I am new to the Azure and I have a question. I hope experts out there will shed light on it. Our client has moved to office 365 recently only for Windows 10 license, as a result, they installed Azure AD connect. I noticed that standard domain users can access to Azure portal with their ad account and see all the users, groups, devices, etc. I was curious and asked the sysadmin about that.
He replied to me saying that users can not make any change.
Is it something normal to leave like that? I think we can restrict the user access, but I am not sure why the client does not want to do that. If there is a document that says it is bad then I would like to point to that to the sysadmin.