Hidden membership groups - should members be hidden from eachother, too?

Eric Zenz At the University of Washington, our central Groups Service supports membership privacy, where if enabled, you can specify which identities can view the membership. This design approach goes well beyond what you've asked. We can support this design in Active Directory, but not in Azure AD, due to the lack of attribute based access control features. I've personally been asking the Identity team for this type of support for over 5 years now, and if you talk to Vince, I'm sure he has me on his backlog list.

In terms of use cases where this type of functionality is used, there are many. The most common is course groups, where many nationalities have regulatory requirement to keep student records private, and of course, which courses you take is part of that student record. In the US, FERPA guidelines do recognize that others in a course can/will know by physical presence who else is in a course. Other common examples include all the employees who work in a physical building, where safety is often the driving factor for privacy (think disgruntled violence and locating a person). These scenarios also come with knowing who else is in your building. Within our medical center, there are other regulatory reasons for private membership, and those use cases should not expose membership to other members.

Brian Arkills