Restricting guest access is very important. Normally you don’t want a guest user to see the membership of any groups. Of course, there are some situations you don’t want to change this setting.

You can simply change this in the user manage external collaboration settings inside the azure ad portal.

https://aka.ms/AADRestrictedGuestAccess

Or just use PowerShell. Add this setting to your Enrollment template so when enrolling a new customer, this setting will not be forgotten.

get-AzureADMSAuthorizationPolicy | Set-AzureADMSAuthorizationPolicy -GuestUserRoleId ‘2af84b1e-32c8-42b7-82bc-daa82404023b’

Conclusion:

The addition of restricting the group membership enumeration, so guest users are in the dark is very nice. Nothing to add…