25.8 C
Dubai
Saturday, March 25, 2023

Blocking Guests on Sensitive Teams

The number of Teams is increasing day by day in environments and if you wish to block specific teams not to have external guests. you can do it. Team owners may add an external guest to a team by mistake. where a guest may watch sensitive conversations. to avoid such an embarrassing situation it’s better to protect such teams by blocking external guests. There is no GUI option at this moment to do the same.

let’s see how to do using azure ad and exchange online PowerShell modules

To Check which team has external guests –

Every team creates a unified group. So the easiest way to check which teams have external guests is to check the unified groups.

Connect to the exchange module.

Connect-Exchangeonline

Check for groups that have external guests

Get-UnifiedGroup | Where-Object {$_.GroupExternalMembercount -notlike "0"}

Now check for groups/teams which don’t have guests and block them all if required

Get-UnifiedGroup | Where-Object {$_.GroupExternalMembercount -like "0"}

Get the azure ad preview module –

Install-module AzureADPreview
Connect-AzureAD

Below applies to all groups/teams in the environment to stop adding guests.

$groupID =`
Get-UnifiedGroup | Where-Object{$_.GroupExternalMembercount -like "0"}`
| Select-Object -ExpandProperty ExternalDirectoryObjectId
Foreach ($Groups in $GroupID) {
    $template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.displayname -eq "group.unified.guest"}
    $settingsCopy = $template.CreateDirectorySetting()
    $settingsCopy["AllowToAddGuests"]=$False
    New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groups -DirectorySetting $settingsCopy
}
Now it’s applying to all teams
To revert back –
$groupID =`
Get-UnifiedGroup | Where-Object{$_.GroupExternalMembercount -like "0"}`
| Select-Object -ExpandProperty ExternalDirectoryObjectId
Foreach ($Groups in $GroupID) {
    $SettingID = Get-AzureADObjectSetting -TargetType Groups -TargetObjectID $Groups | select-object -expandproperty ID
    Remove-AzureADObjectSetting -Id $settingid -targettype Groups -TargetObjectID $Groups
    $template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.displayname -eq "group.unified.guest"}
    $settingsCopy = $template.CreateDirectorySetting()
    $settingsCopy["AllowToAddGuests"]=$True
    New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groups -DirectorySetting $settingsCopy
}
You can always manipulate the first line to suit your requirements –
To apply on Teams with no external guests –
 Get-UnifiedGroup | Where-Object{$_.GroupExternalMembercount -like "0"} 
To apply on a specific team –
Get-UnifiedGroup | Where-Object {$_.displayname -like "IT Team"}
To apply on a group of teams starts with Governance¬† –
Get-UnifiedGroup | Where-Object {$_.displayname -like "Governance*"}

To check the unified groups which has allowed external guests –

Get-UnifiedGroup | Where-Object {$_.allowaddguests -like $true}

To check the unified groups which has not allowed external guests –

Get-UnifiedGroup | Where-Object {$_.allowaddguests -like $false}
Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?