Hi There,
we're using an Educational O365 tenancy and I've split the GAL into students / teachers / support staff and used Address book policies to try and lock down users and groups that students shouldn't be able to see.
It seemed to be working well, except I've logged into the People app using a student account and though the browsable sections down the left hand side are working great, the search bar is still bringing up groups which a student shouldn't be able to see. I've copied my settings below, are there settings I need to change in O365 to make the People app search respect the ABP policies? There was a settings in Teams I had to change to get the search to work in there so I'm not sure if there is something similar here?
Thanks,
Olly
Get-AddressBookPolicy -Identity "Student ABP" | Format-List
RunspaceId : ###
MembershipFilter :
RecipientFilter :
PendingChanges : False
IBPolicyState : Inactive
IsVisibilityBlocked : False
IsCommunicationBlocked : False
AddressLists : {\All Teachers, \All Students}
GlobalAddressList : \Student GAL
RoomList : \All Rooms
OfflineAddressBook : \OAB_Student
IsInformationBarrierPolicy : False
InformationBarrierSegment :
DisplayName :
IsDefault : False
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : Student ABP
DistinguishedName : CN=Student ABP,CN=AddressBook Mailbox Policies,CN=Configuration,CN=#####,CN=ConfigurationUnits,DC=#####,DC=PROD,DC=OUTLOOK,DC=COM
Identity : Student ABP
ObjectCategory : ####.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Address-Book-Mailbox-Policy
ObjectClass : {top, msExchRecipientTemplate, msExchAddressBookMailboxPolicy}
WhenChanged : 07/09/2020 10:11:12
WhenCreated : 07/09/2020 10:10:49
WhenChangedUTC : 07/09/2020 09:11:12
WhenCreatedUTC : 07/09/2020 09:10:49
ExchangeObjectId : bb7e5928-b7e8-418e-bf28-98a1efce4c4d
OrganizationId : ###.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/####.onmicrosoft.com - ####.PROD.OUTLOOK.COM/ConfigurationUnits/Eslandcare.onmicrosoft.com/Configuration
Id : Student ABP
Guid : ###
OriginatingServer : ###.PROD.OUTLOOK.COM
IsValid : True
ObjectState : Unchanged
PS C:\Users\OliverLennox> Get-OfflineAddressBook -Identity "OAB_Student" | Format-List
RunspaceId : ####
Server :
GeneratingMailbox :
AddressLists : {\Student GAL}
Versions : {Version4}
IsDefault : False
PublicFolderDatabase :
PublicFolderDistributionEnabled : False
GlobalWebDistributionEnabled : True
WebDistributionEnabled : True
ShadowMailboxDistributionEnabled : False
UseE14SortOrder : False
UseE14SortOrderOrdinal : False
UseOrdinalSortedMultivaluedProperties : True
LastTouchedTime :
LastRequestedTime :
LastFailedTime :
LastNumberOfRecords :
HttpHomeMdbLastProcessedBucket : 1000
LastGeneratingData :
MaxBinaryPropertySize : 32768
MaxMultivaluedBinaryPropertySize : 65536
MaxStringPropertySize : 3400
MaxMultivaluedStringPropertySize : 65536
ConfiguredAttributes : {OfficeLocation, ANR, ProxyAddresses, ANR, PhoneticGivenName, ANR, GivenName, ANR...}
DiffRetentionPeriod : 30
Schedule : {Sun.05:00-Sun.05:15, Mon.05:00-Mon.05:15, Tue.05:00-Tue.05:15, Wed.05:00-Wed.05:15...}
VirtualDirectories : {}
AdminDisplayName :
FullOabDownloadPreventionThreshold : 0
ZipOabFilesBeforeUploading : False
Identity : \OAB_Student
Id : \OAB_Student
IsValid : True
ExchangeVersion : 0.20 (15.0.0.0)
Name : OAB_Student
DistinguishedName : CN=OAB_Student,CN=Offline Address Lists,CN=Address Lists Container,CN=Configuration,CN=####.onmicrosoft.com,CN=ConfigurationUnits,DC=####,DC=PROD,DC=OUTLOOK,DC=COM
ObjectCategory : ####.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-OAB
ObjectClass : {top, msExchOAB}
WhenChanged : 07/09/2020 09:37:26
WhenCreated : 07/09/2020 09:37:03
WhenChangedUTC : 07/09/2020 08:37:26
WhenCreatedUTC : 07/09/2020 08:37:03
ExchangeObjectId : d858089d-9c9b-412f-8ea8-9c903f06bcb7
OrganizationId : ###.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/###.onmicrosoft.com - ###.PROD.OUTLOOK.COM/ConfigurationUnits/Eslandcare.onmicrosoft.com/Configuration
Guid : ###
OriginatingServer : ##.##.PROD.OUTLOOK.COM
ObjectState : Unchanged
Get-GlobalAddressList -Identity "Student GAL" | Format-List
RunspaceId : ##
IsDefaultGlobalAddressList : False
Name : Student GAL
RecipientFilter : ((MemberOfGroup -eq 'CN=All Students20200819132236,OU=###.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=##,DC=PROD,DC=OUTLOOK,DC=COM') -or (MemberOfGroup -eq 'CN=All
Teachers20200819132255,OU=##.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=##,DC=PROD,DC=OUTLOOK,DC=COM'))
LdapRecipientFilter : (|(memberOf=CN=All Students20200819132236,OU=##.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=##,DC=PROD,DC=OUTLOOK,DC=COM)(memberOf=CN=All
Teachers20200819132255,OU=##.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=##,DC=PROD,DC=OUTLOOK,DC=COM))
LastUpdatedRecipientFilter :
RecipientFilterApplied : False
IncludedRecipients :
RecipientContainer :
RecipientFilterType : Custom
Identity : \Student GAL
Id : \Student GAL
IsValid : True
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=Student GAL,CN=All Global Address Lists,CN=Address Lists Container,CN=Configuration,CN=##.onmicrosoft.com,CN=ConfigurationUnits,DC=##,DC=PROD,DC=OUTLOOK,DC=COM
ObjectCategory : ##.PROD.OUTLOOK.COM/Configuration/Schema/Address-Book-Container
ObjectClass : {top, addressBookContainer}
WhenChanged : 07/09/2020 09:34:09
WhenCreated : 07/09/2020 09:33:56
WhenChangedUTC : 07/09/2020 08:34:09
WhenCreatedUTC : 07/09/2020 08:33:56
ExchangeObjectId : 7301ce90-d038-48ae-b734-74651069e567
OrganizationId : ##.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/##.onmicrosoft.com - ##.PROD.OUTLOOK.COM/ConfigurationUnits/##.onmicrosoft.com/Configuration
Guid : ##
OriginatingServer : ##.##.PROD.OUTLOOK.COM
ObjectState : Unchanged