Forum Discussion
Guest permissions under settings in a Team
Is there a way to shut down the guest permissions under settings for a team or at least org wide? The Team owner(s) have access to the settings for their team and can adjust permissions for members and guests, at an admin level can we control which check boxes are active?
Thanks
Brian_H Ah I see, unfortunately not something that can be done via a setting. If it's a hard requirement then you could potentially use a scheduled Graph query to set the option to off:
Update team - Microsoft Graph v1.0 | Microsoft Docs
You would need to update the Guest Permissions with something like:
"guestSettings": { "allowCreateUpdateChannels": false }
Unfortunately it's not bullet proof but could be run on a schedule through Azure Automation or similar
8 Replies
Hello, adding to this as well as you can also prevent guests from being added to a specific team (group).
Re-read your post so this isn't applicable for your question but leaving it as it's quite handy on the topic.
https://docs.microsoft.com/en-us/microsoft-365/solutions/per-group-guest-access?view=o365-worldwide- You might also want to consider if you allow guest invitations to be sent from all users also:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/delegate-invitations
and for Teams / Groups / Sites, consider using sensitivity labels to control the level of access permitted:
https://seanmcavinue.net/2020/09/30/protecting-office-365-groups-and-microsoft-teams-with-sensitivity-labels-preview/ - Yes, at the tenant level you can disable guest access in the Teams Admin Center
- Thanks but we want to allow guest access but not let them create or delete channels and do not want the Team owner to be able to check those boxes.
Brian_H Ah I see, unfortunately not something that can be done via a setting. If it's a hard requirement then you could potentially use a scheduled Graph query to set the option to off:
Update team - Microsoft Graph v1.0 | Microsoft Docs
You would need to update the Guest Permissions with something like:
"guestSettings": { "allowCreateUpdateChannels": false }
Unfortunately it's not bullet proof but could be run on a schedule through Azure Automation or similar
