Restrict Azure B2B Guest Users from viewing Group members in https://myapps.microsoft.com
We would like to restrict B2B Guest users from viewing Groups that they are part of, or from viewing the Members inside those Groups.
Currently, the feature to turn this off (Under Groups - General - Self Service Group Management - Restrict Access to Groups in the Access Panel) exists for ALL the users in the directory and not for the Guest users only. Hence, If we turn this off, then the internal users won't be able to leverage the Self service group membership feature. And if we keep this on then we will end up letting the Guest users from Company A view all the Names, Email Addresses of the Guests from Company B, which is not good for the scenario when Company A is a competitor for Company B.
Daniel Fawcett commented
Its worth noting that this is the case even when the group has been created with the -HiddenGroupMembershipEnabled parameter in the New-UnifiedGroup PowerShell cmdlet. That presents a dangerous situation if you don't catch this.
David Wells commented
This is a big issue for us. Only option we have so far is to create a group per company (per app) which gets messy to setup and maintain. Also you end up with loads of groups in AAD with company names in which are potentially discoverable in SPO, etc.
Solutions could be:
1. Have an option to disable self-service for Guests
2. Have an option to hide group membership for Guests
3. Have an option on each group to hide members from non-owners so you can disable it on groups which are sensitive or have external users
4. Have an option to hide specific groups completely from Guests or self-service. This could even include hiding it from people picker in SPO