Disable external sharing on all O365 Groups, with one single exception?

New Contributor

I have a customer that is using Office365 groups to collaborate, mostly for file sharing. 


Overall they don't want to allow any external sharing via their O365 groups, except for one specific group which is going to be used to share certain files with external partners.


Can i disable external users/guests on all existing and future O365 groups, but leave one group where it is still enabled?

8 Replies
Short answer: No. Microsoft does not provided a granular setting for guest access to Groups....you can enable / disable it globally, but no per group basics...what you can do is just take advantage to the external access to the SPO Groups sites

You can block adding guests to all existing groups by assigning AllowToAddGuests=false (see here) to all groups but the one you want to keep enabled. However this will not affect newly created groups.




We are trying to enable only 2 groups out of 1000 to have guest access so we can trial before enabling for ALL. The scripts which can be found here https://support.office.com/en-gb/article/Guest-access-in-Office-365-Groups-bfc7a840-868f-4fd6-a390-f...

do not seem to work for us.


Is it possible to have guest access to groups disabled for all except 2 groups?




Can you provide more details on why the scripts do not work for you? Or can you reach Microsoft customer support?


Presently there is no configuration that disables adding guests to all groups but enable only a few. If you disable guests at organization level, all groups are blocked to add guests. The only supported way is enable guests at organization level and then set all groups to disable guests, except the 2 you want to enable. However, I am forwarding this feedback to the Azure AD team for their consideration.

I have raised a support case for this and it has been assigned\escalated to the team who look after the script.
So the script works if you follow these steps:
1. Enable guest access and enable adding guests to a group.
2. Run script to disable adding guests to 1 group.

Script doesn't work if:
1. Disable adding all guests to groups.
2. Run script to allow adding guests to 1 group.

The only way I see that we can reach our desired goal is to enable adding guests to all groups and then run the script on a group by group basis disabling the option to add guests, however this is not feasible for us as we have 1000 groups so do not want to run the script 999 times just to allow guest access to one group.

Hope this makes sense.


Are there any new updates on this topic?  We'd like to by default, disable external access for Group then enable guest access for just a couple Groups (similar as how SharePoint Online works).  Is this possible yet?

yep, likewise... keen to hear if this would be possible - seems sensible, deny all by default and allow by exception?