Default Authorization Settings - Guest invite restrictions
Manages controls who can invite guests to your directory to collaborate on resources secured by your Entra ID (Azure AD), such as SharePoint sites or Azure resources.
| Name | allowInvitesFrom |
| Control | Default Authorization Settings |
| Description | Manages authorization settings in Entra ID (Azure AD) |
| Severity | Medium |
How to fix
Details of configuration item
| Recommendation | CISA SCuBA 2.18: Only users with the Guest Inviter role SHOULD be able to invite guest users |
| Configuration | policies/authorizationPolicy |
| Setting | allowInvitesFrom |
| Recommended Value | 'adminsAndGuestInviters','none' |
| Default Value | everyone |
| Graph API Docs | authorizationPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0003 - Persistence - Persistence |