Set guest access based on classification

Microsoft

Following a recent question, here is a sample script on how to configure guest access at the group level based on classification, more info on guests here: https://support.office.com/en-us/article/guest-access-in-office-365-groups-bfc7a840-868f-4fd6-a390-f...

 

# Update guest acess based on classification label
# Parameters
$classification = "High"

# Update AAD guest template update
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} 
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False 

# Retrieve list of groups with specicif classification
$Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $classification} | Sort-Object DisplayName | Select DisplayName, Classification, ExternalDirectoryObjectId 

ForEach ($G in $Groups) { 

    try 
        { 
            New-AzureADObjectSetting -TargetType Groups -TargetObjectId $G.ExternalDirectoryObjectId -DirectorySetting $settingsCopy 
            Write-Host "The following group guest setting was updated:" $G.DisplayName
        }
    catch
        { 
            Write-Host "The following group guest's setting was NOT updated:" $G.DisplayName 
        }
 } 
0 Replies