Azure AD Naming Policy for Office 365 Groups is now available

March 22, 2019 Chris Spanougakis No comments exist

Another cool Azure AD feature was announced these days: we now have the ability to enforce a Naming Policy for Office 365 Groups. That new Naming Policy feature enables admins to define prefix or suffix conventions that can be automatically appended to group names and create a list of words that are blocked from use in group names. Please keep in mind that you’ll need Azure AD Premium 1 licenses for the users that will belong to these groups, the group creator and the Naming Policy administrator.

One of the obvious things that you can do with a Naming Policy could be to block specific words from being used in group names and aliases, or even create groups having names that declare the function of a group, membership, or even the geographic region that a group belongs.

How it works

You can enforce naming policy for Office 365 groups in two different ways:

  • Prefix-suffix naming policy You can define prefixes or suffixes that are then added automatically to enforce a naming convention on your groups (for example, in the group name “GRP_Athens_Accounting”, GRP_Athens_ is the prefix, and _Accounting is the suffix).

  • Custom blocked words You can upload a set of blocked words specific to your organization to be blocked in groups created by users (for example, “CEO, Payroll, HR”).

 

Install PowerShell cmdlets to configure a naming policy

Make sure to uninstall any older version of the Azure Active Directory PowerShell for Graph Module for Windows PowerShell and install Azure Active Directory PowerShell for Graph – Public Preview Release 2.0.0.137

Then:

  • Open the Windows PowerShell app as an administrator.
  • Uninstall any previous version of AzureADPreview by running: Uninstall-Module AzureADPreview
  • Install the latest version of AzureADPreview by running: Install-Module AzureADPreview
  • Reply Y to the next question and wait for a few minutes to get installed.

 

How to configure the group naming policy for a tenant using Azure AD PowerShell

 

This is an example of how you can import blocked words from a text file that you don’t want them to be used in group names:

$BadWords = Get-Content “C:\work\currentblockedwordslist.txt”

$BadWords = [string]::join(“,”, $BadWords)

$Settings = Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq “Group.Unified”}

if ($Settings.Count -eq 0)

{$Template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq “Group.Unified”}

$Settings = $Template.CreateDirectorySetting() New-AzureADDirectorySetting -DirectorySetting $Settings

$Settings = Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq “Group.Unified”}}

$Settings[“CustomBlockedWordsList”] = $BadWords

$Settings[“EnableMSStandardBlockedWords”] = $True Set-AzureADDirectorySetting -Id $Settings.Id -DirectorySetting $Settings

 

For a full documentation please take a look here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-naming-policy

 

Thanks for your time!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.