As a Company, we have the Active Directory connector to synchronize our local AD info to Azure AD.
Our users then can login with our AD credentials to all Microsoft 365 services and all info about users are synchronized with their online account.
Now, we have noted a privacy violation of internal information when our Teams users invite external users.
All these external users are able to see the full list of Active Directory information related to the internal users that have joined the meeting (personal phone number, mobile number, internal number, street, city, etc.).
Does all these information should be protected by default as stated by the GDPR compliance? (privacy by design and privacy by default)
I have opened a ticket to the Technical support, but they closed the ticket telling me that "it is normal" and invited my to open a question on the Microsoft portals.
Do you know if there is a way to exclude access to our internal AD information from external users?