Office 365 groups:


Manage Office 365 groups with PowerShell:

Allow/Block guest access to Office 365 groups:

Office 365 groups naming policies: (I know how to use PowerShell to apply naming convention for new and current groups and blacklisting words in group names!)

How to restrict who can create Office 365 groups:

Connect to AzureAD:

Check installed module:
Get-InstalledModule -Name “AzureAD*”
To uninstall a previous version of AzureADPreview or AzureAD, run this command:
Uninstall-Module AzureADPreview
Uninstall-Module AzureAD

To install the latest version of AzureADPreview, run this command:   Install-Module AzureADPreview -force

At the message about an untrusted repository, type Y. It will take a minute or so for the new module to install.

Then Connect-azureAD

Office 365 groups governance guidance:

I am in favour of the self-service of the end users. This kind of freedom helps to improve the collaboration and the adoption. But It’s true that a bad use of this self-sevice, can be a nightmare in terms of governance. Here some ideas or highlights to balance the user needs and IT management :

Questions to be addressed before the real production phase:

  • Do we want to continue to allow ALL users to create groups ! or do we want to only allow some users?
    • By default all users can create such office 365 groups ! (contrarily to a normal active directory)
    • In one side it is good for end-user (more flexibility and autonomy) => self-service
    • But in other side, it can be a mess for IT !
  • Do we need a naming convention? (but limited to only one naming convention: ie. OG_, O365_ , <prefix>_<attribute>_<free text> …)
  • Do we need to blacklist words? (which ones? Who decide? …)

Other subject:

  • Need to change the expiration policy ? ( Retention period is 30 days after deletion)
  • To restore Office 365 groups is only via PowerShell or with Exchange admin center
  • Need an end-user procedure to request new group
  • Need an end-user procedure to request group restore



PowerShell connection to exchange online:

Office 365 group => management using PowerShell => not part of AzureAD or MSOnline module => only available online ! But need Basic authentication on the client:

PS C:\WINDOWS\system32> Set-ExecutionPolicy -scope currentUser RemoteSigned

PS C:\WINDOWS\system32> $UserCredential = Get-Credential     <== do not use an account with Azure MFA enabled

Note: if you are using Azure MFA to connect to Exchange online, follow this article:

PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

In case of problem due to Message: “The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration”

PS E:\–DEV WORK–> winrm get winrm/config/client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false [Source=”GPO”]
Basic = false [Source=”GPO”]
Digest = false [Source=”GPO”]
Kerberos = true [Source=”GPO”]
Negotiate = true [Source=”GPO”]
Certificate = true
CredSSP = true [Source=”GPO”]
HTTP = 5985
HTTPS = 5986


Import-PSSession $Session

ModuleType Version    Name                                ExportedCommands
———- ——-    —-                                —————-
Script     1.0        tmp_0gtrs5dm.juw                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-MailboxFolderPermission, Add-MailboxLocation…}

PS C:\WINDOWS\system32> Get-Mailbox | Get-MailboxStatistics


For Office 365 groups:


PS C:\WINDOWS\system32> get-unifiedgroup “All Guest users”

After your work, dont forget to stop the remote session:

Remove-PSSession $Session