Home

Hiding members of a group from Guest users

%3CLINGO-SUB%20id%3D%22lingo-sub-177621%22%20slang%3D%22en-US%22%3EHiding%20members%20of%20a%20group%20from%20Guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-177621%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20starting%20to%20work%20with%20AAD%20external%2FGuest%20users%20and%20have%20created%20a%20dynamic%20group%20which%20accumulates%20all%20users%20of%20type%20%22Guest%22%20into%20it%3B%20presently%20I'm%20not%20using%20it%20for%20any%20automation%2C%20but%20would%20like%20to%20use%20it%20for%20periodic%20audits%20(%22how%20many%20external%20users%20do%20we%20have%20in%20our%20tenant%2C%20and%20who%20are%20they%3F%22)%20as%20well%20as%20potentially%20for%20Conditional%20Access%20rules.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20concern%20I%20have%20is%20that%20when%20an%20external%20user%20signs%20into%20%22MyApps%22%20he%20can%20see%20which%20groups%20he's%20a%20member%20of%2C%20and%20then%20can%20see%20other%20members%20of%20those%20same%20groups.%26nbsp%3B%20If%20these%20were%20all%20users%20in%20my%20own%20tenant%20that%20wouldn't%20be%20such%20a%20big%20deal%2C%20but%20I%20don't%20really%20want%20external%20users%20to%20be%20able%20to%20see%20the%20identities%20of%20other%20external%20users.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20there%20any%20way%20to%20control%20this%20visibility%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-177621%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
James Breton
Occasional Contributor

Hello,

 

I'm starting to work with AAD external/Guest users and have created a dynamic group which accumulates all users of type "Guest" into it; presently I'm not using it for any automation, but would like to use it for periodic audits ("how many external users do we have in our tenant, and who are they?") as well as potentially for Conditional Access rules.

 

The concern I have is that when an external user signs into "MyApps" he can see which groups he's a member of, and then can see other members of those same groups.  If these were all users in my own tenant that wouldn't be such a big deal, but I don't really want external users to be able to see the identities of other external users.

 

Is there any way to control this visibility?

 

Thanks!