Ok, so let's start by saying that I know that Obfuscation is not security but sometimes when you are trying to keep things affordable for a client you need to be realistic. A common way for me to do this and keep using the E3/A3 licences is to use a Canvas App with SharePoint lists and standard connectors.
I will do another blog post on the exact details but in summary I use SharePoint lists that have Item level permissions set, so that users can only read or edit their own records. I then have a members group with designer permissions so they can read and edit all records. The intention then, is to hide away items that members shouldn't see within the app itself and generally keep people away from the SharePoint site completely. But what happens if they find the site and have a nose round? Yep, they can get to the data.
So how do you hide the lists?
The answer is actually incredibly simple. A colleague showed me a simple way of doing this from a Power Automate flow.
Once I found this I had a quick google and saw that the awesome Shane Young from PowerApps911 had already done a YouTube video on the subject. Here it is for reference: https://youtu.be/UD5piH5Bd20
The List to hide
Here is a simple list I created, which sites within a Teams SharePoint site.
Step 1. Create an instant cloud flow.
Step 2. Add the action "Send an HTTP request to SharePoint".
Step 3. Fill in the below info. Just change the Site Address and Uri to be your site and list.
Step 4. Save your flow and test it. That's it! Check the site and its gone, even from Site Contents!
To expand on this further, to unhide simply change the following to false and run again: 'Hidden': true,
I hope you find this useful. Let me know in the comments what you think.