Reputation: 1900
Block user from portal.azure.com
My company is using Azure Active Directory. We are able to login into the Azure portal using AAD.
However, we only want a handful of employees to be able to login into the portal. All other employees should be kept out.
How do I accomplish this?
Upvotes: 1
Views: 5084
Answers (3)
Reputation: 3553
Apply the Restrict access to Azure AD administration portal setting, which will block all access unless a user has Directory Reader or higher permissions in Azure AD
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
As a Global admin:
- Azure Active Directory
- User Settings
- Restrict access to Azure AD administration portal -> yes
Upvotes: 1
Reputation: 1935
Or you can just block sign in for the user in the user profile. By this, the blocked users will be denied to log in the portal.
Note: This operation requires the global admin.
Upvotes: -1
Reputation: 72181
You cant do that if they are part of the AAD, you can however grant them no permissions, so they wont be able to see any resources or do anything on the portal
And you really dont have to do anything to acomplish that. Those are default permissions.
To check users permissions go to the portal and navigate to Azure AD blade.
Portal => AzureAd => Users => pick user => click Azure Resources on the left
Upvotes: 1
Related Questions
- How to block access to group of users with directory roles
- Cannot Restrict access to Azure AD administration portal
- How to restrict users on Azure Portal
- AzureAD - Block Access by EmployeeID
- How to block Outlook.com (Microsoft accounts) to login through my Azure AD App
- Disable user browsing in Azure Active Directory for standard users
- Azure AD how to prevent app users from login into azure portal
- Prevent logins to unauthorized AAD tenant?
- Restrict which Users are accessible with Azure AD Permissions
- Block user login from Azure portal