Why Can Users Create Microsoft Teams?
Teams for All!
Microsoft Teams can be created (by default) by anyone in your Office 365 tenant. Microsoft describes this as ‘preventing IT staff being inundated with requests to create Teams’ which although noble, is naive. The challenges brought in SharePoint (since the year dot) with regards to users being able to create sites wherever they want seem to be promulgating to Office 365.
Ignoring the governance challenges for now (we will cover in other posts) without 3rd party tools such as ProvisionPoint, if every user can create Teams then chaos will undoubtedly ensue. Teams will be being created by everyone without cohesion. Alas.
Fortunately, there is a solution, although we think of it more as a workaround…
Through PowerShell configuration a tenant admin can define a specific Azure AD Security Group (it must be a security group for nesting reasons) and restrict the creation of Teams to members (or nested members) of this security group.
How does it work? Strictly speaking, this configuration is defining the security group that can create the underlying security infrastructure of a Team – the Office 365 Group. The downside? The change will also impact how users in your organisation can create Office 365 Groups or any other object that relies on an Office 365 Group, such as a Planner ‘Plan’.
Is this ideal? We do not think so, but it is a work in progress at Microsoft which we are sure will be improved in due course.