Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.
AzureAD Module
- Open PowerShell as Administrator
- Run
Get-Module -ListAvailable *AzureAD*
to check if the module is installed. If the AzureAD module is present runUninstall-Module AzureAD
to remove it - Install AzureADPreview module
Install-Module AzureADPreview
- Run
Connect-AzureAD
and authenticate
Be sure to uninstall any older AzureAD modules otherwise the commands will not work.
PowerShell Commands
Secondly, run the commands individually. Change $True to $False to disable based on requirements.
$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId
$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
$Setting["AllowToAddGuests"] = $True
Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.
Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting
Checking the value
Verify the Unified Group AllowToAddGuests value.
Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values
You can find more information, including changing tenant wide settings in the Microsoft docs.
Latest Posts
APIOps – A deep dive for APIM multi-environments
Never miss an update: Azure Verified Modules with GitHub Bot & Teams
Getting started: Continuous deployment with Azure Bicep and Azure DevOps