Restrict Users From Creating New Teams in Microsoft Teams

If you have recently adopted the usage for Microsoft Teams, managing Teams within Teams becomes a toungue twister in itself, If you’re concerned about users creating teams or groups that don’t comply with your business standards, perhaps you want this to be delegated to set of mindful power users group.

  1. Create a Group – This could be a Active Directory Synced group or M365 group
  2. Install AzureAD Public Preview – AzureAD PowerShell Module.
  3. Run the below script, replace the value of “<GroupName>” with the name of the group you have created, enter the administrator credentials when prompted
$GroupName = "<GroupName>"
$AllowGroupCreation = $False


$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
    $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

  $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
} else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values


Microsoft Admin Portals

Microsoft 365 Admin Portals

Portal NameURL
Microsoft 365 Admin Portal 
Microsoft 365 Compliance
Microsoft Endpoint Manager Admin Console
Microsoft Endpoint Manager Admin Console (old)
Exchange Admin Center (new)
Exchange Admin Center (old)
Microsoft Teams Admin Center 
SharePoint Admin Center
OneDrive Admin Center
Apps Admin Center
Power BI Admin Portal
Power Platform admin center
Microsoft Stream Admin Center
Skype for Business admin center (deprecated)
Kaizala Management Portal
Yammer Admin
Microsoft Store for Business
Microsoft Store for Education
Microsoft Partner Center
Microsoft Remote Connectivity Analyzer
Microsoft 365 network connectivity test
Microsoft Call Quality Dashboard

Azure IT Admin Portals

Portal NameURL
Microsoft Azure Portal 
Microsoft Azure (Release Candidate)
Microsoft Azure (Preview)
Azure Resource Explorer
Azure Cloud Shell
Azure Active Directory admin center
Azure Cosmos DB
Azure Data Factory
Azure Cognitive Services Custom Translator
Azure Non-profit Portal
Portal NameURL
Azure Security Center…

Microsoft Licensing/Support Portals

Portal NameURL
Volume Licensing Service Center
Next Generation Volume Licensing
Microsoft Azure Enterprise Portal
Microsoft Services Hub
Microsoft License Advisor
Microsoft Partner Center
Azure Subscriptions

Security / Defender IT Admin Portals

Portal NameURL
Microsoft Cloud App Security
Microsoft Defender for Endpoints
(Previously Defender ATP)
Microsoft 365 Defender
Office 365 Security & Compliance
Microsoft Defender for Identity
(Previously Azure ATP)
Multi-factor authentication…

Developer Portals

Portal NameURL
Graph Explorer 
Azure DevOps
Visual Studio Subscriptions
Visual Studio Subscriptions Management
Adaptive Cards

Other Useful Microsoft Portals

Portal NameURL
Office 365 Anti-Spam IP Delist Portal
Azure Status
Azure DevOps Status
Windows Virtual Desktop Consent Page
Customer Digital Experiences
Group Policy Search
Microsoft Startups
Office UI Fabric Icons 
Become Microsoft Certified… 
Tech Community Video Hub 
Microsoft Azure Sponsorships
Microsoft Dynamics Lifecycle Services
Microsoft MVP
Portal NameURL
What is my Microsoft Azure and Office 365 tenant ID?
Office 365 ATP Safe Links Decoder
Message Header Analyzer
Tenant Availability Check


Licenses could not be assigned or removed due to an error -Azure AD group based licenses

Scenario: Group based licensing is enabled in Azure AD. Exchange online is not assigned through the group based licensed. Newly added users to the group fail to get licenses assigned via the group. Reprocessing the group based license throws error:

Licenses could not be assigned or removed due to an error

Solution: A recent service plan backfilled by the O365 Commerce Team into the Office and Microsoft SKUs Microsoft Bookings a has been added as Enabled on all the licenses. This service plan has a dependency on Exchange Online (Plan 1) or Exchange Online (Plan2).

Disabling the Microsoft Bookings service plan in the affected groups should resolve the licensing error.

Kill all active user sessions in any Azure AD/ Office 365 application

If you are are ever in a situation where you have to deal with a compromised O365 account or situation similar to mine where users were assigned Onedrive/SPO license and you want to revoke them and stop users from using them immediately, the below cmdlet is much helpful.

If you are dealing with a large group of users, you may tire your fingers clicking on “initiate sign-out” or better get all members of the group and use cmdlet Revoke-AzureADUserAllRefreshToken which invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.

Get the group objectid

Get-MsolGroup [groupname] | fl ObjectId

Next, export the users of the group to a csv

Get-MsolGroupMember -GroupObjectId xxxxx-xxxxx-xxxxx-xxxxx | Select-Object EmailAddress | Export-Csv -Path c:\temp\users.csv

Import the csv and revoke th refresh token for these users.

Import-CSV “c:\temp\users.csv” | % {Get-AzureADUser -SearchString $_.emailaddress | Revoke-AzureADUserAllRefreshToken}

Force a sync from Azure AD Connect to Office 365

AAD sync runs every 30 minutes, we are several situations where you cant wait 30 minutes for a change to sync across, you still want to force a sync. To do so, on the server which has AAD Connect installed and type the following to import the AAD Connect PowerShell module:

Import-Module ADSync

You check the current settings of the sync scheduler



To force a delta sync, you the following PowerShell command:

Start-ADSyncSyncCycle -PolicyType Delta


If you want to force an initial (full) sync, use this command:

Start-ADSyncSyncCycle -PolicyType Initial