0

I have the following PowerShell script:

$creategroupbody = @{
    displayName     = "ABC"
    mailEnabled     = $false
    securityEnabled = $false
    mailNickname    = "ABC"
    groupTypes      = @("Unified")
    resourceBehaviorOptions = @("WelcomeEmailDisabled", "HideGroupInOutlook")
}
$createGroupUrl = 'https://graph.microsoft.com/v1.0/groups'
$createGroupResponse = Invoke-RestMethod -Uri $createGroupUrl -Method POST -Headers $header -Body ($creategroupbody | ConvertTo-Json)
$groupid = $createGroupResponse.id

My goal is to create a group where the added members do not receive a welcome email, I've leveraged the options here, namely "WelcomeEmailDisabled" set to false.

However users still receive welcome emails when I added users to my group. Further more in the "Azure - Audit logs" section I see that the properties in the group creating don't correspond to the group that I created, namely:

enter image description here

And I don't see the "resourceBehaviorOptions" defined in the "Modified Properties" tab:

enter image description here

Why is that, it's like it's not reading in the passed in parameters, and the behavior is not consistent with the options.

I read this post which is trying to do something similar and is facing a issue when users are added immediately, I've yet to test adding a user after 15 minutes(I add them right away too) so maybe that's what I'm facing though the options I'm using are a bit different than that post.

I wish this post had a good answer, I basically need to do the opposite...

David Rogers
  • 2,601
  • 4
  • 39
  • 84
  • Your request is invalid. [Unified groups can only be mail enabled](https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http#group-types-in-azure-ad-and-microsoft-graph). Correct that and try again. – jfrmilner Jul 13 '23 at 23:25

1 Answers1

0

To disable the emails for the new members and hide group in the Outlook, I made use of below PowerShell script:

$oauthUri = "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token"

$tokenBody = @{
    client_id     = "ClientID"
    client_secret = "ClientSecret"
    scope         = "https://graph.microsoft.com/.default"    
    grant_type    = "client_credentials"
}

$tokenRequest = Invoke-RestMethod -Uri $oauthUri -Method POST -ContentType "application/x-www-form-urlencoded" -Body $tokenBody -UseBasicParsing
$accessToken = ($tokenRequest).access_token

$headers = @{
  "Authorization" = "Bearer $accessToken"
  "Content-type" = "application/json"
}

$groupBody = 
'{
    "displayName":  "testrukkgroup",
    "mailNickname":  "testrukkgroup",
    "description":  "testrukkgroup",
    "groupTypes":  [
                       "Unified"
                   ],
    "mailEnabled":  "false",
    "securityEnabled":  "false",
    "resourceBehaviorOptions" :  [
        "WelcomeEmailDisabled",
        "HideGroupInOutlook"
    ]
}'

$newGroup = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/groups" -Method POST -Headers $headers -Body $groupBody
$GroupID = $newGroup.Id

enter image description here

To know if the resourceBehaviorOptions is defined for the Group, execute the below script:

$group = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/groups/GroupID?$select=resourceBehaviorOptions" -Method GET -Headers $header

$resourceBehaviorOptions = $group.resourceBehaviorOptions

enter image description here

If still the issue persists, set "mailEnabled": "true" and try.

References:

Set Microsoft 365 group behaviors and provisioning options - Microsoft Graph

Create group - Microsoft Graph v1.0

Rukmini
  • 6,015
  • 2
  • 4
  • 14
  • Please consider accepting the answer by clicking the ✅ beside it and upvote it, if it's helpful for you in any way – Rukmini Aug 02 '23 at 09:57