Jul 09 2018 09:46 AM - edited Jul 18 2018 11:13 AM
Following a recent question, here is a sample script on how to configure guest access at the group level based on classification, more info on guests here: https://support.office.com/en-us/article/guest-access-in-office-365-groups-bfc7a840-868f-4fd6-a390-f...
# Update guest acess based on classification label # Parameters $classification = "High" # Update AAD guest template update $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} $settingsCopy = $template.CreateDirectorySetting() $settingsCopy["AllowToAddGuests"]=$False # Retrieve list of groups with specicif classification $Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $classification} | Sort-Object DisplayName | Select DisplayName, Classification, ExternalDirectoryObjectId ForEach ($G in $Groups) { try { New-AzureADObjectSetting -TargetType Groups -TargetObjectId $G.ExternalDirectoryObjectId -DirectorySetting $settingsCopy Write-Host "The following group guest setting was updated:" $G.DisplayName } catch { Write-Host "The following group guest's setting was NOT updated:" $G.DisplayName } }