Ensure that "Members can invite" policy is set to "No" within your Azure Active Directory (AD) user settings so that non-administrator members cannot invite guest users to collaborate on resources secured by your Azure Active Directory, such as SharePoint sites or certain Azure cloud resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Restricting the ability to send invitations to AD administrators only prevents inadvertent access to your Active Directory data and ensures that only authorized accounts have access to your Azure cloud resources.
To determine if non-admin members can invite guests for collaboration, perform the following actions:Note: Querying "Members can invite" Active Directory setting configuration using Microsoft Graph API or Azure CLI is not currently supported.
Remediation / Resolution
To make sure that only Active Directory (AD) members with administrator roles can invite guest users to your directory by setting "Members can invite" option to "No", perform the following actions:Note: Configuring Azure Active Directory external collaboration settings to restrict invitations to AD administrators only using Microsoft Graph API or Azure CLI is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Restrict Invitations to Administrators Only
Risk level: High