Ensure that "Guest user permissions are limited" safety feature is enabled within your Microsoft Entra ID settings in order to implement the principle of least privilege and enhance the access security to your Microsoft Entra ID account. The principle of least privilege represents the practice of providing every user the minimal amount of access required to perform successfully its tasks.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Security When "Guest user permissions are limited" feature is disabled, guests have the same access to your Microsoft Entra ID data that regular users have in your directory. By enabling the feature (i.e. limiting guest access) you have the guarantee that guest accounts do not have permission for certain Microsoft Entra ID tasks, such as enumerating users, groups or other directory resources, and cannot be assigned to administrative roles within your Microsoft Entra ID account.
Audit
To determine if user permissions for Microsoft Entra ID guest users are limited, perform the following actions:
Note: Obtaining "Guest users permissions are limited" Microsoft Entra ID setting status using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
To implement the principle of least privilege within your Microsoft Entra ID account and set "Guest users permissions are limited" to "Yes", perform the following actions:
Note: Configuring Microsoft Entra ID external collaboration settings in order to limit guest users' permissions using Microsoft Graph API or Azure CLI is not currently supported.References
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Guest User Permissions Are Limited
Risk Level: High