External collaboration settings in External Identities of AAD

K Roja 51 Reputation points

Hello Team,

we need to update the property of guest user access restriction, guest invite restriction and enable guest self-service sign up via user flow. We need to update these properties using powershell or rest api. For generating token, we are using service account and it's mandatory.

PFB the screenshot attached for the same-


So, do we have any powershell commands or rest api to update the above properties?

we have done some analysis and below are the links for the same. But while trying those commands we are unable to change the settings.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 96,436 Reputation points MVP

    Yes, you can update those settings via the /policies/authorizationPolicy endpoint: https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-beta&tabs=http
    guestUserRoleId controls the first setting, allowInvitesFrom the second one. Keep in mind that you need to use the /beta endpoint to update the settings!


    Copy/paste the example here: https://learn.microsoft.com/en-us/graph/api/authorizationpolicy-update?view=graph-rest-beta&tabs=http#example-1-update-or-set-guest-user-access-level-for-the-tenant