Limit public M365 groups to security group

Occasional Contributor

Hi Experts, 

the following requirements are creating some headaches for us: 


We want to create several M365 groups which should be easy to discover for the majority of our users so they can join without any approvals. However, we still would like to shield them from certain user groups, which we can identify by a security group for instance. These users should not be able to discover the groups nor access their content. 


I was certain that we could achieve this using sensitivity labels of the group entity, but labels don't provide the functionality to hide the group or restrict the access. 

Is there another solution that we could apply while keeping the groups itself public? Or should we rather focus on going with private groups and try to automate the approval of any access request based on the security groups? 


I can't imagine that we are the only ones with that issue so any guidance would certainly help other as well. 




1 Reply

There's no way to achieve this, afaik. Closest you can get is Address Book Policies/Information Barrier Policies, but they have tons of other implications.