Forum Discussion

Toby Statham's avatar
Toby Statham
Brass Contributor
May 16, 2019

Hide Groups from a Guest User

How can I hide the list of Office 365 Groups in my tenant.   When a guest account is added through Azure AD and the invite email is sent, they follow the instructions to login into the Guest tenant...
office 365
Office 365 Groups
Dirk-Nom's avatar
Dirk-Nom
Copper Contributor
Sep 25, 2023

From my perspective, your approach should be the standard and not the other way around.
I come across this article many years later and still: Group membership enumeration is possible and causes risks for organisations. It's easy to identify C-Level or Admin accounts by just poking around in a default setup.

I found some settings via Powershell to hide group memberships, but would assume that many customers share their memberships without knowing it. The description left the taste that I would assume something "super secretive", but it a general measure which is nothing special.

 

The term "non-hidden groups" causes confusion to me, since it leaves the feeling that an admin would have to "unhide" memberships and causes a wrong sense of security.

 

Edit: Ah and of course: There is a more restrictive option now, but it isn't default. Which leads back to poking around in default setups. 

Resources