Ensure that "Guests can invite" setting is set to "No" in your Azure Active Directory (AD) user settings so that the guest users within your directory cannot invite themselves other guests to collaborate on cloud resources secured by your Active Directory account.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Active Directory external collaboration settings are enabling you to turn guest invitations on or off for different types of users available in your organization. To ensure that only authorized guest users have access to your Azure cloud resources, allow only AD administrators to send invitations for collaboration by disabling "Guests can invite" feature. This should help maintain need-to-know permissions and prevents unintended access to your Azure data.
To determine if guest users can invite themselves other guest users for collaboration, perform the following actions:Note: Getting "Guests can invite" Active Directory setting configuration using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
To make sure that your AD guest users cannot invite themselves other guest users to collaborate and use your Active Directory resources by setting " Guests can invite" to "No", perform the following actions:Note: Configuring Azure Active Directory external collaboration settings to restrict guest invitations using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Guest User Invitations
Risk level: High