Thursday, 15 June 2017

Hide Office 365 Group from GAL using Powershell

Hiding Office 365 Group from Global Address List (GAL) is one of the tedious job as there is no Admin UI to hide group mail from GAL. When you create an office 365 group it will not be hidden from GAL by default either it is public or private group. Currently Office 365 team accepted the user voice request to hide private groups from GAL by default. But for now, Powershell is the only option for Administrators to hide and show the groups from the GAL.

We can use the Exchange Online Powershell cmdlet Set-UnifiedGroup to hide group mail address from GAL. Before proceed, Connect Exchange Online Powershell module and use the following command.
Set-UnifiedGroup <group> -HiddenFromAddressListsEnabled $true
Actually we are setting the attribute HiddenFromAddressListsEnabled as true to hide group mail id from global address list. You can use the following command if you want set this property for all of your Office 365 Groups.
Get-UnifiedGroup | Set-UnifiedGroup -HiddenFromAddressListsEnabled $true
Normally you might want to hide only private groups. You can use below command to hide all the private groups from GAL:
Get-UnifiedGroup | Where-Object {$_.AccessType -eq 'Private'} | Set-UnifiedGroup -HiddenFromAddressListsEnabled $true
We can also list the groups that are disabled from address book using below powershell command:
Get-UnifiedGroup | Where-Object {$_.HiddenFromAddressListsEnabled -eq $true} | Select Alias,HiddenFromAddressListsEnabled
Hiding a Group from the GAL will only removes the availability of group in address list from external users, but it does not prevent other users to send email to the Group if they already know the address. If you want to restrict other users (other than group members) from sending message to the group, you need to set one more property - AcceptMessagesOnlyFromSendersOrMembers.
Set-UnifiedGroup <group> -AcceptMessagesOnlyFromSendersOrMembers <group>
If you want a group to accept messages from more than one group (multiple groups), you can give the group names as comma separated values in the above command.
Set-UnifiedGroup <group> -AcceptMessagesOnlyFromSendersOrMembers <group>,<group2>


No comments:

Post a Comment