SOLVED

Devices in Azure AD visible to all users

%3CLINGO-SUB%20id%3D%22lingo-sub-129033%22%20slang%3D%22en-US%22%3EDevices%20in%20Azure%20AD%20visible%20to%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-129033%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20were%20a%20bit%20surprised%20to%20find%20out%20that%20a%20regular%20user%20can%20see%20the%26nbsp%3Blist%20of%20all%20devices%20using%20portal.azure.com%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%20can%20see%20the%20name%20and%20owner%20of%20the%20device%2C%20the%20OS%20version%2C%20when%20it%20was%20activated.%20Most%20actions%20are%20greyed%20out%2C%20but%20Disable%20and%20Remove%20aren't%20greyed%20out.%20We%26nbsp%3Btried%20the%20actions%20on%20one%20device%20and%20luckily%20it%20resulted%20in%20an%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20everyone%20ok%20with%20this%20info%20being%20available%20to%20all%20users%2C%20or%20is%20it%20possible%20to%20hide%20this%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Untitled-4.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F24365i073B43A418CD0370%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Untitled-4.png%22%20alt%3D%22Untitled-4.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-129033%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-129350%22%20slang%3D%22en-US%22%3ERe%3A%20Devices%20in%20Azure%20AD%20visible%20to%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-129350%22%20slang%3D%22en-US%22%3EHave%20you%20checked%20out%20the%20option%20to%20restrict%20access%20to%20the%20portal%20for%20non-admin%20users%3F%20In%20Azure%20AD%20User%20Settings%20you%20will%20find%20the%20setting%20for%20%E2%80%9CRestrict%20access%20to%20the%20Azure%20AD%20administration%20portal%E2%80%9D.%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

We were a bit surprised to find out that a regular user can see the list of all devices using portal.azure.com 

 

They can see the name and owner of the device, the OS version, when it was activated. Most actions are greyed out, but Disable and Remove aren't greyed out. We tried the actions on one device and luckily it resulted in an error.

 

Is everyone ok with this info being available to all users, or is it possible to hide this?

Untitled-4.png

 

 

1 Reply
Highlighted
Solution
Have you checked out the option to restrict access to the portal for non-admin users? In Azure AD User Settings you will find the setting for “Restrict access to the Azure AD administration portal”.