Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.
AzureAD Module
- Open PowerShell as Administrator
- Run
Get-Module -ListAvailable *AzureAD*to check if the module is installed. If the AzureAD module is present runUninstall-Module AzureADto remove it - Install AzureADPreview module
Install-Module AzureADPreview - Run
Connect-AzureADand authenticate
Be sure to uninstall any older AzureAD modules otherwise the commands will not work.
PowerShell Commands
Secondly, run the commands individually. Change $True to $False to disable based on requirements.
$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId
$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
$Setting["AllowToAddGuests"] = $True
Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.
Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting
Checking the value
Verify the Unified Group AllowToAddGuests value.
Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values
You can find more information, including changing tenant wide settings in the Microsoft docs.
Latest Posts
Azure Lean Coffee – Episode 3
Azure Spring Clean: Azure best practice for Bicep with PSRule
Continuous deployment to Azure Container Apps with Azure DevOps