"AllowToAddGuests = False" doesn't work

Nikita Krivets 401 Reputation points


I have a tenant wide "Group.Unified" setting with template 62375ab9-6b52-47ed-826b-58e47e0e304b.

Here are a few parameters of the setting:

        "name": "AllowGuestsToBeGroupOwner",
        "value": "False"
        "name": "AllowGuestsToAccessGroups",
        "value": "True"
        "name": "AllowToAddGuests",
        "value": "False"

I have been waiting for 24 hours for it to be propagated. So, I believe solution to wait for some time doesn't suit me.
I suppose that "AllowToAddGuests = False" means that I won't be able to add any users with userType "Guest" to my office365 group. Unfortunately, it hasn't worked at all, but "AllowGuestsToBeGroupOwner = False" works just fine.

I have tried setting AllowToAddGuests to True and then I have set AllowToAddGuests to False in my Group.Unified.Guest settings for a specific office 365 group. Still, no success.

Tell me please what I am doing wrong. Should this AllowToAddGuests setting work?

Thanks in advance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,466 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 22,041 Reputation points Microsoft Employee

    Is there something overriding the setting?

    This setting may be overridden and become read-only if EnableMIPLabels is set to True and a guest policy is associated with the sensitivity label assigned to the group. If the AllowToAddGuests setting is set to False at the tenant level, any AllowToAddGuests setting at the group level is ignored. If you want to enable guest access for only a few groups, you must set AllowToAddGuests to be true at the tenant level, and then selectively disable it for specific groups.