![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 57.99999999999999%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
9,626 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Hi @Ben Wilson
Thank you for posting your query on Microsoft Q&A.
I understand that your non-admin user can still access to "All Devices" page even though in user permission "Restrict access to Microsoft Entra administration portal" is enabled to Yes.
Non-admin users cannot view the device page since they have access restrictions to the Microsoft Entra administrative site, which I tested in my lab as well. It's possible that the user you're working with was assigned any custom role.
Don't use this switch as a security measure. Instead, create a Conditional Access policy that targets Windows Azure Service Management API that blocks Non administrators access to Windows Azure Service Management APIl.
Follow the document for more information: https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions#restrict-member-users-default-permissions
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click `Accept Answer` and `Yes` .
Thanks,
B. Siri Chandana.