is because the setting is already in place. the commands also take quite a while to apply, therefore testing your changes in the live environment immediately after running the command makes it seem that they aren’t working.

      you can use the “Get-OwaMailboxPolicy” command and look for the “GroupCreationEnabled” line to see if has made the change.

      to apply custom policies to groups of users, the following site has good info. https://msdn.microsoft.com/en-us/library/gg981506(v=exchsrvcs.149).aspx#AssignToMany

      thanks again, you’ve saved me from days and days of manual changes!

Leave a Reply

Your email address will not be published. Required fields are marked *