Skip to Content
EmailM365 GroupsNaming Policy

Naming Policy

Enforce consistent group naming across the organization with prefixes, suffixes, and blocked words. Naming policies help maintain discoverability and governance standards for all Microsoft 365 Groups.

Warning: Group naming policies require Azure AD Premium P1 licenses for users who create groups. Naming policies are not enforced for global administrators.

Prefix/Suffix Configuration

Configure naming templates using static strings or dynamic Azure AD attributes:

Prefix Options

  • Static string prefix (e.g., GRP_)
  • Azure AD attribute prefix (e.g., [Department], [Company])

Suffix Options

  • Static string suffix (e.g., _Team)
  • Azure AD attribute suffix (e.g., [CountryOrRegion], [Office])

Preview Example

With prefix GRP_ and suffix _[CountryOrRegion]:

  • User in Marketing from the US creates “Project Alpha”
  • Result: GRP_Marketing_US

Supported Attributes

AttributeExample ValueDescription
[Department]MarketingUser’s department from Azure AD
[Company]ContosoUser’s company attribute
[Office]SeattleUser’s office location
[CountryOrRegion]USUser’s country or region code
[Title]ManagerUser’s job title

Blocked Words

Prevent specific words from being used in group names. Matching is case-insensitive.

Example blocked words:

  • CEO
  • Payroll
  • HR
  • Salary
  • Confidential

Blocked words prevent users from creating groups with names containing these terms. Admins can override this restriction.

Classification and Sensitivity

Naming policies work alongside classification labels for comprehensive governance:

ClassificationDescriptionApplied Policies
PublicNon-sensitive content, open collaborationGuest access allowed, external sharing enabled
InternalInternal business content, limited external sharingGuest access restricted, internal sharing only
ConfidentialSensitive business data, strict access controlsNo guests, encryption required, audit logging
Highly ConfidentialMost sensitive data, regulatory complianceMaximum restrictions, DLP policies, watermarking

Note: Microsoft 365 sensitivity labels provide more granular control than classic classifications. Sensitivity labels can apply encryption, content marking, access restrictions, and DLP policies automatically. Configure sensitivity labels in the Microsoft Purview compliance portal.

Group Creation Settings

Control who can create Microsoft 365 Groups in the tenant:

  • Allow all users to create groups — Any licensed user can create M365 Groups (default)
  • Restrict to security group — Only members of a specified security group can create groups

Creation Sources Affected

Restricting group creation affects all these Microsoft 365 services:

  • Microsoft Teams
  • Outlook Groups
  • SharePoint
  • Planner
  • Yammer
  • Power BI

Usage Guidelines

Define usage guidelines that are shown to users when they create new groups:

  • When to create a group vs. use an existing one
  • Naming conventions and required information
  • Classification requirements for sensitive data
  • Guest access policies and approval process
  • Ownership responsibilities and handoff procedures
  • Data retention and archival expectations

Cross-Tenant Deployment

OpsPilot365 enables bulk configuration of naming policies across multiple managed tenants:

  1. Define Policy — Create group settings template with naming rules
  2. Select Tenants — Choose target tenants by tag or manual selection
  3. Preview — Review changes and conflicts before applying
  4. Deploy — Apply with rollback option

Best Practices

Governance

  • Restrict group creation to trained users
  • Enforce naming policies for discoverability
  • Set appropriate expiration periods
  • Require classifications for all groups
  • Document owner responsibilities clearly

Security

  • Review guest access policies quarterly
  • Use sensitivity labels for sensitive data
  • Monitor orphaned groups regularly
  • Audit group membership changes
  • Implement conditional access for groups

API Reference

# Get group settings (directory settings)
GET /groupSettings
# Configure naming policy
PATCH /groupSettings/{setting-id}
{
  "values": [
    {
      "name": "PrefixSuffixNamingRequirement",
      "value": "GRP_[GroupName]_[Department]"
    },
    {
      "name": "CustomBlockedWordsList",
      "value": "CEO,Payroll,HR"
    }
  ]
}
# OpsPilot365 API - Bulk group settings deployment
POST /api/groups/settings/deploy
{
  "tenantIds": ["tenant-1", "tenant-2"],
  "settings": {
    "enableGroupCreation": false,
    "groupCreationAllowedGroupId": "creators-group-guid",
    "namingPolicy": "GRP_[GroupName]_[Department]",
    "blockedWords": "CEO,Payroll,HR,Salary"
  }
}
  • GET /api/m365-groups/naming-policy — Get naming policy
  • PUT /api/m365-groups/naming-policy — Update naming policy
Last updated on
Group SettingsOneDrive Overview