I have an Azure Website built on Angular5 protected by Azure AD for authentication. The API layer is developed as Azure function app, also authenticated by Azure AD. Now , I want this website to be available to all users in my organisation and not allow any guest users registered in the tenant to access the web site & API. What are my options here?
Currently the app & API can be accessed by even the guest accounts.
An unwanted feature might help you with this.. We put all user in a group for to be able to use our app and do check if the user is in that group in our Tennant and uses Graph for checking group membership. Graph, as it seams, do not check the group membership for a guest in our Tennant, as all guests group membership queries tend to go to the guest own home Tennant for this info. We would like to get the group membership in our Tennant for the guest but this is not working, even if we tell the app to only query our Tennant with our specific Tennant ID. ie our app only lets our own users use the app..