This post is part of the Secure External Sharing Series.

In earlier posts, we have seen how you can block Azure Portal access for Guest Users aka External Users and also use Azure Portal roles to allow users, including guest users to invite guest users from partner organisation.

If your organisation did not want to do any of this and further restrict user access to Azure Active Directory Administration Portal this blog post is for you.

Who can access the Azure Active Directory Administration Portal?

All users, including Azure Active Directory Guest Users, can access the Azure Active Directory Administration Portal, if no restrictions are applied.

What can they see in the Azure Active Directory Administration Portal?

Users and groups blade

 

Overview blade


When
would you want to restrict

1. Users can see everything in the All Users Blade from

  • All Users
  • All groups
  • Company Branding
  • User Settings
  • Device Settings

2. Users will also be able to raise new support request

How to restrict users to Azure Active Directory Administration Portal?

  1. Navigate to Users and groups > All users (Link)
  2. Navigate to Users and groups > User settings (Link)
  3. Set Administration Portal setting to Yes

End Result

With the setting configured as above, all non-administrators will be restricted from accessing and Azure Active Directory data in the administration portal.

In the following blog posts, I will cover  Microsoft 365 services that can be enabled for external sharing in your Microsoft 365 tenancy and how you can enable/disable these services for external sharing.

Stay tuned – subscribe to RSS – for post updates or email newsletter (for regular updates and zero spam) to get updates as I post blog posts.