SOLVED

Guest user able to list group members

Occasional Contributor

Hi,

 

I'm currently trying out the Guest User, and noticed that guest user account using graph api are:

1. not able to list group using - https://graph.microsoft.com/v1.0/groups

2. able to list group members if given the GroupId using - https://graph.microsoft.com/v1.0/groups/{{GroupId}}/members

3. able to list group owners if given the GroupId using - https://graph.microsoft.com/v1.0/groups/{{GroupId}}/members

 

Note: the user isn't part of the group of the mentioned Group Id

Guest user access Settings : Guest users have limited access to properties and memberships of directory objects

 

Is there anything i can do to avoid [2] & [3] or the only option is to move to "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)"

 

4 Replies
best response confirmed by MosesLim (Occasional Contributor)
Solution

That's a known issue/expected behavior, the option you mentioned is the only way to address it.

OK,

I try on Powershell with "Most Restrictive" with get-azadgroupmember -groupDisplayName "All Users"

The guest user are able to list it. He isn't in the list. I'm able to list any group as long as i know the name

Um, how exactly did you run PowerShell as a Guest?

Sorry my fault, it seems to only take effect after 45 minutes. So not its ok with Most Restrictive