Search code examples
powershelloffice365exchange-serversharepoint-onlineazure-powershell

Office 365 group classifications: How to restrict users from changing classification after the creation of the group

From the document https://learn.microsoft.com/en-us/office365/enterprise/manage-office-365-groups-with-powershell#create-classifications-for-office-groups-in-your-organization, we can understand how we can add classification to Office 365 groups, and also how to make one classification as default.

Is there any way to restrict owners from changing the classification after the group has been created? As per I see in our tenant users can easily go to Edit group from their Outlook settings and change the classification. But this is the thing which we want to restrict. Please let me know if anyone has any solution.

Thanks in Advance!

Solution

  • I got a resolution for my requirement.

    1. Let user create the site and group using classification drop down.
    2. A script runs every day to check for a property in site collection property bag named classification. If that property exists, the script will continue without changing anything for the site.
    3. As this is not a default property, it will not exist for the first time. The script will add that property with the same text which exists in group classification. This is just a onetime activity for each site.
    4. Another script will also run every day to check the property classification of the site from the property bag. If it exists, it can do whatever is needed (ex: enable/disable external sharing). If it doesn’t, it should not do anything. 5. In this way, no matter how many times owner changes the classification, it will not affect anything

    To change property bag, we can use CSOM as below: $allProperties = $web.allproperties $ctx.Load($web) $ctx.Load($allProperties) $ctx.ExecuteQuery() $allProperties["classification"] = 'Property' $web.Update() $ctx.ExecuteQuery()

    Similarly, for communications site, instead of changing group classification, we can change in site collection classification (Site class of site collection) - as the group does not exist.