SOLVED
Home

A standard AzureAD user have access to browse the admin portal

%3CLINGO-SUB%20id%3D%22lingo-sub-82727%22%20slang%3D%22en-US%22%3EA%20standard%20AzureAD%20user%20have%20access%20to%20browse%20the%20admin%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-82727%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFound%20this%20great%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fosddeployment.dk%2F2017%2F06%2F24%2Fa-standard-azuread-user-have-access-to-browse-the-admin-portal%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fosddeployment.dk%2F2017%2F06%2F24%2Fa-standard-azuread-user-have-access-to-browse-the-admin-portal%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%20to%20Per%20Larsen!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20suggestions%20for%20organizations%20which%20don't%20have%20Azure%20AD%20Premium%20license%20and%20cannot%20do%20conditional%20access%20policies%3F%3C%2FP%3E%3CP%3EI%20know%2C%20they%20need%20Azure%20AD%20Premium%20and%20they%20will%20buy%20it%20with%20EMS%20license%2C%20but%20this%20needs%20to%20be%20handled%20urgently.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20other%20workarounds%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBr%2C%20Joonas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-82727%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEMS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-354577%22%20slang%3D%22en-US%22%3ERe%3A%20A%20standard%20AzureAD%20user%20have%20access%20to%20browse%20the%20admin%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354577%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20this%20be%20scripted%2C%20turned%20on%20or%20off%20by%20using%20Powershell%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-83338%22%20slang%3D%22en-US%22%3ERe%3A%20A%20standard%20AzureAD%20user%20have%20access%20to%20browse%20the%20admin%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-83338%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20a%20setting%20to%20disable%20this%3A%20Azure%20AD%20blade%20-%26gt%3B%20User%20Settings%20-%26gt%3B%20Restrict%20access%20to%20Azure%20AD%20administration%20portal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-82771%22%20slang%3D%22en-US%22%3ERe%3A%20A%20standard%20AzureAD%20user%20have%20access%20to%20browse%20the%20admin%20portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-82771%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20one%20simple%20way%20would%20be%20to%20block%20the%20clients%20from%20accessing%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com*%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com*%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20I%20know%2C%20CA%20is%20a%20better%20option%20for%20preventing%20this...%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBR%3C%2FP%3E%3C%2FLINGO-BODY%3E
Joonas Pakkanen
Occasional Contributor

Hi All,

 

Found this great article: https://osddeployment.dk/2017/06/24/a-standard-azuread-user-have-access-to-browse-the-admin-portal/

 

Cheers to Per Larsen!

 

Do you have any suggestions for organizations which don't have Azure AD Premium license and cannot do conditional access policies?

I know, they need Azure AD Premium and they will buy it with EMS license, but this needs to be handled urgently.

 

Any other workarounds?

 

Br, Joonas

3 Replies

Well one simple way would be to block the clients from accessing https://portal.azure.com* 

 

But I know, CA is a better option for preventing this... ;)

 

BR

Solution

There is a setting to disable this: Azure AD blade -> User Settings -> Restrict access to Azure AD administration portal.

Hi, 

 

Can this be scripted, turned on or off by using Powershell?

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
11 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies