Guest Access Series: Inviting a Specific Domain into a Specific Team — Allow Domain List for ShareP, er, Teams?

Advanced settings for external sharing for a selected site

No, the above isn’t some hidden area that exposes the ability to set up an allowed domain list in Teams. The above image is from the SharePoint Admin Center, when you select a site and bring up its Sharing settings. The same w/the image below that allows us to modify those domains that are allowed.

Add domains interface for a selected site

The question is: how can we get this type of functionality/capability into Teams? Well, much like our earlier provisioning solution, enter the Power Platform, and in this instance, some additional Azure bits.

The next question is: Why am I even doing this? Well, as stated before, Microsoft Teams doesn’t have (yet) its own mechanism to manage specific domains that are allowed, but SharePoint sites do. Since every Team gets a SharePoint site behind it, we’ll just leverage that mechanism in our solution.

Get My Allowed Domain List!

If we accept that we already have the information we need in the SharePoint site that’s behind a Team, how can we leverage that same information to help us in our use case? Well, there’s a couple parts to that. The first part is being able to get the info. Enter a PowerShell runbook. We’ll use this as one of the pieces to get us this information. Below is the example PowerShell that’s used in this process.

param(
  [parameter(Mandatory=$true)]
  [string]$siteUrl = "https://{tenant}.sharepoint.com/sites/team1"
)
# Credentials
$myCred = Get-AutomationPSCredential -Name "{Your Automation Credential Name}" 
# Parameters
[uri]$siteUri = $siteUrl
$siteHost = $siteUri.Host
$domain = $siteHost.Substring(0, $siteHost.IndexOf("."))
$adminSiteUrl = "https://$($domain)-admin.sharepoint.com"
# Connect to SharePoint Online
Connect-SPOService -Url $adminSiteUrl -Credential $myCred 
# Get the Site Collection
$site = Get-SPOSite -Identity $siteUrl 
# get site Allow List
$domainsAllowedList = $site.SharingAllowedDomainList
# output list
Write-Output ($domainsAllowedList)

The above code exemplifies how we could get the information we’re looking for. In this specific example I’m getting a AutomationPSCredential, but the article I linked to above uses Managed Identities. The net-net here is find a method that works for you, and then just use PowerShell to query the underlying list of domains allowed. Once you get this information, it gets written as output.

Written as Output to…?

Ok, so, where’s the output go? And more importantly, how do we kick that off? Well, enter our Power Automate Flow. Specifically, one that uses the Azure Automation connector to call the above. Let’s turn the page.