Introducing guest access for Office 365 Groups!

Thanks TonyRedmond and Sahil Arora !

While having the PowerShell is nice, there is still some exposure there if a user shares something externally to a domain we do not allow. During that time period between the share occurring and some sort of automated job or utility running to scan all guest users to identify their domains and remove the ones we don't want, whatever was shared is exposed to the outside world. This will scare many IT departments into turning guest access off completely, or at best putting data sensitivity restrictions on what a Group is allowed to be used for. I'm assuming either of those scenarios is not the ultimate goal of Groups.

It would be much simpler, more effective, and less risky to simply query the tenant level whitelist or blacklist when the guest access sharing action occurs to see if the domain is allowed or not. If allowed, proceed as normal. If not allowed, throw the same error message that SharePoint does now when you attempt to share to a domain that is not allowed. I'm obviously not familiar with the exact inner workings of everything on your side of the fence, but this seems like a fairly simple and straighforward requirement that functionality already exists for - the connection is just not being made right now.

I personally love Groups, and I clearly see the vision of where it is headed and how it will make things better across the board in Office 365. Not having this sort of integration from the start makes this almost a non-starter to large enterprises that have a risk averse security department, which is becoming almost the norm these days. Even if added later, then it becomes a Change issue since I'll then have a huge battle to relocate teams who started using other solutions since Groups was not ready yet to fit their needs.