- last edited on
For security reasons I've disabled the default permission to read user profiles in azure active directory by
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false
How can I return this permission only to a specific user or group?
04-10-2019 12:04 PM
So, if I set the default permission back to
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $true
How can I prevent normal users from reading other user profiles in the Azure AD?
04-11-2019 12:28 AM
You cannot, those properties are "public" and you can also see them from the GAL in Outlook/OWA, Delve, etc. There are some settings like the above mentioned or the equivalent for the Azure portal, but those only apply to the corresponding endpoints.