Limit guest invitation functionality to specified users
If we currently want to be able to allow guest invitations for Teams we need to configure Azure AD as follows:
Members can invite: Yes
With that setting all tenant users are eligible to invite guests to the tenant. So how can we achieve to limit the guest invitation functionality to certain users?
We previously had configured the following:
Members can invite must be set to: No
Admins and users in the guest inviter role can invite: Yes
This resulted in being unable to add any guests to Teams even if the user was holding the guest inviter role. Inviting guests to Office 365 groups however was possible.
Sean Ellis commented
The team/channel settings must allow the team admins to set the permissions for each user or user group in the team.
This must, as always, be settable globally, per-team and per-user. (Everyone gets read rights by default, the "contributors" group gets posting rights in team "Alpha", except Gary who just posts puns all the time.)