External collaboration settings in External Identities of AAD

K Roja 51 Reputation points
2022-09-21T13:09:10.553+00:00

Hello Team,

we need to update the property of guest user access restriction, guest invite restriction and enable guest self-service sign up via user flow. We need to update these properties using powershell or rest api. For generating token, we are using service account and it's mandatory.

PFB the screenshot attached for the same-
243429-image.png

243400-image.png

So, do we have any powershell commands or rest api to update the above properties?

FYI,
we have done some analysis and below are the links for the same. But while trying those commands we are unable to change the settings.

https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/users-restrict-guest-permissions
https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/powershell/module/msonline/set-msolcompanysettings?view=azureadps-1.0

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 96,436 Reputation points MVP
    2022-09-21T14:19:54.913+00:00

    Yes, you can update those settings via the /policies/authorizationPolicy endpoint: https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-beta&tabs=http
    guestUserRoleId controls the first setting, allowInvitesFrom the second one. Keep in mind that you need to use the /beta endpoint to update the settings!

    243494-image.png

    Copy/paste the example here: https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-beta&tabs=http#example-1-update-or-set-guest-user-access-level-for-the-tenant