Restrict guest access permissions in Azure Active Directory [Public Preview]

News Informatique

Restrict guest access permissions in Azure Active Directory [Public Preview]

There are a new access level for Guest users in order to limit their permissions :

Permission levelAccess level
Same as member usersGuests have the same access to Azure AD resources as member users
Limited access (default)Guests can see membership of all non-hidden groups
Restricted access (new)Guests can’t see membership of any groups

Guest users have restricted directory permissions. They can manage their own profile, change their own password and retrieve some information about other users, groups and apps, however, they cannot read all directory information.

For example, guest users cannot enumerate users, groups and other directory objects. Guests can be added to administrator roles, which grant them full read and write permissions contained in the role. Guests can also invite other guests.


  • Sign in to the Azure AD admin center with Global administrator permissions.
  • On the Azure Active Directory overview page for your organization, select User settings.
  • Under External users, select Manage external collaboration settings.
  • On the External collaboration settings page, select Guest user access is restricted to properties and memberships of their own directory objects option. Azure AD external collaboration settings page
  • Select Save. The changes can take up to 15 minutes to take effect for guest users.


No Comments

Add your comment