Following a recent question, here is a sample script on how to configure guest access at the group level based on classification, more info on guests here: https://support.office.com/en-us/article/guest-access-in-office-365-groups-bfc7a840-868f-4fd6-a390-f...
# Update guest acess based on classification label
# Parameters
$classification = "High"
# Update AAD guest template update
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False
# Retrieve list of groups with specicif classification
$Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $classification} | Sort-Object DisplayName | Select DisplayName, Classification, ExternalDirectoryObjectId
ForEach ($G in $Groups) {
try
{
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $G.ExternalDirectoryObjectId -DirectorySetting $settingsCopy
Write-Host "The following group guest setting was updated:" $G.DisplayName
}
catch
{
Write-Host "The following group guest's setting was NOT updated:" $G.DisplayName
}
}
