Forum Discussion
indima
Apr 10, 2019Copper Contributor
Defining Azure Active Directory User Permissions
Hi!
For security reasons I've disabled the default permission to read user profiles in azure active directory by
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false
How can I return this permission only to a specific user or group?
You cannot, it's all or nothing.
- indimaCopper Contributor
So, if I set the default permission back to
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $true
How can I prevent normal users from reading other user profiles in the Azure AD?
You cannot, those properties are "public" and you can also see them from the GAL in Outlook/OWA, Delve, etc. There are some settings like the above mentioned or the equivalent for the Azure portal, but those only apply to the corresponding endpoints.
- Scruffe1Copper ContributorI realize this is an old discussion, but I have found that a. Security is reporting this as a pen test finding and it should be disabled for security reasons, but, 2. if you disable this setting is will break user listing in apps like Planner. So what can we do? We are looking into options, but so far have found none. Pernille-Eskebo should be listening...