Default Authorization Settings - Sign-up for email based subscription
Indicates whether users can sign up for email based subscriptions.
| Name | allowedToSignUpEmailBasedSubscriptions |
| Control | Default Authorization Settings |
| Description | Manages authorization settings in Entra ID (Azure AD) |
| Severity | Medium |
How to fix
Microsoft Graph PowerShell: Update-MgPolicyAuthorizationPolicy -AllowedToSignupEmailBasedSubscriptions $false
Details of configuration item
| Recommendation | |
| Configuration | policies/authorizationPolicy |
| Setting | allowedToSignUpEmailBasedSubscriptions |
| Recommended Value | 'false' |
| Default Value | true |
| Graph API Docs | authorizationPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0001 - Initial Access - Initial Access |