By default users within Azure AAD able to read or access the Azure Active Directory information's such as other users group membership , assigned roles etc. From the security point of view this is not a good practice. Azure AAD access should be limited to users part of Global Administrator, Global Reader or User Access Administrator etc . This article explain how to restrict the Azure AAD access
Here is the scenario , User "Rajeesh" able to access Azure AAD even though there is no specific role assigned. Also same user able to view other user properties
No comments:
Post a Comment