Forum Discussion
Sahil Arora
Microsoft
MicrosoftNew Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list
We are happy to announce the world wide roll-out of Allow/Block list support for guest access in O365 Groups. With this feature, IT Admins can set-up a list of domains to
Allow guest users of spe...
I had a support case open with MS, and they found that it was because I was using PowerShell 4 (on Windows 7) - I updated to PowerShell 5, and the script then ran fine.
Hi Rob,
Thank you for the information, I've got PS 5 and now getting a different error message.
Setting AllowedDomainList for B2BManagementPolicy
New-AzureADPolicy : Cannot bind argument to parameter 'Definition' because it is an empty collection.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:325 char:35
+ New-AzureADPolicy -Definition @policyValue -DisplayName B2BManage ...
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-AzureADPolicy], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyCollectionNotAllowed,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
New AzureAD Policy:
Cannot index into a null array.
At D:\dlp\Set-GuestAllowBlockDomainPolicy.ps1:330 char:1
+ PrintAllowBlockedList $currentpolicy.Definition[0];
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray
Monika BislaHi Prabhakar,
Can you please provide following details in order to investigate this issue further?
1. Output of your current Policy using following command:
.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
2. The exact command which you are using for updating the policy.
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
4. Can you capture the fiddler traces while running the command and provide the same if possible.
Thanks,
Monika
Hi Monika,
Thanks for your update, please find the details accordingly.
1. Output of your current Policy using following command:.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Query
No policy found for Allow/Block domain list in AzureAD.2. The exact command which you are using for updating the policy.
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("abctest.com")
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
PS D:\dlp> Get-Module -ListAvailable AzureAD*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2.0.0.137 AzureADPreview {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-...4. Can you capture the fiddler traces while running the command and provide the same if possible
Unable to attach the fiddler file.
Hi All,
I managed to find the issue with the script, in the command for the -Definition the @ should be replaced with $ and it worked fine.
New-AzureADPolicy -Definition @policyValue -DisplayName B2BManagementPolicy -Type B2BManagementPolicy -IsOrganizationDefault $true
Sahil AroraAdding Sarat Subramaniam for trouble shooting help.
