Azure AD Naming Policy for Office 365 Groups

Azure AD Naming Policy for Office 365 Groups

We can now enforce a Naming Policy for Office 365 Groups, lets give it a test drive.

With the Naming Policy feature we can define prefix or suffix that can be automatically added to group names and at the same time we can define words that are blocked from use in group names.



Note that Azure AD P1 license is required for the group creator, the group members, and the Naming Policy admin.

Setup is done by PowerShell and you need the Public Preview release of Azure Active Directory V2 PowerShell Module to be at least on version 2.0.0.137.

You can verify your  current version with the commands:

Install-Module -Name AzureADPreview

Get-Module -Name AzureADPreview

You can just uninstall and reinstall the module to be sure you got the latest version. (elevated)

Uninstall-Module -Name AzureADPreview


Install-Module -Name AzureADPreview

Now login to the Azure AD  tenant with the command.

Connect-AzureAD

And enter credentials (admin).

Start by getting the current group settings.


$Setting = Get-azureADDirectorySetting | Where-Object {$_.displayname -eq “Group.Unified”}


$Setting.Values


If nothing is returned like in the above screenshot, then we need to create the object before we can continue.


$Template = Get-AzureADDirectorySettingTemplate | where {$_.Displayname -eq “Group.Unified”}


$AADSetting = $Template.CreateDirectorySetting()


New-AzureADDirectorySetting -DirectorySetting $AADSetting




Lets get the current settings again and now we get data back, and as shown we don’t yet have a naming policy set.


$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id


$Setting.Values



Now we can set the naming policy and custom blocked words.


$Setting[“PrefixSuffixNamingRequirement”] =”GRP_[CountryOrRegion]_[GroupName]_[Office]”


$Setting[“CustomBlockedWordsList”]=”Mindcore”


Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified ” -EQ).id -DirectorySetting $Setting


The word Mindcore will not be allowed in the name, and the group name will be based of the users attribute values.

Supported Azure AD attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], [Title].

Lets again get the current settings and now we can see the policies.

$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value “Group.Unified” -EQ).id

$Setting.Values

Final thing to do is to test the rules in teams.

We will create a new team.

Build a team from scratch.


I will create a private team.

I will call the team MyTeam, and in the preview below the name we can see what the final name will be based on our naming policy.


Team created with name as expected.



If we try with the blocked word Mindcore you will see the following warning.


Now test yourself.

Table of Contents

Share this post
Search blog posts
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe