What you should do before roll out Teams

2018年8月20日

Well, I already introduce what Teams can do from my last post. As a network administrator, I think I should add more technical things from my post, so today I will told you that what you should do at the back end before you roll Teams out from your school.

Teams is a very powerful tools but everyone in your organization once the got the license from IT. EVERYONE can have the permission to create Teams by their own.

Guess what. After couple weeks, you will get some called from the faculty, why our student has such lots of private teams by their own and we can not go inside to take a look what they are doing in the teams. This is what truly happen in US. Because they are the first group people can use the Teams education.

So it is very important for IT to have some policy to limited the teams creation. I think the policy should set only the faculty and staff can create the Teams. All students could just join the Teams invite by their teacher.

OK. The first step you should do is go to the Admin site like the page below to create the security group on the cloud.

Create the security group like the page below and add the local AD group as the menber for the security group.

Run the PowerShell as the administrator and type the following command to install the Azure PowerShell plugin.

Install-Module AzureADPreview

Take time to finish to installation process.

Login with your Office 365 Admin account after type in this command.

Connect-AzureAD

Run this following command.

Get-AzureADGroup -SearchString “ABC”

NOTE: ABC is the security group you create from Office 365 Admin site. ABC is just a sample.

Run the following command.

$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq ‘Group.Unified’}

$Setting = $Template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $Setting

Run the command like this.

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id

$Setting[“EnableGroupCreation”] = $False

$Setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “<ABC>”).objectid

$Setting[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “AllowedtoCreateGroups”).objectid

NOTE: ABC is the security group you create from Office 365 Admin site. ABC is just a sample.

Run this command to check if the config is correct or not.

Once you finish these commands from PowerShell. Any student can not create Teams by their own.