Azure AD - Prevent guest access on an Azure website

1
votes

I have an Azure Website built on Angular5 protected by Azure AD for authentication. The API layer is developed as Azure function app, also authenticated by Azure AD. Now , I want this website to be available to all users in my organisation and not allow any guest users registered in the tenant to access the web site & API. What are my options here?

Currently the app & API can be accessed by even the guest accounts.

Update Full solution blogged here with screenshots.

2
azureazure-web-app-serviceazure-active-directoryazure-ad-b2b

2 Answers

1
votes

For your scenario, you can achieve it.

Soluton:

  1. Go to Azure Portal> Azure Active Directory > Create one Group for members in your directory, the other Group for those gueste users.

  2. Find your Application in Enterprise Application. Set the User assignment required to be Yes in Properties. enter image description here

  3. Find your Application in Enterprise Application > Users and groups > Add User > Select one group > Select the member group > Assign enter image description here

After those steps, only the members in assigned group can access that application.

0
votes

Below is the solution I implemented in the end.

  1. Create a dynamic user group called "Internal Users Only". Add a membership rule "userType equals Member". So now this group will contain only users in your organization. 2.Enable User Assignment for the Azure AD App as mentioned by Wayne.
  2. Add that group to the Azure AD app.

Full solution blogged here with screenshots.