question

shashanksaxena-6941 avatar image
0 Votes"
shashanksaxena-6941 asked amanpreetsingh-msft commented

Need to hide certain details in Azure Administrative Units

Hello Team,

I have created an Azure Administrative unit to reset MFA of certain group of users(as a part of Authenticator Administrator), I need to hide contact information of all users(kindly take the reference from given screenshot highlighted part).

Is it possible to achieve this.91246-capture.jpg


microsoft-sentinelazure-policyazure-managed-identityazure-ad-authentication-protocolsazure-ad-identity-governance
capture.jpg (88.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @shashanksaxena-6941 · Thank you for reaching out.

The authentication phone is protected by default and it is not visible to Non-administrator user. Only the users with administrator roles like, Privilege Authentication Administrator, User administrator, Global Administrator, can see this attribute. For Authentication Administrators, the number is masked as shown below:

91713-image.png

Additionally, there is no option to hide specific information in the portal. The available options are:

  1. Navigate to Azure AD > Users > User Settings and select yes to restrict access to Administrator only and non-admin users won't be able to access Azure AD blade. They can however, access the information via PowerShell or Graph API.
    91639-image.png

  2. Navigate to Azure AD > Users > User Settings > External users > Manage external collaboration settings to restrict access of Guest user accounts:
    91655-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (8.3 KiB)
image.png (4.1 KiB)
image.png (11.7 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Aman,

Thanks @amanpreetsingh-msft for providing the details but as I already mentioned that I have created Administrative Unit for some group of user and for them, that given user is a Authenticator Admin and being this admin, user can see the details all users(which is out of his scope as well) but not able to reset the MFA.

Waiting for your response.

0 Votes 0 ·

Hi @shashanksaxena-6941 · As per my testing, if a user is assigned with a directory role scoped for specific Administrative Unit, he should not be able to use those privileges outside of that AU. Could you please confirm if the user is assigned with any other role by navigating to Azure AD > Users > Select the User > Assigned Roles > Active Assignments.

0 Votes 0 ·

Hello @amanpreetsingh-msft

I have again rechecked the AU and under that only one user have Authenticator Admin for the scoped user of particular AU but he can't able to reset the MFA of all other user apart from scoped user and still can see the contact number of all users.

0 Votes 0 ·

@shashanksaxena-6941 · When you navigate to Azure AD > Users > Select the User > Assigned Roles > Active Assignments, what all roles do you see?

0 Votes 0 ·

@shashanksaxena-6941 · Just checking if the issue is resolved.

0 Votes 0 ·