Found this great article: https://osddeployment.dk/2017/06/24/a-standard-azuread-user-have-access-to-browse-the-admin-portal/
Cheers to Per Larsen!
Do you have any suggestions for organizations which don't have Azure AD Premium license and cannot do conditional access policies?
I know, they need Azure AD Premium and they will buy it with EMS license, but this needs to be handled urgently.
Any other workarounds?
View best response
Well one simple way would be to block the clients from accessing https://portal.azure.com*
But I know, CA is a better option for preventing this... ;)
There is a setting to disable this: Azure AD blade -> User Settings -> Restrict access to Azure AD administration portal.
Can this be scripted, turned on or off by using Powershell?