Group level allow domain configuration in Azure AD

Ankur Gupta · ‎Aug 30 2018

Hi,

We are using Azure AD B2B collboration feature by sending guest invites to external partners. For this, we have only allowed 2 domains for example, xyz.com and abc.com for partners xyz and abc (screenshot attached). We have created 2 Groups, one for XYZ partner and other one for ABC partner and assigned group owner to each group. Now they are able to send invites to their teams using Access Panel (myapps.microsoft.com).

Problem: - The group owner of XYZ partner are able to send invites to ABC.com and vice-versa. We want to restrict XYZ group owner to only send invites to xyz.com not on abc.com. Please let us know how we can do this allowed domains settings at group level. We are using access panel as we only want group owners to see the members of their team only and blocked their access in Azure portal.

We also tried Group as a dynamic type but with this Group owner would not be able to add users in this group from Access Panel, it says 'This group has dedicated users'.

Thanks in advance

ankur.a.gupta@capgemini.com

Ankur Gupta

Peter Stapf · ‎Sep 12 2018

Hi,

you currently cannot restrict the invitations like that with out of box methods.

The allowed (and also denied) domain filter of B2B invites is tenant wide.

The only way to get this currently working is to develop your own simple web app and build those kind of restrictions into that app.

/Peter

Ankur Gupta · ‎Sep 13 2018

Thanks Peter for the information. I raised one support ticket in Azure portal and they have also replied this same. We are planning to go with the MS Graph API.

/Ankur

Group level allow domain configuration in Azure AD

Group level allow domain configuration in Azure AD

Re: Group level allow domain configuration in Azure AD

Re: Group level allow domain configuration in Azure AD

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Group level allow domain configuration in Azure AD