How to Hide Teams-Enabled Groups from Exchange Online
Cleaning Up a Potential Mess
In mid-2018. Microsoft updated Teams so that the Microsoft 365 Groups created for new teams were hidden from Exchange clients (like OWA) and Exchange address lists (like the GAL). This was accomplished by setting the HiddenFromExchangeClientsEnabled and HiddenFromAddressListsEnabled properties of the groups to False. The idea is that there’s no point in revealing team-enabled groups to Exchange when communications for those groups is centered around Teams messaging and meetings.
Groups Created Using Admin Interfaces
Unfortunately, the change only applied to teams created with the Teams clients (desktop, browser, and mobile) and the New-Team cmdlet from the Microsoft Teams PowerShell module. The groups for teams created using the Teams admin center (Figure 1), Azure AD admin center, Microsoft 365 admin center, New-UnifiedGroup PowerShell cmdlet, or the Microsoft Graph are not hidden from Exchange clients or address lists, with the result being that an organization can end up with some teams being visible and others not.
The logic here is that when an administrator creates a new team or group, it is assumed that they can make whatever decisions are necessary about the settings for the new group. This position is undermined by the fact that there’s no way to update the settings to hide groups available in the Teams admin center or Microsoft 365 admin center, so any adjustments must be done using PowerShell or the Graph.
The PowerShell Solution
Fortunately, the solution is reasonably easy to code in PowerShell. The steps are:
- Find the set of groups used by Teams.
- Reduce the set to the groups still visible to Exchange Online.
- Update the group settings to make them invisible to Exchange Online.
Here’s some code to do the job:
$HiddenGroups = 0
Write-Host "Finding team-enabled Microsoft 365 Groups and checking for any which are visible to Exchange clients"
[array]$Groups = Get-UnifiedGroup -Filter {ResourceProvisioningOptions -eq "Team"} -ResultSize Unlimited
# Reduce to the set visible to Exchange clients
[array]$Groups = $Groups | ? {$_.HiddenFromExchangeClientsEnabled -eq $False}
# Process the remaining groups and hide them from Exchange
If ($Groups.Count -ne 0) {
ForEach ($Group in $Groups) {
Write-Host "Hiding" $Group.DisplayName
$HiddenGroups++
Set-UnifiedGroup -Identity $Group.ExternalDirectoryObjectId -HiddenFromExchangeClientsEnabled:$True -HiddenFromAddressListsEnabled:$True
}
}
Else { Write-Host "No team-enabled Microsoft 365 Groups are visible to Exchange clients and address lists" }
Write-Host ("All done. {0} team-enabled groups hidden from Exchange clients" -f $HiddenGroups)
You can download the script from the Office 365 GitHub repository.
Obviously, this check and update must be done periodically to process newly-created team-enabled groups and stop them becoming visible to Exchange Online clients and in address lists.
Learn how to exploit the Office 365 data available to tenant administrators through the Office 365 for IT Pros eBook. We love figuring out how things work.
The post How to Hide Teams-Enabled Groups from Exchange Online appeared first on Office 365 for IT Pros.
office365
via Office 365 for IT Pros https://ift.tt/38qnOWF
July 8, 2021 at 02:06AM
Tony Redmond
Stack IT News 