We have a publicly available portal, however all access requires a login. We are currently using our organizations active directory for single sign on. We are moving towards opening up access to more users outside of our organization using a second azure AD. While a login will still be required, once inside the portal what keeps someone from grabbing an individual service and adding it to their own applications with embedded credentials? Or using query operations for some other nefarious purposes? Are there settings to keep these users from using and sharing our content to others?
We do want to provide access to people outside of our organization that we have active services/construction contracts with, however I don't want to be naïve in thinking that single login will control or stop anyone with bad intentions. TIA!