When running the following code snippet logged in as a simple user i expose my entire organisation emails etc.
I'd like to restrict what a regular user can get from the Microsoft Graph API (i.e only see the logged in user).
import os
from azure.identity import InteractiveBrowserCredential
from msgraph.core import GraphClient
credential = InteractiveBrowserCredential()
client = GraphClient(credential=credential)
result = client.get('/users')
print(result.json())
Thanks for your help
Cheers
T
CodePudding user response:
Being able to view other users' profiles is part of a member user's default permissions (see
Here is the document for restricting the member users' default permissions:https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions#restrict-member-users-default-permissions