B2B Guest-user security scope restriction.
We want to restrict the scope of API processes to guest-users only, thus isolating and separating Directory members at the API layer. This is currently only achieved when inviting guest users, however, on-going management such as updates to group membership, appears to apply to the entire directory which poses a huge security/integrity risk to directory members. This risk could be alleviated by ensuring B2B guest-related API calls are only made possible on B2B guest users only. Thanks!
Matthias Fleschütz commented
Fully Agree! Really bad if it comes to profile changes or even guest suspensions / deletions because you have to grant ReadWrite.All which includes even internal users.... for real?!