You have enabled remember Multi-Factor Authentication on trusted device in Office 365 Multi-Factor Authentication. When…
Why do users have access to Azure AD administration portal? You only want administrators to have access and restrict users to access Azure portal. It’s not relevant for standard users to have access. Is there a way to disable user access to the Azure AD portal? Yes, there is. In this article, we will look at how to restrict access to Azure AD administration portal.
Table of contents
User access to Azure AD administration portal
Sign in to Azure portal as a user. In our example, we will sign in as the user Alison Bell. Click on Menu > Azure Active Directory.
In the Overview screen, the user can see the Azure Active Directory information.
Click in the menu on Users and Groups.
In the All users section, all the users are visible to the user.
Also, all the groups are visible to the user.
Click in the menu on Roles and administrators. Verify the role of the user. In our case, it’s the role User. Click on Your Role.
The user does not have directory roles assigned.
In the next step, we will look at restricting users from accessing the Azure AD administration portal.
Restrict access to Azure AD administration portal
Sign in to Azure portal as a Global Administrator. Click on the Menu and select Azure Active Directory.
Click in the menu on User settings. Click under Administration portal > Restrict access to Azure AD administration portal on Yes. Click Save.
Setting the option Restrict access to Azure AD administration portal to Yes restricts all non-administrators from accessing any Azure AD data in the administration portal.
You may need to give the setting a couple of minutes to apply the changes.
Verify no access to Azure AD administration portal
Go back to the user account, refresh the page, or sign in again to the Azure portal. Navigate to Azure Active Directory. You will see a No access message.
Read more: Install and configure Azure AD Connect »
In this article, we showed how to restrict access to Azure AD administration portal. By default, the option to restrict access to Azure AD portal is set to No. But, we do recommend setting it to Yes and restrict user access to Azure AD for non-administrator accounts.
The next time you manage an Azure tenant or create a new Azure tenant, check the restrict access to Azure AD administration portal setting in the Azure AD portal and make sure to turn it on.
Did you enjoy this article? You may also like Office 365 disable stay signed in prompt. Don’t forget to follow us and share this article.