Managing Exceptions to Enforced Team Policies

Managing Exceptions to Enforced Team Policies


This article provides a solution to the query raised by a user regarding the possibility of making exceptions to enforced policies for Teams, particularly concerning guest access which has been restricted by default as per department templates.

Issue Description

The user, Dario Nujic, inquired whether there was a method to exclude or modify an enforced policy for a specific Team that, by default, does not allow guest access due to departmental templates set within the organization.

Resolution Steps

PowerShell Script for Guest Access

  • Solutions2Share Support provided a PowerShell script solution to enable guest access for a team that has been disabled due to enforced policies.
  • The script involves installing the AzureADPreview module and updating settings for the specific group via Azure Active Directory (AzureAD).

Step-by-Step Script Execution

  1. Install the AzureADPreview module using the PowerShell command Install-Module AzureADPreview.
  2. Remove the general availability version of the AzureAD module if installed.
  3. Run the provided PowerShell script, ensuring to replace "<GroupName>" with the actual name of the group.
  4. Validate the execution of the script using the verification script provided.

Script Details

The script provided performs the following actions:

  • Connects to AzureAD.
  • Retrieves the template for the group unified directory setting.
  • Creates a modified copy of the setting to allow guest access.
  • Applies the updated setting to the specified group using its object ID.

Script Example

The main PowerShell script example is as follows:

$GroupName = "<GroupName>"
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$groupID= (Get-AzureADGroup -SearchString $GroupName).ObjectId
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy

Verification Script Example

To verify the success of the script's execution:

Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values

Additional Information

The Solutions2Share blog contains further details on blocking guest access for specific Teams in Microsoft Teams.


Adjusting policies for Teams requires executing specific PowerShell scripts as provided by the Solutions2Share Support Team. For any issues during the process or additional questions, users are encouraged to reach out to the support team.


Users in need of assistance or experiencing similar issues should contact Solutions2Share Support. We are committed to offering guidance and support to navigate through policy adjustments and customizations.

Remember to provide feedback on the effectiveness of the solution. Your cooperation is crucial for us to improve service quality and performance.

    • Related Articles

    • Managing Archive Reminder Mails in Teams Manager

      Introduction In Teams Manager, administrators may encounter requests to modify the archival reminder process, specifically regarding the frequency and content of reminder emails. This issue involves tailoring the reminder emails to better suit ...
    • Managing SharePoint URL and Mailnickname Naming Conventions in Teams Manager

      Introduction Understanding and managing the naming convention behavior for SharePoint URLs and Mailnicknames is essential when setting up teams in Teams Manager. This article addresses concerns regarding changes in behavior that may impact existing ...
    • Inviting External Users to a Team with Guest Access Disabled

      Introduction This article explains how to invite guests to a Microsoft Teams team that has guest access disabled, using the External User Manager (EUM). Problem Statement In instances where a team within Microsoft Teams has the guest access option ...
    • Delay in Teams Manager Approver Removal After Team Approval

      Introduction In Teams Manager, there has been a recurring issue where, after a team's approval, the approver is not promptly removed from the team members list. This delay can lead to confusion and administrative challenges, impacting the overall ...
    • Disabling the Default 'Create a Team' Button in Teams Manager

      Introduction This article provides a solution for IT administrators who need to disable the default 'Create a Team' button in Teams Manager. This functionality is particularly useful in environments where team creation needs to be controlled or ...