Forum Discussion
New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list
Not to be disrespectful here, I really appreciate the update. But how about providing UI settings, or at least a "regular people" version of the cmdlets? I mean sersiously, have you received at least one positive feedback item on the usability of these cmdlets? It takes a 300 pages script to just change a setting, cmon.
And why are half the settings controlled via "settings" and the other half via "policies"? The same thing that's used for token expiration settings, that will surely help reduce confusion...
To be fair to Microsoft, this step:
- Moves block/allow lists into an AAD policy rather than introducing a dependency on a base workload (like SharePoint or Exchange).
- Uses a policy that is available to all group-enabled applications - which is why it is right to use a separate policy rather than adding it to the Groups AAD policy. That's in line with creating a common external access mechanism for all Office 365 apps (as I argue for in https://www.petri.com/common-external-access-office-365).
Also, if you strip things away, you can get to
Update an existing policy:
New-AzureADPolicy -Definition $policyValue -DisplayName B2BManagementPolicy -Type B2BManagementPolicy -IsOrganizationDefault $true -InformationAction Ignore | Out-Null
Create a new policy:
Set-AzureADPolicy -Definition $policyValue -Id $currentpolicy.Id | Out-Null
Most of the code in the script is error handling or software setup, which is what you'd expect in any utility written by Microsoft... Now, my scripts would be a lot simpler, but they'd have no error handling!