Forum Discussion
Hide Users from Teams Directory
We have a request from our corporate leadership to hide non-primary AD accounts from Teams search.
Many of us in the IT team have multiple accounts (i.e. privileged access to certain platforms, developer accounts). The request is to have the ability to hide non-primary accounts from the directory/search. These accounts don't have email licenses, never log into Teams, etc. There used to be a "Hide from GAL" option in Exchange. Looking for something similar for AAD/M365
- CMedley67Brass Contributor
MikeHaleLH We desperately need this as well. We have multiple Teams/Non-User accounts listed in the Teams directory that need to be hidden. We also would like to be able to hide all contacts in the "Calling" section that are not assigned a phone number, if that's an option (to be able to manage the "Calling" contact list separately from the "Chat" contact list.
- bobchapaCopper Contributor
CMedley67 We have the same issue in our organization.... Two different companies (domain names) with a handful of Senior Managers having an email from both domains.... so they show up twice in Microsoft Teams and other Directories.
The problem really lies in Teams for us... as the auto-fill of the search bar only shows the name and not the domain associated so nobody can reliably tell which account to use for Chats.
- PvKoppenCopper ContributorOur requirements is the same as the first request:
1. Our privileged account don't have licenses for Teams but they show up in the Teams addressbook
2. the accounts do not show up on the Exchange GAL
3. The naming conventions makes it clear to those that know which account is which
4. Our regular users don't care/understand the naming convention and just pick the first one that shows up
5. Because of the lack of license the account shouldn't show up
6. An Exclude from GAL flag will work, even if this is a PowerShell only feature, the set of privileged users is small (2-5% or workforce)
Thanks for considering this feature - gireeshdaCopper Contributor
This the Microsoft documentation on 'Limit who users can see when searching the directory in Teams'
https://learn.microsoft.com/en-us/microsoftteams/teams-scoped-directory-searchTo achieve the objective of hiding users (guests or unlicensed users of MS Office 365), two steps need to be performed
1. Set "ShowInAddressList" property of user in Azure Entra/AAD. Unfortunately, I do not see option to perform this in Entra Portal. Only PowerShell scripts is possible, as follows.
Set-AzureADUser -ObjectId "email address removed for privacy reasons" -ShowInAddressList $false
2. Change MS Teams setting by following the link below.
https://learn.microsoft.com/en-us/microsoftteams/teams-scoped-directory-search
To turn on search by name, on MS Teams
In the Microsoft Teams admin center, select Teams > Teams settings. Note: In case Teams Admin Centre page not loading, open in Incognito mode
Under Search by name, next to Scope directory search using an Exchange address book policy, turn the toggle On.
When Scope directory search using an Exchange address book policy is turned on, all accounts that are marked as hidden in Exchange won't show up in Teams searches.
Note (as per above MS Teams documentation):
It may take a few hours for this change to take effect.
Turning on search by name hides the Search teams box and public teams listing in Join or create a team in Teams. It will also disable joining a team by typing /join in the command box at the top of Teams.
- dmwadminCopper ContributorYes. We found that we have to hide the mail-enabled "admin accounts" from both exchange address list in order for them to be hidden Teams too.
The problem is that we also have non-mail-enabled "admin accounts". We end up having to set the msExchHideFromAddressLists to $true on the AD account that is synchronized to Azure/Entra in order for it to be hidden from Teams too.
It would be nice to exclude non-mail-enabled accounts from Teams by default. - jongrahamCopper ContributorWe have a mailbox for users to email our help desk, but we don't use it in Teams. I need to keep it visible in Exchange/Outlook/GAL for email, but hide it from Teams. The procedure above doesn't seem to allow this, or am I not understanding correctly?
- peter-supplyBrass ContributorWe sync users from local AD. We have the msExchHideFromAddressLists set to "TRUE." We have the "Scope directory search using an Exchange Address book policy" toggled to "on." But the user accounts with no license and "hidden" from the GAL still show in Teams. Thoughts?
- cslack13Copper Contributor
Did this work for you? When I made these changes, it hid all the resource accounts from search in Teams, not just the ones I hid from address list. I had to revert back as the call center could not forward calls because no queues showed up.
- dmwadminCopper Contributor
We don't license the "privileged" accounts for teams. So those accounts do not appear in chat .. but they do appear if you are adding a team member. That seems to work for us ok since the naming convention clearly shows which is a regular vs 'privileged' account.
So can clarify your IAM under AAD manage?
- VladilenBrass ContributorTry set “ShowInAddressList” Azure AD User object property to false.
Here is my research on this: https://vladilen.com/sharepoint/hide-non-personal-account-from-microsoft-365-search/ - Russell_R_RikerCopper Contributor
- equirinoCopper ContributorFollowing. We have the same issue. When someone is setting up a Teams meeting, I don't want them to see the original (onmicrosoft) accounts as an option.
- duboisdylanCopper ContributorI have the same problem with my company.