Forum Discussion

MichaelT630's avatar
MichaelT630
Copper Contributor
Sep 16, 2021

Azure External Identities: how to use Allow List with gmail.com but only allow certain gmails

In Microsoft 365 -> Azure -> External collaboration settings, for the Collaboration Restrictions setting I have it set to "Allow invitations only to the specified domains (most restrictive)".   I n...
microsoft 365
SimBur2365's avatar
SimBur2365
Brass Contributor
Sep 16, 2021

Hi, not with that setting... you need to add the domain.  But you could allow all domains and change the setting above so that only certain trusted users can invite people, then as an Admin invite that one gmail user as a guest.

 

Or, you could allow sharing with gmail.com domain, then create an 'Allowed Guest Users' group.  Then use a Conditional Access policy:

- apply it to Guest and External Users (not the group), then under Exclude add the 'Allowed Guest Users' group. 

- set action to Block

This should prevent any Guest user signing in if they have not been added to the group.

 

Or, you could create a Dynamic Group with rule:

 (user.mail -contains "gmail")

Then set up conditional access to block that group, excluding the 'Allowed group' with the one user in it.

This should block all gmail users while allowing gmail users you add to the allowed group.

 

Requires testing but you should be able to achieve the goal. 

Resources