Guest Access on Groups and Teams

Hi there

At this post I’m covering Guest access on Office 365 Groups and Teams.

I want to share with everyone some findings that could prove helpful to customers who are trying to limit Guest Access capabilities to their Teams, but still having the option/opportunity to have Guest Access for specified Teams.

Make sure you’re connected to Exchange Online PowerShell and Azure AD PowerShell in order to run the steps below.

In order to have this done, there are a few things that need to be made:

  1. Export all UG (Unified Groups) current settings to CSV (use as report and for tracking changes) – follow the TIPs #1 and #2 at this article for improving your reports.
  2. Must enable Guest Access from Azure AD
  3. Must enable Guest Access for Office 365 Groups in the O365 Groups Service & Addins portal.
  4. Must enable Guest Access for Microsoft Teams in the Teams Service & Addins portal or under Org-wide settings \ Guest access menu https://admin.teams.microsoft.com/company-wide-settings/guest-configuration
  5. Set all Groups/Teams to ‘AllowToAddGuests’ to $false
    Set a specific Group/Team to $True or $False for Allowing Guest Access
  6. Remove previous settings and set all Groups and Teams back to Allow Guest Access
  7. Validate all changes made above for Guest Access to $True or $False for all Groups and Teams

TIP #1 – Export all current UG settings to CSV.

Script content

$Groups = Get-UnifiedGroup
$Groups | ForEach-Object {
$group = $_
New-Object -TypeName PSObject -Property @{
Group = $group.DisplayName
PrimarySMTPAddress = $group.PrimarySMTPAddress
AllowAddGuests = $group.AllowAddGuests
DisplayName = $group.DisplayName
WhenCreated = $group.WhenCreated
WhenChanged = $group.WhenChanged

}
} | Export-CSV "C:\temp\Office365-UG-info.csv" -NoTypeInformation -Encoding UTF8

 

TIP #2 – Work with the CSV file to get the better of it.

  1. Use the script provided and run against your Office 365 Tenant
  2. Open the exported csv file expand all columns
  3. add one more column on far right and name it “Less than 3 characters”
  4. copy the formula “=LEN(D2)<3″ not the and past it at the 2nd row (change the “D2” cell reference according to your need and paste on all cell affected by your working COLUMN
  5. you can all cut and paste the WhenCreated column to close / before the WhenChanged to make easy or searches within this control file
  6. Now you’re ready to use your filters to:
    1. list Groups allowing guest access (true / false)
    2. list Groups that contains less than 3 characters on its name
      1. you can highlight the searched cells to make easy to identify them when filters are disabled (your you can use Conditional Formatting on Excel to do so).
    3. check when a Group was created and modified

 

References

https://support.office.com/en-us/article/adding-guests-to-office-365-groups-bfc7a840-868f-4fd6-a390-f347bf51aff6?ui=en-US&rs=en-US&ad=US#bkmk_usepowershell&PickTab=Manage

 

Thanks and I hope you liked this post.
Please share it or reach me out for suggestions

Thiago Beier
TwitterLinkedInFacebookRSS