Define Teams naming policies

What options does Microsoft 365 offer for defining Teams naming policies? If Teams is to be introduced in the company, a governance concept must be created beforehand. This concept clarifies, for example, how groups and teams are created, which security rules apply, whether guest access is permitted, how naming is regulated, and much more. In the best case, it should also be possible to ensure that all the rules of the governance concept can be applied technically.

In this article I would like to look at the options for implementing the naming policy. After searching the Microsoft documentation, you will find a description of the Microsoft 365 group naming policy and how to enforce this policy via Azure Active Directory. Since each Microsoft Teams team is mapped to its own Microsoft 365 groups, this sounded like the right approach.

So I logged on to my test environment and tried the whole thing out.

Last update 4/21/2023

The repetition of the naming policy test has shown that the double prefixing by Microsoft has been fixed. The team name is now created correctly.

In principle, the description of the function in the article is still up-to-date. It is important to point out that you can create only one group naming policy, which then applies to all groups.

Setting up the teams naming conventions

If we want to define the teams naming policy, we first go to the Azure AD Management Portal. There we select the “Groups” section under “All Services” and go to the “Naming Policy” item in the menu under Settings.

Here we can make two naming policy settings:

• Blocked words: These words must not appear in group names. This allows us to exclude words that are reserved for special groups, e.g. CEO or Administration. These words are uploaded via a CSV file.
• Naming policy for groups: Prefix and suffix of the group name can be defined here. A prefix or suffix can consist of several parts.
  Fixed strings or values from user attributes of the user who creates the team are possible. The group name can be up to 53 characters long, including the prefix and suffix.
  When specifying the user attributes, the Azure AD attributes “Department”, “Company”, “StateOrProvince”, “CountryOrRegion” and “Title” are currently supported. All unsupported attributes are treated as a fixed string, i.e. they are transferred one-to-one to the group name.

For my test, I will use only the naming policies for now. Since I want to define rules for team naming here, I want my group name to start with the prefix “TEAM”. To know to which department a team belongs, the department name should also be included in the group name. For this purpose I get the value of the “Department-Attribute” of the user in the prefix. To make it easier to read, the components are separated with hyphen, so that I still defined a fixed string for “-” at the end of the prefix.

The teams naming policies should have this format: TEAM-[Department]- [Group Name].

These are the corresponding settings in the administration portal:

Test: Create teams with name policy

Now I open the Teams web client with my test user Alex and create a new team.

I choose the “Manage a project” template.  There are already a few settings, such as 4 channels and 4 apps.

For my test, I want it to be public for once, since it’s a compartmentalized test environment. This is easier for my tests.

Then we need a suitable name. The announcement of my final team name already looks good.

The team has been created, we are… done!
But…wait a minute! Something has gone wrong.

• Team’s name:

The application of the name rule did not work as expected. The prefix appears twice and a meaningful “undefined” was appended to the end of the name.

• Microsoft 365 Group:

The associated Microsoft 365 group looks just as wrong.

 

 

Analysis: Teams naming policies displayed twice

So why isn’t it working? Did I make an input error during the creation?
So I create a team again with the “Manage a project” template as a public team. The same behavior. Likewise as a private team.
Then I create a team without a template, with the default setting “From the beginning”.
And… it works!

The corresponding Microsoft 365 group looks correct too.

So it’s up to the template!
The initial examination of the template settings has not yielded any more detailed findings. Further investigation is necessary. However, this is to be the content of a future article.

Summary

We learned how naming policies can be defined in Azure AD and how they work when creating teams.
This methodology is a good approach but not applicable in practice.

• Only one rule can be defined. Even if the rule can be built dynamically, this is too little to be able to map different team categories, for example.
• The rule acts globally on all Microsoft 365 groups and derived resources. A granular and controlled approach is absolutely
  necessary in practical use.
• There appears to be a bug in the use of teams templates. This means that naming conventions cannot currently be used when using Teams templates.