Restrict User Access to Azure AD Administration Portal

This post is part of the Secure External Sharing Series.

In earlier posts, we have seen how you can block Azure Portal access for Guest Users aka External Users and also use Azure Portal roles to allow users, including guest users to invite guest users from partner organisation.

If your organisation did not want to do any of this and further restrict user access to Azure Active Directory Administration Portal this blog post is for you.

Who can access the Azure Active Directory Administration Portal?

All users, including Azure Active Directory Guest Users, can access the Azure Active Directory Administration Portal, if no restrictions are applied.

What can they see in the Azure Active Directory Administration Portal?

Users and groups blade

 

Overview blade


When
would you want to restrict

1. Users can see everything in the All Users Blade from

  • All Users
  • All groups
  • Company Branding
  • User Settings
  • Device Settings

2. Users will also be able to raise new support request

How to restrict users to Azure Active Directory Administration Portal?

  1. Navigate to Users and groups > All users (Link)
  2. Navigate to Users and groups > User settings (Link)
  3. Set Administration Portal setting to Yes

End Result

With the setting configured as above, all non-administrators will be restricted from accessing and Azure Active Directory data in the administration portal.

In the following blog posts, I will cover  Microsoft 365 services that can be enabled for external sharing in your Microsoft 365 tenancy and how you can enable/disable these services for external sharing.

Stay tuned – subscribe to RSS – for post updates or email newsletter (for regular updates and zero spam) to get updates as I post blog posts.

Azure Portal Roles for External Sharing with Guest Users

This post is part of the Secure External Sharing Series.

In the earlier post, we have seen how you can block Azure Portal access for Guest Users aka External Users. On the flip side, if you wanted the Guest Users to access Azure Portal to perform specific role of inviting other guest users or if you wanted to delegate any user – internal to the organisation to be able to invite guest users from partner organisations, this blog post is for you. These permission roles need to be applied per user in Azure Active Directory.

This blog post is divide in to 2 sections:

First section is about giving user permission role to members (internal users) and should you choose to – even allow existing guest users to invite other guest users.

Second section is about restricting non-administrators from inviting external users – including from SharePoint Online. Only Azure Active Directory administrators will have permissions to invite guest users to the organisation.

Continue reading “Azure Portal Roles for External Sharing with Guest Users”

How to Block Azure Portal Access for External User

This post is part of the Secure External Sharing Series.

Now that we have enabled external sharing in Office 365 and SharePoint Online, it’s time to secure your organisation’s Azure Portal from users – such as external users from looking up information in Azure Portal they should not be looking at!

Quick recap of the terminology – External User in Office 365 Services, such as SharePoint Online is the same / equivalent to Guest Users in Azure Portal.

Continue reading “How to Block Azure Portal Access for External User”