Balancing autonomy and control: Best approaches to team creation in Microsoft Teams

Have you ever checked how many Teams teams are in your tenant? If not - go to Microsoft 365 Admin Center and open Active teams and groups. I bet you will be surprised ??

?

As organizations increasingly rely on Microsoft Teams for collaboration and communication, the team creation process plays a crucial role in empowering users while maintaining effective governance. Allowing users to create teams themselves offers numerous benefits, including flexibility, productivity, and innovation. However, it also brings challenges such as information sprawl, security risks, and the need for standardization. In this article, we will explore strategies and best practices to streamline the management of team creation in Microsoft Teams, striking a balance between user autonomy and administrative control. Organizations can optimize team creation processes by implementing efficient workflows, governance policies, and user training, ensuring enhanced collaboration while maintaining security and compliance.

?

?? I'm super excited to tell you that part of the described in this article solution has been verified and published this month on the Microsoft Sample Solution Gallery! You can find it in the Microsoft Adoption portal . Feel free to download, use and customize.

?

Path to Awesome

You will go through several steps to improve and modernize the teams' creation process. Some of them are: defining clear guidelines, restricting permissions, providing self-service tools, automating approvals, awareness, monitoring, support, etc.

Let's focus in this article on the tech parts.

Restricting permissions

By default, all users have the ability to create Microsoft 365 groups, which is recommended for enabling collaboration without IT assistance. However, if there is a need to restrict group creation, it is possible to limit it to specific users.

? Some important notes to keep in mind:

1. Restricting group creation affects various services that rely on groups for access, including Outlook, SharePoint, Yammer, Microsoft Teams, Microsoft Stream, Planner, Power BI (classic), and Project for the web/Roadmap.

2. The restriction won't affect members of certain admin roles.

3. The specific license (Azure AD Premium or Azure AD Basic EDU) is required for admin who configures group creation, and for members who are allowed to create groups.

?

Let's go deeper into how to set up a restriction for the tenant and allow a group of employees to create Teams teams. Below steps description is based on this article with some of my comments and sometimes not obvious tips.

?

Step 1. Create a security group for users allowed to create teams in Microsoft Teams?

Just so you know, only one group in a tenant can be used for this purpose. But nested groups are allowed.

Go to Microsoft 365 Admin Center and open Active teams and groups page. Click Add a group button.

Select security type, enter the name and description for your group, review and when you are ready click Create group button.

Once the group is created you need to add members to this group. Only members of this group will be able to create teams in Microsoft Teams when we complete all steps. Of course, taking into account the exception for admins mentioned above.

I'd like to highlight that only members (literally) of this group will be allowed to create teams. If you add someone as admin of this group and won't add him/her as a member - he/she won't be able to create teams. Tricky, but trust me we tested it with several customers.

?

Step 2. Set up permissions using PowerShell

Don't worry about anything else, nothing complicated in this step. ?

Open PowerShell as administrator. I prefer to use PowerShell ISE. Simply type powershell ise in the Windows search, right-click on the Windows PowerShell ISE app, and select Run as administrator.

In the Power Shell ISE run the following command:

Install-Module AzureADPreview        

Please don't worry about anything specific. After successful installation, you will see in PowerShell ISE the next line waiting for the next command.

?

Copy the bellow script and paste it into Script Pane in the PowerShell ISE or the notepad.

$GroupName = "<GroupName>"

$AllowGroupCreation = $False

?

Connect-AzureAD

?

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id

if(!$settingsObjectID)

{

???$template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}

???$settingsCopy = $template.CreateDirectorySetting()

???New-AzureADDirectorySetting -DirectorySetting $settingsCopy

???$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id

}

?

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID

$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

?

if($GroupName)

{

?$settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid

} else {

$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName

}

Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

?

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values        

Replace the group name in the sample with the group name that you created before.

Save the script. In my example, I saved the script in the Download folder.

Run this script by providing the location and file name.

During the script execution, you might be prompted to sign in. Sign in with the admin account.

?

Step 3. Check that it works

I would recommend that you wait some time while changes are applied to your tenant. Usually, it takes up to an hour.

To check that everything works as expected sign in to Microsoft Teams as a user who should not have permission to create a team. If changes were applied and everything was done correctly - this user won't see the button Create team.

After that sign in to Microsoft Teams as a user who should have permission to create a team. This user should see the button Create team.

?

Providing self-service tool

Well done! The first part was passed successfully! Now let's prepare a self-service tool for users to request a team creation. We wouldn't want to be a pesky bother to our IT department whenever someone feels like team-building, would we? ?? That's why a self-service tool is a good approach.

There are a lot of ways how to do it.

?? One of them - use my sample Teams team Request Form that you can find on the Microsoft Adoption Portal .

?

This solution includes a beautiful app allowing users to request a new team in four simple steps, and a flow that cares about all steps for the requested team creation. In the request form users can configure not only the team's name and description but also set up a welcome message, define team members, and even create channels.

?

Look how easy and quickly it could be:

?

Next steps

The Teams team Request Form solution is open for customizations. So you can adjust it according to your needs.

?

For example, you can replace the standard dropdown control for members selection with a fancy people and group picker component described in my previous article .

?

Another useful feature could be to add a prefix to a team name as we did for one of our clients.

?

A valuable addition could be an approval process integrated into the flow before the action of requested team creation. Power Automate provides a wide range of options for approvals.

?

Conclusion

In summary, modernizing and streamlining the team creation process in Microsoft Teams is essential for organizations seeking to balance user empowerment and administrative control. By implementing the strategies and tools outlined in this article, organizations can ensure standardized team creation, enhance collaboration, and maintain security and compliance within their Microsoft Teams environment.

#Teams #PowerApps #PowerAutomate #SharingIsCarring #PowerPlatform