DISABLE EXTERNAL SHARING FOR A SPECIFIC TEAMS

If you use Microsoft Teams, then is external sharing one of the option you probably love. You can share a whole Team with your Co-workers like customers or partners.

But in some cases you would like to disallow external sharing for a specific Teams. Maybe to protect accidental sharing of sensitive information located in a specific channel – Data under NDA, Management, HR and so on. Of course you would use AIP/Senitivity labels to protect your data, but here we will block the Teams external sharing option.

The easiest way to achieve this, is using PowerShell. First of all you need to install the Microsoft Exchange Online PowerShell Modules. To do so, login to your Exchange Online Portal by browsing to https://outlook.office365.com/ecp/ Hybrid – and click configure to download the Application.

Install the application and launch Microsoft Exchange Online PowerShell Module from your Windows Start Menu. Follow the next view steps to block external sharing in your Teams:

STEP 1: CONNECT EXCHANGE ONLINE

Use Exchange Online Modules
Set a Groups/Teams to 'AllowToAddGuests' == $False
Connect-EXOPSSession -UserPrincipalName 

STEP 2: GET TEAMS GUID

Get-UnifiedGroup
#If you have many Teams, you can select the Teams by name
Get-UnifiedGroup | select "<name of your Teams>"

STEP 3: WRITE TO VARIABLE
Write the ExternalDirectoryObjectId property to an variable.

$group = Get-UnifiedGroup -Identity "<GUID of your Teams>" | select "external" -ExpandProperty ExternalDirectoryObjectId

STEP 4: ADD THE AZURE AD TEMPLATE TO VARIABLE
The Get-AzureADDirectorySettingTemplate cmdlet gets a directory setting template from Azure Active Directory (AD). We need the group.unified.guest for our goal and adding the settings also to variables.

$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False 

STEP 5: FIRE THE COMMAND
Now we need to fire the command against our Teams.

New-AzureADObjectSetting -TargetType Groups -TargetObjectId $group -DirectorySetting $settingsCopy

RESULT: NO EXTERNAL SHARING POSSIBLE
Within the specific Teams, you wont be able anymore to add guest accounts (even if they are already enrolled in your AzureAD) or share with people outside of your organization. In the picture bellow, I tried to add an external account to the Teams:

Maybe this helps. Let me know if you have any suggestions on this!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s