Security - Default Azure user created for Office 365 mailboxes.

John Jr 21 Reputation points

I noticed that all our users created in Office 365 get an Azure account too. This normally would not be a problem, but it looks like even a low privileged user can login to Azure, view all users, memberships, devices, and domains.

I found conditional policies can be setup, but it looks like as long as a user can sign-in, they can login to Azure and view all this data.

Our tenant only has a few users that login to Azure as a domain, but the rest use Office 365 to login.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,261 questions
Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,486 Reputation points

    Hello @JohnJr-9222

    You can use below option to restrict any Non-administrator user from accessing Azure Active Directory:

    Azure Portal > Azure Active Directory > Users > User Settings > Restrict access to Azure AD administration portal and set it to Yes


    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Vasil Michev 99,936 Reputation points MVP

    You can restrict access on several levels, including restricting access to the portal, as detailed here: