Aug 01 2017 11:30 PM - edited Aug 01 2017 11:31 PM
We are happy to announce the world wide roll-out of Allow/Block list support for guest access in O365 Groups. With this feature, IT Admins can set-up a list of domains to
This policy currently can be set-up through PowerShell & coming soon through UI. We have provided user friendly script below to set-up allow/block list for your tenant.
This policy works for all workloads with Guest access through O365 Groups such as Outlook, Teams & Planner in future. This work independently with SPO settings but we have provided support to
Here is the link to the detailed documentation & script to set this policy: https://technet.microsoft.com/library/a86bb46f-0e5b-43a3-b6ef-7394f344a8da
Feel free to reach out if you any feedback and questions!
We will be supporting this functionality in OAC(Office Admin Portal) through user interface soon.
Thanks,
Sahil
Jan 29 2018 06:21 PM
Hi Prabhakar,
Can you please provide following details in order to investigate this issue further?
1. Output of your current Policy using following command:
.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
2. The exact command which you are using for updating the policy.
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
4. Can you capture the fiddler traces while running the command and provide the same if possible.
Thanks,
Monika
Jan 29 2018 09:06 PM
Hi Monika,
Thanks for your update, please find the details accordingly.
1. Output of your current Policy using following command:
.\Set-GuestAllowBlockDomainPolicy.ps1 -Query
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Query
No policy found for Allow/Block domain list in AzureAD.
2. The exact command which you are using for updating the policy.
PS D:\dlp> .\Set-GuestAllowBlockDomainPolicy.ps1 -Update -AllowList @("abctest.com")
3. Current Azure AD Version you are using. Run following in powershell to find the same:
Get-Module -ListAvailable AzureAD*
PS D:\dlp> Get-Module -ListAvailable AzureAD*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 2.0.0.137 AzureADPreview {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-...
4. Can you capture the fiddler traces while running the command and provide the same if possible
Unable to attach the fiddler file.
Jan 29 2018 11:16 PM
Hi All,
I managed to find the issue with the script, in the command for the -Definition the @ should be replaced with $ and it worked fine.
New-AzureADPolicy -Definition @policyValue -DisplayName B2BManagementPolicy -Type B2BManagementPolicy -IsOrganizationDefault $true
Mar 04 2018 10:30 AM