In this post, I will demonstrate that how can we restrict guest member addition in Group based on Domain.
There is a script provided by Microsoft to Set Guest Allow Block Domain Policy
Unblock-File .\Set-GuestAllowBlockDomainPolicy.ps1
We will be using the AzureADPreview Module to do the same, if you have not yet installed the Azure AD preview module, please find the instruction in my post below.
Connect to AzureADPreivew
Run the below CMD to Connect to Azure AD.
Connect-AzureAD
Connect-AzureAD
There is a script provided by Microsoft to Set Guest Allow Block Domain Policy
Download the Script for Allow/Block policy
Unblock the Script#
Run the below CMD to unblock the Script.Unblock-File .\Set-GuestAllowBlockDomainPolicy.ps1
Check Existing Policy#
Check if any existing Policy is Available.Run the script with the below Parameter.
.\Set-GuestAllowBlockDomainPolicy.ps1 -QueryPolicy
Update Allow/Block List# Update switch will create a new policy and if the same is already exist the same will be replaced, so if you need to make some addition to the existing policy use the -Append switch.
.\Set-GuestAllowBlockDomainPolicy.ps1 -QueryPolicy
Update Allow/Block List# Update switch will create a new policy and if the same is already exist the same will be replaced, so if you need to make some addition to the existing policy use the -Append switch.
Create policy with AllowList only# Run the script with below parameter to create or replace policy with new Allow List
Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("newcustomer.com", "newpartner.com").Create policy with BlockList only# Run the script with below parameter to create or replace policy with new block List
Set-GuestAllowBlockDomainPolicy.ps1 -Update -BlockList @("badpartner.com", "blockedpartner.com")Add more domains to Allow/Block List# Run the script with below parameter to append policy with the AllowList
Update an Existing Policy with AllowList#
Set-GuestAllowBlockDomainPolicy.ps1 -Append -AllowList @("outlook.com")Update an Existing Policy with BlockList#
Set-GuestAllowBlockDomainPolicy.ps1 -Append -BlockList @("gmail.com")
Below screen showing the whole process, where there was no policy Guest Allow policy in the Environment, and after running the below above CMD a new policy was setup.
To further add the domain in the Blocked Domains, we should be using the -Append switch.
The script is written nicely and show the existing policy before it is modified, example below.
This completes my post, where we learn how can we manage (allow/block) guest access based on the domain to the Office 365 Groups.
Below screen showing the whole process, where there was no policy Guest Allow policy in the Environment, and after running the below above CMD a new policy was setup.
The script is written nicely and show the existing policy before it is modified, example below.
Remove the Policy# Run the below cmd to remove the existing policy.
.\Set-GuestAllowBlockDomainPolicy.ps1 -RemoveThis completes my post, where we learn how can we manage (allow/block) guest access based on the domain to the Office 365 Groups.
Comments
Post a Comment