Configuring Guest Access In Specific M365 Groups

Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.

AzureAD Module

1. Open PowerShell as Administrator
2. Run Get-Module -ListAvailable *AzureAD* to check if the module is installed. If the AzureAD module is present run Uninstall-Module AzureAD to remove it
3. Install AzureADPreview module Install-Module AzureADPreview
4. Run Connect-AzureAD and authenticate

Be sure to uninstall any older AzureAD modules otherwise the commands will not work.

PowerShell Commands

Secondly, run the commands individually. Change $True to $False to disable based on requirements.

$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId

$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups

$Setting["AllowToAddGuests"] = $True

Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups

Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.

Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting

Checking the value

Verify the Unified Group AllowToAddGuests value.

Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values

You can find more information, including changing tenant wide settings in the Microsoft docs.

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-cmdlets#update-settings-for-a-specific-group

Tags: AzureADGuest AccessM365Microsoft TeamsOffice 365 GroupsPowerShell