Configuring Guest Access In Specific M365 Groups

Photo of author

Dan Rios

1 min read

Enable or disable the ability to add guests to an individual Microsoft Team / M365 groups via Azure AD PowerShell.

AzureAD Module

  1. Open PowerShell as Administrator
  2. Run Get-Module -ListAvailable *AzureAD* to check if the module is installed. If the AzureAD module is present run Uninstall-Module AzureAD to remove it
  3. Install AzureADPreview module Install-Module AzureADPreview
  4. Run Connect-AzureAD and authenticate

Be sure to uninstall any older AzureAD modules otherwise the commands will not work.

PowerShell Commands

Secondly, run the commands individually. Change $True to $False to disable based on requirements.

$groupID = (Get-AzureADGroup -SearchString "Team/M365 Group Display Name").ObjectId

$Setting = Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups

$Setting["AllowToAddGuests"] = $True

Get-AzureADObjectSetting -TargetObjectId$groupID -TargetTypeGroups

Lastly, copy the ‘Id’ value (note: not the TemplateId) from the result.

Set-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -Id PASTEIDHERE -DirectorySetting $Setting

Checking the value

Verify the Unified Group AllowToAddGuests value.

Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values

You can find more information, including changing tenant wide settings in the Microsoft docs.

Leave a comment

Skip to content