Run-of-the-mill Azure AD users will never need to access the actual Azure portal – but default settings do allow a certain level of access, which could allow them to see certain inforamation regarding other users and group membership that might put the organization at risk. To fix this, we can restrict portal visibility by normal users to basically no information of any value or use outside of their own account.
To enable this control, follow this process:
1. Sign in to portal.azure.com as an admin.
2. Select Users from the left-side menu, then select User Settings and select Yes under Administration Portal: Restrict Access to Azure AD administration portal.
3. Done! Normal users who log in to the Azure portal will now be unable to see information pertaining to other users, groups, or group memberships.