Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.
AzureAD Module
- Open PowerShell as Administrator
- Run
Get-Module -ListAvailable *AzureAD*to check if the module is installed. If the AzureAD module is present runUninstall-Module AzureADto remove it - Install AzureADPreview module
Install-Module AzureADPreview - Run
Connect-AzureADand authenticate
Be sure to uninstall any older AzureAD modules otherwise the commands will not work.
PowerShell Commands
Secondly, run the commands individually. Change $True to $False to disable based on requirements.
$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId
$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
$Setting["AllowToAddGuests"] = $True
Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups
Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.
Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting
Checking the value
Verify the Unified Group AllowToAddGuests value.
Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values
You can find more information, including changing tenant wide settings in the Microsoft docs.
Latest Posts
Create Azure Monitor Baseline Alerts initiative with Enterprise Policy as Code
Azure Deployment Stacks: Zero to Hero 🦾❤️
Azure Policy: Deny Log Analytics Workspaces creation without Daily Quota