Introduction

As you know, MicrCosoft Teams is the ultimate messaging app for your organization-- a workspace for real time collaboration and communication, meetings, file and app sharing, and even the occasional emoji! All in one place, all in the open, all accessible to everyone.

More and more enterprise customers select Microsoft Teams as their IM tools, but IT and compliance team subsequently face the same issue on how to manage R&D team to use Microsoft Teams reasonably.s are conducted by specialized units or In general, R&D activities are conducted by specialized units or centers belonging to a company, or can be out-sourced to a contract research organization, universities or state agencies. R&D management can be defined as where the tasks of innovation management meet the tasks of technology management. It covers activities such as basic research, fundamental research, technology development, advanced development, concept development, new product development, process development, prototyping, R&D portfolio management, technology transfer, etc.

Enough to see R&D is very important for enterprise, IT Admins have the idea to restrict 'Shared Documents' function in the Microsoft Teams because all the documents generated by R& D team are sensitive, they should be stored and managed on- premise data center. d internal users: Chat, Meetings, Teams.

  • With Chat and Meetings, the shared document will be stored to personal OneDrive.
  • With Teams, the shared document will be stored to Group Team Site Collection->Shared Document Library

 

Based on this logic, in order not to share the documents with internal or external user with Chat or Teams, I propose the solution as reference: Microsoft Teams is a only IM tool for R&D team after IT Admin restricts 'Shared Documents' function according to the following steps:

  • IT Admin can cancel the SharePoint Online License for R& D members to restrict to share documents with Chat and Meetings.
  • Only IT admin can create Microsoft teams with cmdlet in Azure AD premium
  • IT Admin can remove members from Teams Site collection to restrict to share documents with Teams.

How to cancel the SharePoint Online License for R&D members

 1. Office 365 Global Admin login Office 365 Center Admin->Active Users to cancel the SharePoint Online License for R&D Members like this.

2. End users fails to send the documents when starting the conversation.

 

How to control who can create Office 365 Groups(Teams)

 1. Open Windows PowerShell as an administrator to install the latest version of AzureADPreview, run this command:

Install-Module AzureADPreview

2. In the Office 365 admin center, create a group of type Security group. Remember the name of the group! You'll need it later.

 

3. Import the Module and Connect-AzureAD , run this command:

Import-Module AzureADPreview Connect-AzureAD

4. Create a security group for users who need to create Office 365 Groups by using the following syntax:

Get-AzureADGroup -SearchString "Security Group"

5. Run this commands one by one:

$Template = Get-AzureADDirectorySettingTemplate | where {$_.DisplayName -eq 'Group.Unified'}

$Setting = $Template.CreateDirectorySetting()

New-AzureADDirectorySetting -DirectorySetting $Setting

 

6.Run this commands one by one:

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id

$Setting["EnableGroupCreation"] = $False

$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "<Name of your security group>").objectid

$Setting["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString "AllowedtoCreateGroups").objectid

Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $Setting

(Get-AzureADDirectorySetting).Values

The result should look like this (but with the ID value for your security group - this is where you need to be able to recognize it):

 

Verify that it works

 

Sign in to Office 365 with a user account of someone who should NOT have the ability to create groups. That is, they are not a member of the security group you created.

 

How to remove the members from Teams Site collection to restrict to share documents with Teams.

 

1. IT Admin opens Group Site Collection via Group->Files->Open in SharePoint like this.

 

 2. Click Site Permission to go to Advanced Permissions Settings.

3. Remove the R&D group member from Sales Members group.

 

4. R& D Member fails to share documents via Teams.

Notes:

  • This solution cannot affect R&D teams use Exchange Online if IT Admin grant EXO license for R&D members.
  • The members from other division can use Teams function normally.