Forum Discussion

MikeHaleLH's avatar
MikeHaleLH
Copper Contributor
May 03, 2023

Hide Users from Teams Directory

We have a request from our corporate leadership to hide non-primary AD accounts from Teams search.

 

Many of us in the IT team have multiple accounts (i.e. privileged access to certain platforms, developer accounts).  The request is to have the ability to hide non-primary accounts from the directory/search.  These accounts don't have email licenses, never log into Teams, etc.  There used to be a "Hide from GAL" option in Exchange.  Looking for something similar for AAD/M365

  • CMedley67's avatar
    CMedley67
    Brass Contributor

    MikeHaleLH We desperately need this as well. We have multiple Teams/Non-User accounts listed in the Teams directory that need to be hidden. We also would like to be able to hide all contacts in the "Calling" section that are not assigned a phone number, if that's an option (to be able to manage the "Calling" contact list separately from the "Chat" contact list.

     

    • bobchapa's avatar
      bobchapa
      Copper Contributor

      CMedley67 We have the same issue in our organization.... Two different companies (domain names) with a handful of Senior Managers having an email from both domains.... so they show up twice in Microsoft Teams and other Directories.

      The problem really lies in Teams for us... as the auto-fill of the search bar only shows the name and not the domain associated so nobody can reliably tell which account to use for Chats.

  • PvKoppen's avatar
    PvKoppen
    Copper Contributor
    Our requirements is the same as the first request:
    1. Our privileged account don't have licenses for Teams but they show up in the Teams addressbook
    2. the accounts do not show up on the Exchange GAL
    3. The naming conventions makes it clear to those that know which account is which
    4. Our regular users don't care/understand the naming convention and just pick the first one that shows up
    5. Because of the lack of license the account shouldn't show up
    6. An Exclude from GAL flag will work, even if this is a PowerShell only feature, the set of privileged users is small (2-5% or workforce)

    Thanks for considering this feature
  • gireeshda's avatar
    gireeshda
    Copper Contributor

    This the Microsoft documentation on 'Limit who users can see when searching the directory in Teams'
    https://learn.microsoft.com/en-us/microsoftteams/teams-scoped-directory-search

     

    To achieve the objective of hiding users (guests or unlicensed users of MS Office 365), two steps need to be performed

     

    1.  Set "ShowInAddressList" property of user in Azure Entra/AAD.  Unfortunately, I do not see option to perform this in Entra Portal.  Only PowerShell scripts is possible, as follows.

     

            Set-AzureADUser -ObjectId "email address removed for privacy reasons" -ShowInAddressList $false

     

    2.  Change MS Teams setting by following the link below.

            https://learn.microsoft.com/en-us/microsoftteams/teams-scoped-directory-search

     

           To turn on search by name, on MS Teams

    1. In the Microsoft Teams admin center, select Teams > Teams settings.   Note:  In case Teams Admin Centre page not loading, open in Incognito mode

    2. Under Search by name, next to Scope directory search using an Exchange address book policy, turn the toggle On.

    When Scope directory search using an Exchange address book policy is turned on, all accounts that are marked as hidden in Exchange won't show up in Teams searches.

     

    Note (as per above MS Teams documentation):

     

    It may take a few hours for this change to take effect.

    Turning on search by name hides the Search teams box and public teams listing in Join or create a team in Teams. It will also disable joining a team by typing /join in the command box at the top of Teams.

     

     

    • dmwadmin's avatar
      dmwadmin
      Copper Contributor
      Yes. We found that we have to hide the mail-enabled "admin accounts" from both exchange address list in order for them to be hidden Teams too.

      The problem is that we also have non-mail-enabled "admin accounts". We end up having to set the msExchHideFromAddressLists to $true on the AD account that is synchronized to Azure/Entra in order for it to be hidden from Teams too.

      It would be nice to exclude non-mail-enabled accounts from Teams by default.

    • jongraham's avatar
      jongraham
      Copper Contributor
      We have a mailbox for users to email our help desk, but we don't use it in Teams. I need to keep it visible in Exchange/Outlook/GAL for email, but hide it from Teams. The procedure above doesn't seem to allow this, or am I not understanding correctly?
      • peter-supply's avatar
        peter-supply
        Brass Contributor
        We sync users from local AD. We have the msExchHideFromAddressLists set to "TRUE." We have the "Scope directory search using an Exchange Address book policy" toggled to "on." But the user accounts with no license and "hidden" from the GAL still show in Teams. Thoughts?
    • cslack13's avatar
      cslack13
      Copper Contributor

      gireeshda 

      Did this work for you? When I made these changes, it hid all the resource accounts from search in Teams, not just the ones I hid from address list. I had to revert back as the call center could not forward calls because no queues showed up. 

  • dmwadmin's avatar
    dmwadmin
    Copper Contributor

    We don't license the "privileged" accounts for teams. So those accounts do not appear in chat .. but they do appear if you are adding a team member. That seems to work for us ok since the naming convention clearly shows which is a regular vs 'privileged' account.

  • equirino's avatar
    equirino
    Copper Contributor
    Following. We have the same issue. When someone is setting up a Teams meeting, I don't want them to see the original (onmicrosoft) accounts as an option.

Resources