Groups naming policy
You use a group naming policy to enforce a consistent naming strategy for groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group. The naming policy can also help categorize groups in the address book. You can use the policy to block specific words from being used in group names and aliases.
The naming policy is applied to groups that are created across all groups workloads (like Outlook, Microsoft Teams, SharePoint, Planner, Yammer, etc.). It gets applied to both the group name and group alias. It gets applied when a user creates a group and when group name or alias is edited for an existing group.
A Microsoft 365 group naming policy only applies to Microsoft 365 groups. It doesn't apply to distribution groups created in Exchange Online. To create a naming policy for distribution groups, see Create a distribution group naming policy.
The group naming policy consists of the following features:
Prefix-Suffix naming policy: You can use prefixes or suffixes to define the naming convention of groups (for example: "US_My Group_Engineering"). The prefixes/suffixes can either be fixed strings or user attributes like [Department] that will get substituted based on the user who is creating the group.
Custom Blocked Words: You can upload a set of blocked words specific to your organization that would be blocked in groups created by users. (For example: "CEO, Payroll, HR").
Using Azure AD naming policy for Microsoft 365 groups requires that you possess but not necessarily assign an Azure Active Directory Premium P1 license or Azure AD Basic EDU license for each unique user (including guests) that is a member of one or more Microsoft 365 groups.
This is also required for the administrator that creates the Groups naming policy.
Prefix-Suffix naming policy
Prefixes and suffixes can either be fixed strings or user attributes.
You can use short strings that can help you differentiate groups in the GAL and left navigation of the group workloads. Some of the common prefixes suffixes are keywords like 'Grp_Name' , '#Name', '_Name'
You can use attributes that can help identify who created the group like [Department] and where it was created from like [Country].
|Examples||Policy = "GRP [GroupName] [Department]"|
|User's department = Engineering|
|Created group name = "GRP My Group Engineering"|
Supported Azure Active Directory (Azure AD) attributes are [Department], [Company], [Office], [StateOrProvince], [CountryOrRegion], and [Title].
Unsupported user attributes are considered as fixed strings. E.g. "[postalCode]"
Extension attributes and custom attributes aren't supported.
It's recommended that you use attributes that have values filled in for all users in your organization and don't use attributes that have longer values.
Things to look out for
During policy creation, the total prefixes and suffixes string length is restricted to 53 characters.
Prefixes and suffixes can contain special characters supported in group name and group alias. When the prefixes and suffixes contain special characters that are not allowed in the group alias, they are only applied to the group name. So in this case, the prefixes and suffixes applied to group name would be different from the ones applied to the group alias.
A period (.) or a hyphen (-) is permitted anywhere in the group name, except at the beginning or end of the name. An underscore (_) is permitted anywhere in the group name, including at the beginning or end of the name.
If you are using Yammer Microsoft 365 connected groups, avoid using the following characters in your naming policy: @, #, [, ], <, and >. If these characters are in the naming policy, regular Yammer users will not be able to create groups.
Custom blocked words
You can enter a comma separated list of blocked words that will be blocked in group names and aliases.
No sub-string searches are carried out; specifically, an exact match between the user entered name and the custom blocked words is required to trigger a failure. Sub-string search isn't done so that users can use some of the common words like 'Class' even if 'ass' is a blocked word.
Things to look out for:
The blocked words are case-insensitive.
When a user enters a blocked word, the group client will show an error message with the blocked word.
There are no character restrictions in the blocked words used.
There is a limit of 5000 words that can be set as blocked words.
Selective administrators are exempted from these policies, across all group workloads and endpoints, so that they can create groups with these blocked words and with their desired naming conventions. The following are the list of administrator roles exempted from the group naming policy.
Partner Tier 1 Support
Partner Tier 2 Support
User account admin
How to set up the naming policy
To set up a naming policy:
- In Azure Active Directory, under Manage, click Groups.
- Under Settings, click Naming policy.
- Choose the Group naming policy tab.
- Under Current policy, choose if you want to require a prefix or suffix or both, and select the appropriate check boxes.
- Choose between Attribute and String for each line and then specify the attribute or string.
- When you have added the prefixes and suffixes that you need, click Save.
StaffHub teams do not follow the naming policy, but the underlying Microsoft 365 group does. StaffHub team name does not apply the prefixes and suffixes and does not check for custom blocked words. But StaffHub does apply the prefixes and suffixes and removes blocked words from the underlying Microsoft 365 group.