How to Find Teams-Enabled Microsoft 365 Groups

Creating a team in Microsoft Teams automatically generates a Microsoft 365 group, seamlessly integrating services like shared mailboxes, SharePoint, Planner and more. This integration streamlines communication, document sharing, and task management, which makes Teams-enabled groups essential for collaboration. However, without proper oversight, they can lead to risks such as unauthorized access, data leaks, and oversharing. This guide helps you easily find and manage Teams-enabled Microsoft 365 groups to maintain a secure and efficient collaboration environment.

Identify Teams-Enabled Groups Using Microsoft 365 Admin Center

Microsoft 365 Permission Required

Reports Reader Least Privilege

Global Admin Most Privilege

Log in to the Microsoft 365 admin center.
Navigate to Active teams & groups under the Teams & groups dropdown.
Select the ‘Teams & Microsoft 365 groups’ section and click the Filter option.
Under the Standard filters section, choose the Groups with Teams option.
You can now view all the Microsoft 365 groups with Teams.

Identify Teams-Enabled Groups Using Microsoft 365 Admin Center

Get All Teams-Enabled Groups via Microsoft Entra Admin Center

Microsoft 365 Permission Required

Reports Reader Least Privilege

Global Admin Most Privilege

Log in to the Microsoft Entra admin center.
Navigate to Entra ID»Groups»All Groups section. Click Add filter and select Teams enabled in the Filter dropdown.
Click Apply to list the Teams-enabled Microsoft 365 groups.

Get All Teams-Enabled Groups via Microsoft Entra Admin Center

Discover All Teams-Connected Groups Using Windows PowerShell

Microsoft 365 Permission Required

Group.Read.All Least Privilege

Global Admin Most Privilege

Connect to the Microsoft Graph PowerShell module with your credentials using the cmdlet below.

Windows PowerShell

 Connect-MgGraph -Scopes "Group.Read.All"

Execute the cmdlet below to retrieve Microsoft 365 groups associated with Teams and view details about their visibility, mail, and display name.

Windows PowerShell

 Get-MgGroup -Filter "resourceProvisioningOptions/any(x:x eq 'Team')" |
Select-Object DisplayName, Id, Mail, Visibility, GroupTypes |
Format-Table

Simple & Quick
Export Teams-Enabled M365 Groups Using AdminDroid

AdminDroid Permission Required Delegated

Any user with report access delegated by the Super Admin.

Sign in to the AdminDroid 365 Reporter.
Navigate to the Teams-Enabled Microsoft 365 Groups report under Reports»Entra»Insights»Group Reports»Teams-Enabled Groups.
This report lists all Microsoft 365 groups with Teams and provides details such as the group's creation time, number of owners, number of members, and more.
You can also export the report in PDF, CSV, or other preferred format using the Download option at the top right corner.

Export Teams-Enabled M365 Groups Using AdminDroid

AdminDroid Entra ID Reporter

Gain Full Visibility into Every Team and Group Creation Across Your Microsoft 365 Environment

Easily manage your Teams and Microsoft 365 groups with AdminDroid’s Entra ID management tool. Track everything from team creation and member additions to team usage trends, with interactive charts and reports.

Explore Teams Connectivity Across Microsoft 365 Groups

Lists all Microsoft 365 groups to identify those not connected to Teams, so you can add Teams to them instead of creating new Teams-enabled Microsoft 365 groups.

Find and Restore Deleted Teams-Enabled Groups Instantly

Find all recently deleted Microsoft 365 groups to track and restore any Teams-enabled groups that were deleted accidentally or without authorization.

Identify Teams-licensed Users to Simplify Group Management

Filter Teams-licensed users from the all licensed users and assign them as Microsoft 365 group owners to allow them to create and manage Teams from those groups.

Keep an Eye on Who Joins in Teams to Protect Sensitive Files

Monitor member additions in Teams, as it directly grants users access to files and folders within the associated group, potentially exposing sensitive file.

Scrutinize the External Members in Teams to Prevent Unauthorized Access

Keep a close watch on Teams with external members as they have access to the underlying Microsoft 365 group resources, and remove unwanted members to prevent data leakage and unauthorized access.

Track and Manage teams with Expiration Policies to Avoid Data loss

Track Teams set with an expiration policy to decide whether to renew or remove inactive teams and prevent the deletion of associated group chats & files.

Ultimately, AdminDroid equips admins with comprehensive reports and alerts to manage Microsoft 365 groups and Teams effectively. It improves visibility into group activities, optimizes storage management, and strengthens data security.

Explore a full range of reporting options

Download Live Demo

Important Tips

Configure Microsoft Teams with highly sensitive protection to safeguard teams and associated Microsoft 365 groups against unauthorized use and ensure controlled data sharing.

Set expiration policy for Microsoft 365 groups to automatically delete the group and other collaborative workspaces after collaboration ends.

Apply DLP policies to Teams-enabled Microsoft 365 groups to monitor chats, messages, file sharing, and prevent sensitive data from being shared externally.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints while dealing with Teams-enabled Microsoft 365 groups.

Error Set-UnifiedGroup : The term 'Set-UnifiedGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs because you haven't connected to the Exchange Online PowerShell module before running the Set-UnifiedGroup cmdlet.

Fix Before executing the Set-UnifiedGroup cmdlet, you must first connect to the Exchange Online module as shown below.

Connect-ExchangeOnline

Error Set-TeamArchivedState : BadRequest in /v1.0/groups/ endpoint.

This error occurs when you enter an incorrect GroupId of the team while archiving the team in Microsoft Teams.

Fix

Make sure you're entering the correct GroupId for the team, which you want to archive.
To get the correct GroupId of the respective team, use the below cmdlet.

Get-Team

Error Connect-MgGraph: The term 'Connect-MgGraph' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error usually occurs when the Microsoft Graph PowerShell module is not properly installed or updated.

Fix Install and import the Microsoft Graph module properly using the cmdlets below.

Install-Module Microsoft.Graph
Import-Module Microsoft.Graph

Error Authentication needed. Please call Connect-MgGraph.

This error occurs when "Connect-MgGraph" is not executed without the necessary permissions while retrieving Teams-Enabled Microsoft 365 groups.

Fix Connect to the Microsoft Graph PowerShell module with the necessary permissions before executing the cmdlet.

Connect-MgGraph -Scopes "Group.Read.All"

Frequently Asked Questions

Manage Teams-Enabled Microsoft 365 Groups for Better Collaboration

How teams and Microsoft 365 groups work together ?

How to create a Teams-enabled Microsoft 365 group?

How to add Teams in existing Microsoft 365 groups?

what happens to a Microsoft 365 group if its associated team is deleted?

How to restrict users from creating teams in Microsoft Teams?

1. How teams and Microsoft 365 groups work together ?

When you create a team in Microsoft Teams, a corresponding Microsoft 365 group is automatically created for your organization. However, not every Microsoft 365 group has a connected team in Teams. This can be confusing, but understanding the relationship between Teams and Microsoft 365 groups helps you collaborate more effectively.

Teams and Microsoft 365 Groups: Creating a team in Microsoft Teams automatically provisions a Microsoft 365 group, along with associated services like a SharePoint team site, shared Exchange mailbox, Planner, and more to support collaboration. However, when a Microsoft 365 group is created independently, Teams can either be added during group creation or at a later time.
Membership Management is Synced Everywhere: Adding or removing members from the Teams also updates the membership of the associated Microsoft 365 Group. This ensures access stays consistent across all related services. For example, when a user is removed from a team, they no longer have access to the associated SharePoint site, OneNote, Planner, and other shared services.
Deleting the Group Deletes Everything: If you delete the Microsoft 365 Group, all its associated services are deleted too including the Teams team, SharePoint files, Outlook group conversations, and Planner data. After you delete a Team, it takes about 20 minutes for that deletion to reflect in Outlook.
Use an Existing Microsoft 365 Group for a New Team: If you're already an owner of a Microsoft 365 Group, Teams allows you to create a new team based on that group. This is useful when your group already has members, files, or a shared mailbox.
How Files and Channels Work Together: Each channel you create in Teams automatically gets its own folder in the SharePoint document library. But if you create a folder in SharePoint, it won’t create a new Teams channel.
Visibility of Teams-Enabled Group Mailbox: When a Microsoft 365 group is created from the Microsoft 365 admin center, Outlook, or SharePoint, its mailbox is visible in Outlook by default. However, when a group is created through Microsoft Teams, the associated group mailbox is hidden in Outlook.

To make the hidden mailbox visible in Outlook, run the following PowerShell cmdlet:.

Connect-ExchangeOnline
Set-UnifiedGroup -Identity “<GroupDisplayName>” -HiddenFromExchangeClientsEnabled:$false

Replace <GroupDisplayName> with the name of the group you want to make visible in Outlook.

2. How to create a Teams-enabled Microsoft 365 group?

Collaborating with external partners can make managing communication and sharing large files through email challenging. A Microsoft 365 group provides an effective solution to this issue. Creating a Teams-enabled M365 group automatically sets up a team in Microsoft Teams, shared mailbox, SharePoint site, and Planner, which allow team members to collaborate and work efficiently.

Follow these steps to create a Teams-enabled Microsoft 365 group

Log in to the Microsoft 365 admin center.
Navigate to Active teams & groups under the Teams & groups dropdown.
Under the Teams & Microsoft 365 groups section, click on + Add a Microsost 365 group.
Provide the name and description for the group, then select Next.
On the Assign owners tab, select the owners for the group and click Next.
Choose the members for the group under the Add members tab and click Next.
Specify a group email address and set the group’s privacy level on this page. Then, check the Create a team for this group box to add Microsoft Teams to the group, and click Next to continue.
Review the details of your new Microsoft 365 group and click Create group to complete the process.

creating-m365-adding-teams-admin-center-new

Points to remember:

Make sure each owner has a Microsoft Teams license, or else the option to create a Team for this group will be greyed out.
Add more than one owner to ensure proper group management.

3. How to add Teams in existing Microsoft 365 groups?

Microsoft 365 groups are commonly used for a shared mailbox and SharePoint site to facilitate project collaboration within an organization. However, you might want to streamline communication, such as file sharing, access, and conversations. By adding team to the existing Microsoft 365 group, you can unlock additional features like meetings, audio calls, and enhanced project collaboration with greater transparency.

With this option, you don’t need to add members and owners manually. All members and owners of your existing Microsoft 365 group are automatically reflected in the team.

Add teams to the existing Microsoft 365 groups using admin center

In the Microsoft 365 admin center, navigate to Teams & groups»Active teams & groups.
Under the Teams & Microsoft 365 groups section, check the box of group you want to add a team, then click the Add Teams option.
A new dialog box will open asking, "Add Microsoft Teams to this group?" Click Add Teams to proceed.

add-team-in-exsisting-group-admin-center

Note: If the group owner does not have a Teams license, you may see the message: "Before you can add Teams to this group, all owners must have a license that includes Teams".

Handy Tip: After adding Teams to the existing Microsoft 365 group, you can manage group members, Teams channel settings, and Teams conversation settings directly in the admin center.

4. what happens to a Microsoft 365 group if its associated team is deleted?

When you delete a team, its associated Microsoft 365 group is also deleted. This action removes all group-related resources, including activities, chats, files, the shared mailbox, SharePoint sites, and more. It’s not possible to retain a group without its team, or a team without its group.

Instead of deleting, you can archive a team in Microsoft Teams. Archiving the team changes its status to 'Archived' and moves it to the bottom of the chat list. Members can no longer chat or share, effectively freezing the team while preserving its data. However, group resources like files, SharePoint sites, and the shared mailbox remain accessible, allowing users to view and access existing content just like before.

Archive a team in Microsoft Teams using the Teams admin center

Log in to the Microsoft Teams admin center.
Navigate to Teams»Manage teams. Select the team you want to archive and click Archive.
A pop-up window will appear for confirmation. Select the Make the SharePoint site read-only for team members checkbox, then click Archive.

Please note that setting all files in a SharePoint site to 'read-only' for members prevents Microsoft 365 group members from creating new files or folders in SPO.

Archive a team in the Teams using PowerShell

Connect to the Microsoft Teams PowerShell module using the following cmdlet.

Connect-MicrosoftTeams

Execute the cmdlet below to archive a team in the Microsoft Teams.

Set-TeamArchivedState –GroupId "<GroupId>" -Archived:$true

Replace <GroupId> with the Group ID of the team you want to archive, which you can find using the Get-Team cmdlet.

Points to remember:

Even in archived teams, you can still manage team members by adding or removing them. Additionally, you can unarchive teams at any time.
The shared mailbox remains accessible to members and the group members can communicate via email.

An administrator can delete inactive or archived teams from completed projects to free up storage and improve Microsoft Teams security. Archived teams in the Microsoft organization are not always easy to locate and you may need PowerShell cmdlets with complex filters to get the archive list.

AdminDroid provides a report listing all archived teams in your Microsoft Teams , along with details like when they were archived, their channels, members, and owners. This helps you easily identify and remove inactive archived teams.

Quick Tip: You can easily email the report directly from AdminDroid by clicking the 📧 Email button in the top right corner.

5. How to restrict users from creating teams in Microsoft Teams?

By default, users in your organization can create new team in Microsoft Teams. This can lead to unmanaged group creation and, at times, the creation of duplicate teams, which can cause confusion and security risks for your Microsoft 365 organization.

As an admin you can restrict users from creating team in Microsoft Teams with following options.

Restrict team creation using Microsoft Entra admin center

There is no direct method to restrict users from creating teams, but you can restrict Microsoft 365 group creation, which will prevent users from creating teams in Microsoft Teams.

Log in to the Microsoft Entra admin center.
Navigate to Entra ID»Groups»General.
Locate the option Microsoft 365 Groups.
To prevent users from creating teams, select No and click Save.

Note: When you enable this setting, it prevents users from creating Teams and stops them from creating Microsoft 365 groups in SharePoint, Outlook, and Planner.

Only admins will be able to create Teams or Microsoft 365 groups, and they can only do so from the admin centers. Administrators will not be able to create groups directly from collaborative spaces like Microsoft Teams, SharePoint, Outlook, or Planner.

Allow team or group creation for specific users and groups

Sometimes, organizations may need to allow group creation through workspaces for specific users. For example, certain users can be permitted to create groups in collaborative spaces like Teams, SharePoint, or Planner while restricting others to avoid the unnecessary group creation.

To do this, you need to create a group of users who are allowed to create Microsoft 365 groups or teams.

Log in to the Entra admin center and go to the Groups tab.
Choose All groups and then click on "New group".
Select the appropriate Group type (preferably Security) and enter the desired group name.
Click No members selected link under Members section.
In the Users tab, select who can create teams, then click ‘Select’ and hit Create.

Once you've created the group with users who are allowed to create teams or groups, you need to run the following PowerShell script using your global admin account.

Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
Import-Module Microsoft.Graph.Beta.Groups
Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All"
$GroupName = "GroupName"  
#Replace this with the name of the group that contains users who are allowed to create teams or M365 groups.
$AllowGroupCreation = "False"
$settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID){
    $params = @{
        templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
        values = @(
            @{
                name = "EnableMSStandardBlockedWords"
                value = "true"
            }
        )
    }
    New-MgBetaDirectorySetting -BodyParameter $params
    $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}
$groupId = (Get-MgBetaGroup | Where-object {$_.displayname -eq $GroupName}).Id
$params = @{
    templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
    values = @(
        @{
            name = "EnableGroupCreation"
            value = $AllowGroupCreation
        }
        @{
            name = "GroupCreationAllowedGroupId"
            value = $groupId
        }
    )
}
Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $params
(Get-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID).Values

Replace <GroupName> with the name of the group that contains users who are allowed to create teams or M365 groups.

To verify the execution of the script, check the value of the GroupCreationAllowedGroupId, which shows the group ID of users allowed to create groups. Additionally, if the EnableGroupCreation is set to False, it means only the selected group members can create Microsoft 365 groups or teams.