Friday, August 11, 2017

Office 365 – You can now manage domain guest access for Groups

Guest Domain Access for O365


An update is being rolled out to let you manage allowed/blocked domains for guest access to Office 365 Groups.
After allowing guest access to Groups, Microsoft now helps securing this access by allowing administrators to define a list of allowed/blocked domains.
This feature is not available (yet?) using the Office 365 administration portal but with PowerShell.
This functionality is using Azure AD policy feature

Important Points

  • When using this functionality, you can not define both options. This means any domains not listed as allowed, will then be blocked and vice versa
  • Only one policy per tenant
  • This is a different list than the one used for SharePoint Online sharing; you will be able to import the existing SPO list but after you will have to manage it separately
  • This does not apply to guests already members of an Office 365 Groups; only new guest will have the policy applied

How to use

Install the prerequisites

The PowerShell command to set the domain allow/block list for Office 365 Groups guest access is using the preview modules of Azure Active Directory PowerShell modules.
  • You must use Azure AD PowerShell Preview – at least version 2.0.0.98 – you can get Azure AD PowerShell Preview using the following procedure
    • Run a PowerShell command prompt using the runadadministrator and check the installed Azure AD PS module installed with the command Get-Module -ListAvailable AzureAD*
image
  • If you get a version different than 2.0.0.98 (or later), you need to uninstall your current version with the command Uninstall-Module AzureAD
image
  • If you have no result or after uninstalling the previous version run the command Install-Module AzureADPreview to install the required preview module; you may be prompted to trust the repository to download the module
image

Configure the domains list

Once you have the required module installed, you can use the script available https://technet.microsoft.com/library/a86bb46f-0e5b-43a3-b6ef-7394f344a8da#bkmk_script to manage the domains list.
Once you have saved the script you can then use it to add/update/remove/import the domains list
  • Create the allow/block domain list Set-GuestAllowBlockDomainPolicy.ps1 -Update –AllowList / –BlockList @("domain1.com", "domain2.com") – this command can be used to overwrite an existing list
  • Import the existing list from SharePoint Online Set-GuestAllowBlockDomainPolicy.ps1 –MigrateFromSharepoint: don’t forget after this import you will have to manage it separately
  • Add a domain to the existing list Set-GuestAllowBlockDomainPolicy.ps1 -Append -AllowList / –BlockList @("domain3.com")
  • Or finally remove the policy with Set-GuestAllowBlockDomainPolicy.ps1 –Remove
Unfortunately there is not (yet?) a way to get the existing list or remove one domain; if you want to remove one domain you need to overwrite the list with the domain(s) you want to remove not included
Reference: Benoit Hamet 

5 comments:

  1. Hyperkin Releases New Virtual Reality Gaming Micro Touch Titanium
    Hyperkin released thinkpad x1 titanium a new and exciting addition ceramic or titanium flat iron to titanium bolts its gaming line of products that are the Hyperkin Hyperkin Gaming micro touch trimmer headsets. titanium aura quartz

    ReplyDelete
  2. Players can continue to position bets because the ball spins across the wheel until the supplier proclaims "no more bets" or "rien ne va plus". Many UK on-line casinos supply free bonus spins for slot games. A site’s welcome bonus might embody bonus spins, and it could also supply free spins by way of different promotions. Some websites allow gamers to use bonus spins solely on eligible games, however others allow them to use their free spins on all on-line slots of their libraries. Although all the laws of likelihood are in the casino’s favor, the house edge varies significantly among the many 영앤리치 토토 completely different on line casino games.

    ReplyDelete
  3. So, on-line casinos are doing every thing they will to offer the players with what they need. This doesn’t imply you won’t discover conventional banking methods within the casino anymore. The on-line casino industry is getting so competitive that it only takes gaming software program from the best recreation builders. For instance, all top-tier mobile on-line casinos have apps powered by NetEnt, Microgaming, Novomatic, Evolution Gaming, and different top names within the industry. This eliminates want to|the necessity to} obtain any recreation outcome of|as a result of} these are already current within the cloud for players to access. You can start enjoying 메리트카지노 in} your favourite on-line casino video games within quantity of} clicks.

    ReplyDelete