Forum Discussion
custom AzureADDirectorySettingTemplate as default for all groups
And by "in the article", I mean the first section, "create settings at the directory level": https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-cmdlets#create-settings-at-the-directory-level
We did try that and it works to a point. If we set guest access off at the directory level, it does block all guest access. But then when we have specific Teams that we want to allow guest access, there is no way to do that because the directory level setting overrides the group level setting. What we need is granular control of each Team/O365 Group to set guest access on or off. We were hoping the directory level setting would help with this, but it's very much an all or nothing scenario for all groups in the tenant.
This works just fine in conjunction with the granular, group-specific template you can apply (the next section in the article).
- Have you tested this? Because we see the same behaviour as Bj Zale. The directory level setting seems to override the group level setting.
It's my understanding that the directory-level block will stop any group owner adding a guest to membership. That was always the intention... a single setting that controlled all groups in the tenant.
Once the AllowToAddGuests setting is set to False at a tenant level, only administrators can add guests to group membership using admin interfaces like PowerShell or the Office 365 Admin Center.
