1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes'

Information

Limit guest user permissions.

Rationale:

Limiting guest access ensures that guest accounts do not have permission for certain directory tasks, such as enumerating users, groups or other directory resources, and cannot be assigned to administrative roles in your directory. If guest access in not limited, they have the same access to directory data as regular users.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Console

Go to Azure Active Directory

Go to External Identities

Go to External collaboration settings

Set Guest users permissions are limited to Yes

Default Value:

By default, Guest users permissions are limited is set to Yes.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-1, 800-53|AC-2, 800-53|IA-4, 800-53|IA-5, CSCv7|16

Plugin: microsoft_azure

Control ID: 5e23b31896f9004db62fc2546527a7f522abd8673b4cd316733873b9b895a093