Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Guest user able to list group members

Copper Contributor

Hi,

 

I'm currently trying out the Guest User, and noticed that guest user account using graph api are:

1. not able to list group using - https://graph.microsoft.com/v1.0/groups

2. able to list group members if given the GroupId using - https://graph.microsoft.com/v1.0/groups/{{GroupId}}/members

3. able to list group owners if given the GroupId using - https://graph.microsoft.com/v1.0/groups/{{GroupId}}/members

 

Note: the user isn't part of the group of the mentioned Group Id

Guest user access Settings : Guest users have limited access to properties and memberships of directory objects

 

Is there anything i can do to avoid [2] & [3] or the only option is to move to "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)"

 

4 Replies
best response confirmed by MosesLim (Copper Contributor)
Solution

That's a known issue/expected behavior, the option you mentioned is the only way to address it.

OK,

I try on Powershell with "Most Restrictive" with get-azadgroupmember -groupDisplayName "All Users"

The guest user are able to list it. He isn't in the list. I'm able to list any group as long as i know the name

Um, how exactly did you run PowerShell as a Guest?

Sorry my fault, it seems to only take effect after 45 minutes. So not its ok with Most Restrictive
1 best response

Accepted Solutions
best response confirmed by MosesLim (Copper Contributor)
Solution

That's a known issue/expected behavior, the option you mentioned is the only way to address it.

View solution in original post