Share via

"AllowToAddGuests = False" doesn't work

Nikita Krivets 501 Reputation points
2020-04-02T08:16:45.493+00:00

Hello,

I have a tenant wide "Group.Unified" setting with template 62375ab9-6b52-47ed-826b-58e47e0e304b.

Here are a few parameters of the setting: 

    {
        "name": "AllowGuestsToBeGroupOwner",
        "value": "False"
    },
    {
        "name": "AllowGuestsToAccessGroups",
        "value": "True"
    },
    {
        "name": "AllowToAddGuests",
        "value": "False"
    }

I have been waiting for 24 hours for it to be propagated. So, I believe solution to wait for some time doesn't suit me.
I suppose that "AllowToAddGuests = False" means that I won't be able to add any users with userType "Guest" to my office365 group. Unfortunately, it hasn't worked at all, but "AllowGuestsToBeGroupOwner = False" works just fine.

I have tried setting AllowToAddGuests to True and then I have set AllowToAddGuests to False in my Group.Unified.Guest settings for a specific office 365 group. Still, no success.

Tell me please what I am doing wrong. Should this AllowToAddGuests setting work?

Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator
    2020-04-07T21:51:28.94+00:00

    Is there something overriding the setting?

    This setting may be overridden and become read-only if EnableMIPLabels is set to True and a guest policy is associated with the sensitivity label assigned to the group. If the AllowToAddGuests setting is set to False at the tenant level, any AllowToAddGuests setting at the group level is ignored. If you want to enable guest access for only a few groups, you must set AllowToAddGuests to be true at the tenant level, and then selectively disable it for specific groups.

    https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-cmdlets

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.