MS.AAD.8.1v1 - Guest users SHOULD have limited or restricted access to Microsoft Entra ID directory objects.

Information

Limiting the amount of object information available to guest users in the tenant, reduces malicious reconnaissance exposure, should a guest account become compromised or be created by an adversary.

Solution

1. In Microsoft Entra admin center select External Identities > External collaboration settings.

2. Under Guest user access, select either Guest users have limited access to properties and memberships of directory objects or Guest user access is restricted to properties and memberships of their own directory objects (most restrictive).

3. Click Save.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|IA-2, 800-53|IA-8

Plugin: microsoft_azure

Control ID: 3c34a166ae366c6deea3725440d120405dd4f9726772816b052a84cc0ade6b02