Version: 2.1.0

EIDSCA.AP14 - Default Authorization Settings - Default User Role Permissions - Allowed to read other users.

Overview

Prevents all non-admins from reading user information from the directory. This flag doesn't prevent reading user information in other Microsoft services like Exchange Online.

Restrict this default permissions for members have huge impact on collaboration features and user lookup.

Test script

https://graph.microsoft.com/beta/policies/authorizationPolicy
.defaultUserRolePermissions.allowedToReadOtherUsers -eq 'true'

Open in Graph Explorer
authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn

Test Metadata

Field	Value
Test ID	EIDSCA.AP14
Severity	High
Suite	Entra ID SCA
Category	General
PowerShell test	Test-MtEidscaAP14
Tags	EIDSCA, EIDSCA.AP14

Source

Pester test: tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1
PowerShell source: powershell/internal/eidsca/Test-MtEidscaAP14.ps1

Overview​

Test script​

Related links​

Test Metadata​

Source​

Overview

Test script

Related links

Test Metadata

Source