We invite Azure B2B guest users to our AD in order for them to access a web application. Part of this process also adds them as members of a specific security group.
What I have noticed is that a B2B user can log in - (https://account.activedirectory.windowsazure.com) - and is able to see the other members of the group that they are members of.
Given that this information contains customer email addresses then it presents issues relating to GDPR.
The AD Administration Portal user settings are set to "restrict access to Azure AD admin portal"
Any ideas how we could restrict B2B users from being able to enumerate group membership in this manner ?