Forum Discussion
Hide Groups from a Guest User
Understand that's the way it works, doesn't necessarily mean it the right way.
I would have thought that when a guest user is added to a tenant it should be given the least permissive permissions by default and then further permissions can be added if needed dependent on the role of the Guest User.
Is there a setting or policy that can be applied to remove browse permissions on groups you are not a member of? So for example if I had a Security Group setup that has dynamic membership for all Guest Users that say that members of this group can not browse Office 365 Groups (or any other groups)
adam deltinger not sure if I understand you correctly.
As it stands currently, by default (i.e. no changes have been made to Azure AD permissions) a Guest User can see all the Office 365 Groups in a tenant they have been invited to, nothing has to be changed to enable this.
To me this isn't least permissive, a guest user should only be able to see the groups they are a member of.
Either way, can I change this in anyway to a guest user can only see the groups they are a member of.
- Afaik no! VasilMichev ?
You should be able to control this via the Azure AD blade -> User Settings -> External collaboration settings -> Guest users permissions are limited. Here's the description of the setting:
Yes means that guests do not have permission for certain directory tasks, such as enumerate users, groups, or other directory resources.
No means that guests have the same access to directory data that regular users have in your directory.Should be being the keyword..
