It is possible to hide Active Directory personal user information to external Microsoft 365 users?

thenewmessiah 41 Reputation points
2021-09-08T15:28:14.647+00:00

Hi All,

As a Company, we have the Active Directory connector to synchronize our local AD info to Azure AD.

Our users then can login with our AD credentials to all Microsoft 365 services and all info about users are synchronized with their online account.

Now, we have noted a privacy violation of internal information when our Teams users invite external users.

All these external users are able to see the full list of Active Directory information related to the internal users that have joined the meeting (personal phone number, mobile number, internal number, street, city, etc.).

Does all these information should be protected by default as stated by the GDPR compliance? (privacy by design and privacy by default)

I have opened a ticket to the Technical support, but they closed the ticket telling me that "it is normal" and invited my to open a question on the Microsoft portals.

Do you know if there is a way to exclude access to our internal AD information from external users?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,144 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,912 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,608 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 95,751 Reputation points MVP
    2021-09-08T15:51:25.13+00:00

    Check the "guest access permissions" feature: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/users-restrict-guest-permissions

    When guest access is restricted, guests can view only their own user profile. Permission to view other users isn't allowed even if the guest is searching by User Principal Name or objectId. Restricted access also restricts guest users from seeing the membership of groups they're in.

  2. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2021-09-10T16:54:56.98+00:00

    @thenewmessiah
    Thank you for following up on this, and I apologize for your support ticket being closed out without any solution.

    As mentioned by @Vasil Michev and shown by @Sharon Zhao-MSFT , you can definitely leverage our Restrict guest access permissions in Azure Active Directory documentation to restrict what external guest users can see in their organization in Azure AD.

    For the different restriction options, the default looks to be Limited access - Guests can see membership of all non-hidden groups. I tested this within my tenant and wasn't able to see any user data.

    131164-image.png
    Note - My guest user has no roles assigned and is solely a "User" within my Azure AD Tenant. If you assign an AzureAD role - for example Global Admin to the guest user, they'll be able to see user data.

    If you're still having issues with this, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments
  3. Limitless Technology 39,381 Reputation points
    2021-09-14T16:19:46.92+00:00

    Hello @thenewmessiah

    Was there any development of your issue after the last recommendations?

    I would also recommend you the Microsoft Uservoice channels to elevate your concerns, suggestions, or feature requests:

    Find Teams in the list in: https://learn.microsoft.com/en-gb/archive/blogs/o365guy/submit-product-feedback-or-feature-requests-to-microsofts-virtual-suggestion-boxes

    Hope you find it useful,
    Best regards,

    0 comments