cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

Sahil Arora
Microsoft

‎Aug 01 2017 11:30 PM - edited ‎Aug 01 2017 11:31 PM

‎Aug 01 2017 11:30 PM - edited ‎Aug 01 2017 11:31 PM

New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

We are happy to announce the world wide roll-out of Allow/Block list support for guest access in O365 Groups. With this feature, IT Admins can set-up a list of domains to

  • Allow guest users of specific domains to be invited to Groups.
  • Block guest users of specific domains to be invited to Groups.

 

This policy currently can be set-up through PowerShell & coming soon through UI. We have provided user friendly script below to set-up allow/block list for your tenant.

 

This policy works for all workloads with Guest access through O365 Groups such as Outlook,  Teams & Planner in future. This work independently with SPO settings but we have provided support to

  • Migrate SPO allow/block list to O365 Groups

 

Here is the link to the detailed documentation & script to set this policy: https://technet.microsoft.com/library/a86bb46f-0e5b-43a3-b6ef-7394f344a8da

 

Feel free to reach out if you any feedback and questions!

 

We will be supporting this functionality in OAC(Office Admin Portal) through user interface soon.

 

Thanks,

Sahil

Labels:
12.1K Views
5 Likes
23 Replies
Reply
23 Replies
Monika Bisla

‎Jan 29 2018 06:21 PM

‎Jan 29 2018 06:21 PM

Re: New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

Hi Prabhakar,

 

Can you please provide following details in order to investigate this issue further?

 

1. Output of your current Policy using following command:

        .\Set-GuestAllowBlockDomainPolicy.ps1 -Query

 

2. The exact command which you are using for updating the policy.

 

3.  Current Azure AD Version you are using. Run following in powershell to find the same:

        Get-Module -ListAvailable AzureAD*

 

4.  Can you capture the fiddler traces while running the command and provide the same if possible.

 

Thanks,

Monika

0 Likes
Reply
Prabhakar Sastry

‎Jan 29 2018 09:06 PM

‎Jan 29 2018 09:06 PM

Re: New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

Hi Monika,

Thanks for your update, please find the details accordingly.


1. Output of your current Policy using following command:

        .\Set-GuestAllowBlockDomainPolicy.ps1 -Query

PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Query
No policy found for Allow/Block domain list in AzureAD.

2. The exact command which you are using for updating the policy.

PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("abctest.com")

3.  Current Azure AD Version you are using. Run following in powershell to find the same:

        Get-Module -ListAvailable AzureAD*

PS D:\dlp> Get-Module -ListAvailable AzureAD*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     2.0.0.137  AzureADPreview                      {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-...

4.  Can you capture the fiddler traces while running the command and provide the same if possible

Unable to attach the fiddler file.

0 Likes
Reply
Prabhakar Sastry

‎Jan 29 2018 11:16 PM

‎Jan 29 2018 11:16 PM

Re: New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

Hi All,

I managed to find the issue with the script, in the command for the -Definition the @ should be replaced with $ and it worked fine.

New-AzureADPolicy -Definition @policyValue -DisplayName B2BManagementPolicy -Type B2BManagementPolicy -IsOrganizationDefault $true

1 Like
Reply
Adam Parker

‎Mar 04 2018 10:30 AM

‎Mar 04 2018 10:30 AM

Re: New Feature Announcement: PowerShell support of Allow/Block guest access based on Domain list

Sahil,

Do you have an estimated date of when the allow/block list feature will be added to the Office Admin Portal user interface?

Also, are there any plans to add per-group sharing controls for Office 365 Groups similar to what is already in place for SharePoint online? (https://support.office.com/en-us/article/Per-group-sharing-controls-in-SharePoint-Online-26581d50-ff...)

Thanks,
Adam
0 Likes
Reply