Forum Discussion
Sahil Arora
Microsoft
MicrosoftNew Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list
We are happy to announce the world wide roll-out of Allow/Block list support for guest access in O365 Groups. With this feature, IT Admins can set-up a list of domains to
Allow guest users of spe...
Sahil AroraMicrosoft
MicrosoftHi Vasil,
1. UI support is in the pipeline and we are targeting to have that soon.
2. I hope you have seen the script here but to clarify we understand Azure Policy JSON argument can be difficult for normal people but if you see the script, the script does the job of converting the parameters as JSON, you just need to pass parameters, also this script works as a cmdlet if you run in a session, so in a way its very easy to run this script, if you save the script locally and run as cmdlet.
For the second message, I will definitely pass the feedback to update the set-azure policy.
Yes, but you do realize that many organizations have strict policies around running scripts, unsigned at that? Heck, I've even seen complaints about having to download the AzureAD module from "non-MS" source such as the PowerShell Gallery, but that's another story. In any case, I need to go over all the 300+ lines of the script to make sure I understand what it does, before I run it. And I'm pretty much forced to do that, because the only examples I can find on how to actually run the cmdlet and which parameters to use are in that script.
Don't get me wrong, I really appreciate you providing a solution to this problem. My main complaint is usability, you could've easily made a cmdlet available that accepts the allow/block domain parameter and handles the JSON conversion internally. And that's a general complaint about pretty much every operation handled by the AzureAD module. Forcing us to work with ObjectIDs, JSON and whatnot is simply not cool. You should not be providing a solution that's convenient to you as programmers, but to the end users. If it's not in UI form, at least make it as easy as passing a simple parameter.
- Sahil Arora
Thanks for your feedback! This is a representative script for IT admins to use as a reference while crafting their own based on their organization requirements. It is not a downloadable script. The downloadable link will be provided to you in few days, which will be signed by Microsoft.
It's always a good idea to check scripts downloaded from the internet to get an understanding of what they do :) Anyway, we should already be accustomed to new features coming with a large sense of 'pioneering' when it comes to management. For example, with Groups settings administration you still need to through some hoops to creating/update settings objects, and the new licensing cmdlets in AzureAD - especially when disabling features - are not the most intuitive. A cmdlet/script not only takes away all those details for admins, it also means less opportunities for error.
- Sahil Arora
Here is the download link to the script: Signed by Microsoft:
https://www.microsoft.com/en-us/download/details.aspx?id=55709
Thanks Sahil Arora. Can you please also take a note on the feedback we (and many others!) have left over the past year or so about the "usability" of the AzureAD module, and if possible take steps to reduce the dependance on "programmer notations" for future releases.
