This could count as a quick start guide to use Microsoft Teams. Microsoft Teams usage has exploded these days. So I want to help people get started with some basic configuration settings. These settings form a nice baseline in which, for example, the creation of teams has been restricted. By default, everthing in teams is enabled. That is not what most Administrators want. I am not saying you need to restrict everything but when some settings are disabled this is for the better.
Configuration items
I am going to talk about these settings, I am going to show you how to configure these later on. These are 5 settings for a first configuration, after this you can let users use Microsoft Teams.
1. Assign a group for the creation of teams. Otherwise everybody in your organisation can create teams. Before you know it you will have more teams then users in your organisation.
2. Disable the option to connect Citrix Files, Dropbox, Google Drive & Box to your teams. This way you will keep the data in Microsoft Teams/SharePoint Online.
3. Disable the usage of 3rd Party Apps untill your company has a policy about the company data being stored in these Apps.
4. Change the Pinned Apps section to make sure your users have everything they need.
5. Disable Cloud recording. Allow this only for specific users who need it to do their jobs.
Configuration Settings
Microsoft Teams Creation
I have created a reference to the Microsoft article at the bottom of the page but this is how you should do it in my words:
Firstly, you need to create a group which can create Teams. You can also use an existing group. It does not matter if this group is synced from Active Directory or not.
Secondly, you need to use the Azure AD Preview Powershell module. Uninstall the Azure AD module First! After that install the Azure AD Preview module. If you don’t want to remove modules from your machine use a Windows 10 test device to install the module and run the script.
This is the script:
$GroupName = "<SecurityGroupName>" #Use Accordingly $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"} $settingsCopy = $template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $settingsCopy $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id } $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation if($GroupName) { $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid } else { $settingsCopy["GroupCreationAllowedGroupId"] = $GroupName } Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy (Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Disable Citrix Files, Dropbox, Google Drive & Box
Go to https://admin.teams.microsoft.com/ and log on.
After that go to “Org-wide settings”:
Go to “Teams Settings”
And from here scroll down to disable the storage settings:
Disable 3rd party Apps
I would disable 3rd Party Apps at first because there is simply no telling where your company data is being stored. In addition, you could enable some apps by policy. I will show you how to do so.
I assume you are still in the teams admin panel.
Go to Teams Apps and after that go to Permission Policies:
Go to Third Party Apps:
And select “Block All Apps”:
If you want to allow some specific apps please select “Allow specific apps and block all others”:
Change Pinned Apps
I still assume you are in the teams admin panel.
Go to “Teams apps” and “Setup policies”:
Now select the global policy:
Here you can see the default Pinned apps:
You can add, for example, Power BI or Power Automate.
Furthermore you can set the settings for users pinning and the upload of custom apps here:
Disable Cloud recording
A lot of customer asked me to disable this feature and only allow it for some when explicitly needed for their job. I am going to describe this scenario.
I still assume you are in the Teams Admin panel.
Go to “Meetings” and after that to “Meeting policies”:
Click on the global policy:
Now scroll down to the Cloud Recording settings and turn it off:
Go back to the policy section:
Create a new policy:
Set the name and leave the cloud recording setting turned on:
Don’t forget to click on save!
Select the policy and click on manage users:
Assign the users:
Now cloud recording for the organisation is disabled and the setting is enabled for some users.
Do you mind if I quote a few of your posts as long as I provide credit and sources back to your website?
My blog is in the exact same niche as yours and my users would really benefit from some of the information you provide here.
Please let me know if this alright with you. Many thanks!