By default every licensed user in the tenant can create office 365 groups, it is a great feature, but when you have a company where everyone can create a group which leads in storage, leakage of information, naming standards not allowed… it is not a great thing.
So it is very important to have a governance plan and create some plans to plan the process of group creation and maintenance.
So in this scenario, a great feature is the policy to block group creation, where the admin can configure who are allowed to create groups. Remember, when you are using this approach that you are blocking the creation of O365 groups for all applications, is not possible to choose which applications are allowed or whether not.
In addition to that, we can use the policy expiration group, which enable us to automatically remove obsolete groups. Policy control how long groups can exist within a tenant before a group owner must renew the group. As groups expire, Office 365 can automatically remove them from the tenant. The expiration policy applies to all Office 365 Groups, no matter how they are used.
Things to keep in mind:
- Owners of the group are notified to renew the group as the expiration nears
- Any group that is not renewed is deleted
- Any Office 365 group that is deleted can be restored within 30 days by the group owners or the administrator
- When you first set up expiration, any groups that are older than the expiration interval are set to 30 days until expiration. The first renewal notification email is sent out within a day.
- Admins will need to have Azure Active Directory Premium P1 license
- Configuring and using the expiration policy for Office 365 groups requires you to possess Azure AD Premium licenses for the members of all groups to which the expiration policy is applied.