MS.AAD.8.2v1 - Only users with the Guest Inviter role SHOULD be able to invite guest users.

Information

By only allowing an authorized group of individuals to invite external users to create accounts in the tenant, an agency can enforce a guest user account approval process, reducing the risk of unauthorized account creation.

Solution

1. In Microsoft Entra admin center select External Identities > External collaboration settings.

2. Under Guest invite settings, select Only users assigned to specific admin roles can invite guest users.

3. Click Save.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|AC-20, 800-53|CM-5, 800-53|CM-6, 800-53|IA-2, 800-53|IA-5, 800-53|SI-4, 800-53|SI-7

Plugin: microsoft_azure

Control ID: 5727a878c5df80616f0dd71e83a74f8a83898511a7e75407b33e19df52952ad9