Disabling out-of-the-box Teams creation experience

When you first roll out Microsoft Teams, the creation experience is available to everyone to be able to create their own Teams. This gives the users a huge amount of flexibility, but also carries the risk of huge amounts of Team sprawl, resulting in potential security issues where content is stored in the wrong place, confusion about which Team they should be using, and a huge support overhead for the Administrators.

The first instinct though is to turn off the out-of-the-box creation experience with Microsoft Teams, which is absolutely fine as long as you have considered what this means to both users and administrators.

  1. Turning off Teams creation is actually turning off Microsoft 365 group creation, which ties into Planner Groups, Group Enabled SharePoint Team sites, and Yammer groups (when used in Microsoft 365 mode). Therefore consideration needs to be given to how these other group enabled services are then managed.
  2. Turning off Teams creation can result in more calls to the Service Desk to create assets which should be within the remit of the general users to create. During particular busy times, this may result in slower response times, which will have a negative impact on the user adoption of Microsoft Teams

Turning off self-service creation is certainly an ideal way to protect your organisation from Teams sprawl, however you should have a solution or a process in place to handle new requests coming through from your users.

Turning off self-service creation

There is currently no way to turn off Teams creation through the Microsoft 365 user interface, therefore we need to use PowerShell to limit who can create them.

  • Create a new Security group in Azure Active Directory
  • Add at least one member to the group. These users will still see the Team creation experience in the Teams client
  • Install the AzureADPreview PowerShell modules with the following line:

Install-Module AzureADPreview

  • Execute the following PowerShell script to disable the creation experience:


Get-AzureADGroup -SearchString $securitygroup

$template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq ‘Group.Unified’}

$setting = $template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $setting

$setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id
$setting[“EnableGroupCreation”] = $false
$setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Name of your security group”).objectid

Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id -DirectorySetting $setting

The out-of-the-box Teams creation experience has now been disabled.

Options for handling requests

There are several options which we can investigate now to make sure that your users are able to create new Teams when they need to. The biggest challenge is making sure that the creation experience is still timely as we don’t want them to start using shadow IT to resolve their own challenges.

  1. Business process – A business process can be implemented and communicated to the users to allow them to request new Teams, and these Teams are then created for them. This will ensure that all Teams are created in a governed way, but can result in greater lead times particularly during busy periods
  2. Power Automate – Requests forms can be created and Teams generated using Power Automate to ensure that users are receiving Teams quickly after they have been requested. This can include approval but will require a lot of work to give you flexibility over creation processes.
  3. Powell Teams – using a third-party solution such as Powell Teams gives us a great way of replacing the out-of-the-box approval process including the creation of templates and approval processes on a per-template basis.

Book a free 30 minute consultation now to discuss these approaches to see which one will work for you.