In the Azure Active Directory Admin Center, you have some control over what External users/Guest can do.
One of the settings allows you to make sure that Guest users permissions are limited.
The description says:
"Yes" means that guests do not have permission for certain directory tasks, such as enumerate users, groups or other directory resources, and cannot be assigned to administrative roles in your directory.
"No" means that guests have the same access to directory data that regular users have in your directory.
But the thing is that an administrator can go to Azure AD and assign an administrative role to a guest even if you say "Yes" to Guest users permissions are limited.
You can see a post of another person regarding this here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32832913--guest-users-limited-permission-setting-descripti
I would appreciate if you could clarify this situation for me.
Thanks!
