SOLVED

Guest permissions under settings in a Team

Brass Contributor

Is there a way to shut down the guest permissions under settings for a team or at least org wide?  The Team owner(s) have access to the settings for their team and can adjust permissions for members and guests, at an admin level can we control which check boxes are active?

 

Thanks

8 Replies
Yes, at the tenant level you can disable guest access in the Teams Admin Center
You might also want to consider if you allow guest invitations to be sent from all users also:

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/delegate-invitations

and for Teams / Groups / Sites, consider using sensitivity labels to control the level of access permitted:

https://seanmcavinue.net/2020/09/30/protecting-office-365-groups-and-microsoft-teams-with-sensitivit...

Hello, adding to this as well as you can also prevent guests from being added to a specific team (group).

 

Re-read your post so this isn't applicable for your question but leaving it as it's quite handy on the topic.

https://docs.microsoft.com/en-us/microsoft-365/solutions/per-group-guest-access?view=o365-worldwide

Thanks but we want to allow guest access but not let them create or delete channels and do not want the Team owner to be able to check those boxes.
best response confirmed by ThereseSolimeno (Microsoft)
Solution

@Brian_H Ah I see, unfortunately not something that can be done via a setting. If it's a hard requirement then you could potentially use a scheduled Graph query to set the option to off:

 

Update team - Microsoft Graph v1.0 | Microsoft Docs

 

You would need to update the Guest Permissions with something like:

"guestSettings": { "allowCreateUpdateChannels": false }

 

Unfortunately it's not bullet proof but could be run on a schedule through Azure Automation or similar

 

Was afraid of that, thank you.
Also available using Set-Team cmdlet as you probably already know.
This too :)
1 best response

Accepted Solutions
best response confirmed by ThereseSolimeno (Microsoft)
Solution

@Brian_H Ah I see, unfortunately not something that can be done via a setting. If it's a hard requirement then you could potentially use a scheduled Graph query to set the option to off:

 

Update team - Microsoft Graph v1.0 | Microsoft Docs

 

You would need to update the Guest Permissions with something like:

"guestSettings": { "allowCreateUpdateChannels": false }

 

Unfortunately it's not bullet proof but could be run on a schedule through Azure Automation or similar

 

View solution in original post