A little background. Our IT department wants a little more control over the inviting external users processes for our Tenant (Our clients). More than 90% of these users will be SharePoint Only, no B2B apps in our company as of yet.
So for automation, I have made use of the "New-AzureADMSInvitation" PowerShell command. It is simpler than trying to invite directly to SharePoint, and it gives me the AD user object to manipulate or put into groups before they accept the invite.
I am also trying to automate control over whitelisting our client's domains. I have found a way to control and add to the B2BManagement Policy ("Set-AzureAdPolicy"). But I am now reading that, at most, this policy can hold only 60 domains. We work with well over 100 different companies, and this cap of 60 domains will not suffice. Is this limit higher for Enterprise, or is this standard across the board?
Second question, which whitelist/blacklist has precedent? I can whitelist within Azure AD, or do a whitelist in the SharePoint Sharing section under the SPO Admin interface. If a domain is not whitelisted in Azure AD, but we invite an external user through the SPO sharing interface, what happens?
All of this is coming from the assumption that at the end of the day, Azure AD gets precedent, and doing things in one area, affects the other. But I am seeing that may not be the case.
Am I going about this wrong by applying whitelist/blacklist in Azure B2BManagementPolicy, and need to instead work in the SharePoint External Sharing?