Ensure that "Guest user permissions are limited" safety feature is enabled within your Azure Active Directory (AD) settings in order to implement the principle of least privilege and enhance the access security to your Active Directory account. The principle of least privilege represents the practice of providing every user the minimal amount of access required to perform successfully its tasks.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When "Guest user permissions are limited" feature is disabled, guests have the same access to your AD data that regular users have in your directory. By enabling the feature (i.e. limiting guest access) you have the guarantee that guest accounts do not have permission for certain Active Directory tasks, such as enumerating users, groups or other directory resources, and cannot be assigned to administrative roles within your Azure AD account.
Audit
To determine if user permissions for Active Directory guest users are limited, perform the following actions:
Note: Obtaining "Guest users permissions are limited" AD setting status using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To implement the principle of least privilege within your Azure Active Directory account and set "Guest users permissions are limited" to "Yes", perform the following actions:
Note: Configuring Azure AD external collaboration settings in order to limit guest users' permissions using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Limit Guest User Permissions
Risk level: High