Hi,
I am trying to manage my company credential throw WAAD but I noticed my users can use powershell with MSOnline module to retrieve information.
They cannot anymore retrieve all others users with Get-MsolUser because I found an option to disable this command : Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false
Now they directly get the following error : Get-MsolUser : Access Denied. You do not have permissions to call this cmdlet
Is there a way to do the same for Get-Group and Get-GroupMember ?
I have the following settings using Get-MsolCompanyInformation :
SelfServePasswordResetEnabled : TrueUsersPermissionToCreateGroupsEnabled : False
UsersPermissionToCreateLOBAppsEnabled : False
UsersPermissionToReadOtherUsersEnabled : False
UsersPermissionToUserConsentToAppEnabled : False
DirectorySynchronizationEnabled : False
LastDirSyncTime :
LastPasswordSyncTime :
PasswordSynchronizationEnabled : False
Thank you for your answer