I recently realized that if a user knows the REST URL of a service, the user can browse the server directory and access all other serviced that are shared to the public. Ideally I want the user to only access the service with the URL they know. For example, I want a user to be able to load Service A in their own maps, but I have Service B which I use for a public app, and I do not want the user to be able to load Service B in their own maps.
What is the best strategy to hide certain public services in the directory? For now I go to ArcGIS Server Administrator Directory and add "deprecated": "true" to each service's property. Does this actually block an anonymous user the access to these services? Is there a way to do this without going to Administrator Directory, or to do this in batch?
Please check Disable the Services Directory—ArcGIS Server | Documentation for ArcGIS Enterprise
This method does not prevent user from adding the server to ArcGIS Pro project and browsing the services.