Restrict guest access permissions in Azure Active Directory [Public Preview]
There are a new access level for Guest users in order to limit their permissions :
|Permission level||Access level|
|Same as member users||Guests have the same access to Azure AD resources as member users|
|Limited access (default)||Guests can see membership of all non-hidden groups|
|Restricted access (new)||Guests can’t see membership of any groups|
Guest users have restricted directory permissions. They can manage their own profile, change their own password and retrieve some information about other users, groups and apps, however, they cannot read all directory information.
For example, guest users cannot enumerate users, groups and other directory objects. Guests can be added to administrator roles, which grant them full read and write permissions contained in the role. Guests can also invite other guests.
- Sign in to the Azure AD admin center with Global administrator permissions.
- On the Azure Active Directory overview page for your organization, select User settings.
- Under External users, select Manage external collaboration settings.
- On the External collaboration settings page, select Guest user access is restricted to properties and memberships of their own directory objects option.
- Select Save. The changes can take up to 15 minutes to take effect for guest users.