For a Microsoft Azure business-to-business (B2B) collaboration, each Active Directory (AD) guest user needs to be associated with a business owner or business process. When there is no need for B2B collaboration, ensure that there are no AD guest users available within your Microsoft Azure account.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
An Active Directory business-to-business (B2B) collaboration is used to securely share your applications and services with guest users and external partners from other organizations, while maintaining full control over your own data. Azure AD is configured to handle B2B collaborations, allowing you to invite people from outside your organization to be guest users within your Azure cloud account. Unless you have a real business need that requires to provide guest access to external users, avoid creating such guest users. Active Directory guest users are usually added outside the employee onboarding/offboarding process managed by your company and this can eventually lead to potential security vulnerabilities.
Audit
To determine if there are any Active Directory guest users available in your Azure account, perform the following actions:
Remediation / Resolution
Remove any Active Directory (AD) guest users that are not linked to a business owner or business process, created in your Microsoft Azure cloud account. To delete Azure AD guest users, perform the following actions:
References
- Azure Official Documentation
- Azure Active Directory documentation
- Azure Active Directory B2B Documentation
- Add or delete users using Azure Active Directory
- Add Azure Active Directory B2B collaboration users in the Azure portal
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az ad user list
- az ad user delete
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Check for Active Directory Guest Users
Risk level: Medium