Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.
AzureAD Module
- Open PowerShell as Administrator
- Run
Get-Module -ListAvailable *AzureAD*to check if the module is installed. If the AzureAD module is present runUninstall-Module AzureADto remove it - Install AzureADPreview module
Install-Module AzureADPreview - Run
Connect-AzureADand authenticate
Be sure to uninstall any older AzureAD modules otherwise the commands will not work.
PowerShell Commands
Secondly, run the commands individually. Change $True to $False to disable based on requirements.
$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId
$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
$Setting["AllowToAddGuests"] = $True
Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.
Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting
Checking the value
Verify the Unified Group AllowToAddGuests value.
Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values
You can find more information, including changing tenant wide settings in the Microsoft docs.
Latest Posts
Automate .NET Dependency Management in Azure DevOps with GitHub’s Dependabot
Get Azure cost estimates in Azure DevOps PR comments with Bicep
APIOps – A deep dive for APIM multi-environments