aflyen/Restrict-O365GroupsCreation.ps1

## Restrict-O365GroupsCreation.ps1
<# .SYNOPSIS
     Restrict Office 365 Groups creation
.DESCRIPTION
     Restrict creation to only users in a specific Azure AD security group. Requires the Azure AD Preview PowerShell module to be installed (this or newer version): https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.98
.NOTES
     Author     : Are Flyen
.LINK
     http://blog.areflyen.no
#>

#region Configuration
$TenantName  = "CONTOSO" # TODO Change this
$GlobalSecurityGroupName = "SVC_O365_AllowedToCreateGroups" # TODO Change this
#endregion

#region Parameters
$GlobalUnifiedGroupName = "Group.Unified"
$GlobalGroupCreationAllowedGroupId = "GroupCreationAllowedGroupId"
$GlobalEnableGroupCreation = "EnableGroupCreation"
#endregion

#region Main
Write-Host "Connect to Azure AD"
$UserCredentials = Get-Credential
Connect-AzureAD -Credential $UserCredentials -ErrorAction Stop

Write-Host "`tGet security group containing user that are allowed to create Office 365 Groups"
$Group = Get-AzureADGroup -SearchString $GlobalSecurityGroupName

$Setting = Get-AzureADDirectorySetting –Id (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if ($Setting -eq $null){
    Write-Host "`tAdding new settings"
    Write-Host "`t`tGet template and create new settings"
    $GroupTemplate = Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq $GlobalUnifiedGroupName}
    $Setting = $GroupTemplate.CreateDirectorySetting()
    $Setting[$GlobalGroupCreationAllowedGroupId] = $Group.ObjectId
    $Setting[$GlobalEnableGroupCreation] = $false # Change this to enable/disable group creation

    Write-Host "`t`tAdd the settings to Azure AD directory settings"
    New-AzureADDirectorySetting -DirectorySetting $Setting
}
else{
    Write-Host "`tSettings already exists"
    # TODO Handle update
}

Disconnect-AzureAD

#endregion
	<# .SYNOPSIS
	Restrict Office 365 Groups creation
	.DESCRIPTION
	Restrict creation to only users in a specific Azure AD security group. Requires the Azure AD Preview PowerShell module to be installed (this or newer version): https://www.powershellgallery.com/packages/AzureADPreview/2.0.0.98
	.NOTES
	Author : Are Flyen
	.LINK
	http://blog.areflyen.no
	#>

	#region Configuration
	$TenantName = "CONTOSO" # TODO Change this
	$GlobalSecurityGroupName = "SVC_O365_AllowedToCreateGroups" # TODO Change this
	#endregion

	#region Parameters
	$GlobalUnifiedGroupName = "Group.Unified"
	$GlobalGroupCreationAllowedGroupId = "GroupCreationAllowedGroupId"
	$GlobalEnableGroupCreation = "EnableGroupCreation"
	#endregion

	#region Main
	Write-Host "Connect to Azure AD"
	$UserCredentials = Get-Credential
	Connect-AzureAD -Credential $UserCredentials -ErrorAction Stop

	Write-Host "`tGet security group containing user that are allowed to create Office 365 Groups"
	$Group = Get-AzureADGroup -SearchString $GlobalSecurityGroupName

	$Setting = Get-AzureADDirectorySetting –Id (Get-AzureADDirectorySetting \| Where-object -Property Displayname -Value "Group.Unified" -EQ).id
	if ($Setting -eq $null){
	Write-Host "`tAdding new settings"
	Write-Host "`t`tGet template and create new settings"
	$GroupTemplate = Get-AzureADDirectorySettingTemplate \| Where-Object {$_.DisplayName -eq $GlobalUnifiedGroupName}
	$Setting = $GroupTemplate.CreateDirectorySetting()
	$Setting[$GlobalGroupCreationAllowedGroupId] = $Group.ObjectId
	$Setting[$GlobalEnableGroupCreation] = $false # Change this to enable/disable group creation

	Write-Host "`t`tAdd the settings to Azure AD directory settings"
	New-AzureADDirectorySetting -DirectorySetting $Setting
	}
	else{
	Write-Host "`tSettings already exists"
	# TODO Handle update
	}

	Disconnect-AzureAD

	#endregion