Service user creation - used to create Microsoft 365 Groups / Teams

asked 2020-08-20T11:46:52.2+00:00
StephanG 701 Reputation points

Hi everyone,

i have the task to create a user that can create M365 groups / Teams by a trigger coming from CRM. I know there might be better ways to do this - but i am not the developer.

It is an easy task if you do not have a naming convention in place, but we have. I cannot take the naming convention back - because i separate the user created teams from the official teams and sites that way.

So the service user should be able to create groups with custom naming.
But i want it least privilege - so adding it to a group that can override this setting (like global admin or user admin) - would be my last option.
Is there any way to scope "naming conventions" on a specific group?

Would be great if anyone knows a solution here (creating an enterprise app for this - will not be possible).

Best regards
Stephan

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,544 questions
No comments
{count} votes

Accepted answer
  1. answered 2021-01-18T06:58:17.33+00:00
    StephanG 701 Reputation points

    Hi everyone,

    solution was to create an enterprise app and add the usermgmt role to it. So it does not care about the naming conventions.

    BR

    No comments

1 additional answer

Sort by: Most helpful
  1. answered 2020-08-20T15:19:42.593+00:00
    Alfredo Revilla (MSFT) 15,561 Reputation points Microsoft Employee

    The least permissive would be to add the service user to the Teams Service Administrator role.

    --
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.