Forum Discussion
custom AzureADDirectorySettingTemplate as default for all groups
Simply configure it as shown in the article, but with AllowToAddGuests set to $false. This sets the default configuration for any new groups created in the tenant. Then, for any group you want to have Guest enabled for, apply a custom settings template at the group level.
And by "in the article", I mean the first section, "create settings at the directory level": https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-cmdlets#create-settings-at-the-directory-level
We did try that and it works to a point. If we set guest access off at the directory level, it does block all guest access. But then when we have specific Teams that we want to allow guest access, there is no way to do that because the directory level setting overrides the group level setting. What we need is granular control of each Team/O365 Group to set guest access on or off. We were hoping the directory level setting would help with this, but it's very much an all or nothing scenario for all groups in the tenant.
This works just fine in conjunction with the granular, group-specific template you can apply (the next section in the article).
- Have you tested this? Because we see the same behaviour as Bj Zale. The directory level setting seems to override the group level setting.
