I want to share with you how to configure Office 365 Policy Settings, so that you can have more control over group creation, classification and configuration when rolling our Office 365 groups. At the time writing this blog post, most settings are configurable through PowerShell only.

Preparing your PowerShell Host Environment

We need the AzureADPreview PowerShell module, and also the Exchange Online PowerShell module.

Office 365 Groups simple operations

In this section, I will be performing couple of simple operations. Note that an Office 365 Group can be configured using two commands, Set-AzureADGroup and Set-UnifiedGroup . The relationship between the two commands is : The ObjectId retrieved from Get-AzureADGroup  matches the ExternalDirectoryObjectId retrieved from  Get-UnifiedGroup

Office 365 Groups Policy Settings 1


Office 365 Groups Policy Settings 2


Now, let us perform simple operations on Office Groups

Office Groups Directory Setting

To configure advance Office groups operations, like who can create Office 365 groups, and setting group classification, we need to create something called Azure AD Directory Setting.

Azure AD Directory Setting is a way to group configurations related to the same service or configuration type. There are many service types of Azure AD Directory Settings , and when creating a new one, you usually create one from a ready made template the Microsoft provides.

Initially , you will not have any Azure AD Directory Setting objects in your environment, so running Get-AzureADDirectorySetting -All $true will return nothing. Now if you want to create one of those Azure AD Directory Settings, you do that by specifying a template. You can list all templates used to create Azure AD Directory Setting by typing Get-AzureADDirectorySettingTemplate .

Office 365 Groups Policy Settings 5

So, let us go through this again. You can create an Azure AD Directory Setting object, which will hold configurations related to a certain service types. Each service type has a template that can be used to create that directory setting object. Think about Azure AD Directory Setting as an Abstract Class in C#. You cannot instantiate one, but you derive from it a child class or classes (templates).

Office 365 Groups Policy Settings 3

Now, when we create a new Azure AD Directory Setting, we will do that by using the Group.Unified template. This template contains all the configurations that we need to configure Office 365 groups in our tenant. Below you can see the settings that the Group.Unified template provide.

Office 365 Groups Policy Settings 6

Office Groups Advanced Operations

Let us start creating a new Azure AD Directory Setting from the Group.Unified template, and then start configuring each of the settings inside the template as shown in the below figure.

Here is the output from the  $GroupsTemplate.Values  command:

Office 365 Groups Policy Settings 7


Now, let us create an Azure AD Directory Setting from the Group.Unified template:

Now, that we have a new Azure AD Directory Setting based on the Group.Unified template, it is time to configure each and every setting inside that tempalte.

Groups Deletion and Restoration

We can use PowerShell to delete and restore Office 365 groups.

Other Office 365 Groups Operations

Here is another script that can be used for various other operations: