In this modern digital world, there is a critical need for any
organizations to collaborate closely with their customers, partners,
suppliers or consultants outside of their organization for a successful
business. Sensing the importance of collaboration with external users
and in response to the customer feedback in user voice, on September 8,
2016, Microsoft has rolled out new guest access feature for Office 365
groups in Outlook on the web portal.
Note:
- Guest access is a tenant-level setting and is enabled by
default. Before proceeding, go to SharePoint admin center and ensure
sharing is allowed for any one of the following tenant level
settings,- Allow users to invite and share with authenticated external
users - Allow sharing to authenticated external users and using
anonymous access links
- Allow users to invite and share with authenticated external
- Also ensure guest user policy is enabled in Azure AD to
control access for guest users. For more info refer this
link.
If you are a group owner, the new guest access feature allows you to add
people outside of your organization (guest users) to your Office 365
group using Guests option in Outlook on the web portal, only if the
external sharing has been enabled for your organization. But, Global
admins can add guest users to any Office 365 groups in the organization.
Once external users added as guest members to Office 365 groups, they
will receive a welcome email with link to access to group files in
SharePoint Online, and they can start conversation with new group, and
receive email messages and calendar invites sent to the group, and have
automatic access to cloud-based file attachments. Also guest members can
leave the group at any time.
As a guest member, when you click Read group files link in your
welcome email, you will be redirected to access the group files in
SharePoint Online, in which you will have full control to view and edit
group files, and also share group files to existing group members/guest
members. But you will neither be able to add new guest user nor share
groups files to new group members/guest members.
Also guest members can access the group OneNote notebook, if they
received link from group member.
When you click the Group conversations link at the top-right corner
of group files page, you will be redirected to the group site, but you
will not be able to access the group conversations.
Currently guest members can interact with group only through the group
emails received in their inbox. Moreover, all group emails and calendar
invitations the guest receives will include a reminder to use “reply
all” in response to the group, along with links to view group files in
SharePoint Online and leave or unsubscribe from the group, as shown in
the below screenshot.
Control Guest User Access/Add Guest User for Office 365 Groups
You can refer below link to control guest user access/add guest user for
all Office 365 groups in a tenant using either PowerShell/UI tenant, and
also to control add guest user for a specific group using PowerShell.
NOTE: By default, guest user access/add guest user for Office 365
groups is enabled for tenant-level. Also, add guest user for Office 365
groups is enabled for individual gropus.
PowerShell Script to Disable Adding Guest Users for Multiple Office 365
Groups via CSV
Connect-MsolService
$csv = Import-Csv C:csvgroups.csv
Foreach($Group in $csv)
{
$Groupname = Get-MsolGroup -SearchString $Group.GroupName
$GroupSettings = Get-MsolAllSettings -TargetObjectId $Groupname.ObjectId
if($GroupSettings)
{
$Value = $GroupSettings.GetSettingsValue()
$Value["AllowToAddGuests"] = "False"
Set-MsolSettings -SettingId $GroupSettings.ObjectId -SettingsValue $Value -TargetObjectId $Groupname.ObjectId
Write-Host "AddToGuest Successfully Blocked for"$Group.GroupName
}
else
{
$GroupTemp = Get-MsolSettingTemplate -TemplateId 08d542b9-071f-4e16-94b0-74abb372e3d9
$CreateSetting = $GroupTemp.CreateSettingsObject()
$NewGroupSetting = New-MsolSettings -SettingsObject $CreateSetting -TargetObjectId $Groupname.ObjectId
$GroupSettings = Get-MsolAllSettings -TargetObjectId $Groupname.ObjectId
$Value = $GroupSettings.GetSettingsValue()
$Value["AllowToAddGuests"] = "False"
Set-MsolSettings -SettingId $GroupSettings.ObjectId -SettingsValue $Value -TargetObjectId
$Groupname.ObjectId
Write-Host "AddToGuest Successfully Blocked for"$Group.GroupName
}
}
Sample CSV File
