"AllowToAddGuests = False" doesn't work

Nikita Krivets 486 Reputation points
2020-04-02T08:16:45.493+00:00

Hello,

I have a tenant wide "Group.Unified" setting with template 62375ab9-6b52-47ed-826b-58e47e0e304b.

Here are a few parameters of the setting:

    {
        "name": "AllowGuestsToBeGroupOwner",
        "value": "False"
    },
    {
        "name": "AllowGuestsToAccessGroups",
        "value": "True"
    },
    {
        "name": "AllowToAddGuests",
        "value": "False"
    } 

I have been waiting for 24 hours for it to be propagated. So, I believe solution to wait for some time doesn't suit me.
I suppose that "AllowToAddGuests = False" means that I won't be able to add any users with userType "Guest" to my office365 group. Unfortunately, it hasn't worked at all, but "AllowGuestsToBeGroupOwner = False" works just fine.

I have tried setting AllowToAddGuests to True and then I have set AllowToAddGuests to False in my Group.Unified.Guest settings for a specific office 365 group. Still, no success.

Tell me please what I am doing wrong. Should this AllowToAddGuests setting work?

Thanks in advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,360 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,151 Reputation points Microsoft Employee
    2020-04-07T21:51:28.94+00:00

    Is there something overriding the setting?

    This setting may be overridden and become read-only if EnableMIPLabels is set to True and a guest policy is associated with the sensitivity label assigned to the group. If the AllowToAddGuests setting is set to False at the tenant level, any AllowToAddGuests setting at the group level is ignored. If you want to enable guest access for only a few groups, you must set AllowToAddGuests to be true at the tenant level, and then selectively disable it for specific groups.

    https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-cmdlets