Skip to main content

Default Authorization Settings - Guest user access

Represents role templateId for the role that should be granted to guest user.

NameguestUserRoleId
ControlDefault Authorization Settings
DescriptionManages authorization settings in Entra ID (Azure AD)
Severity

How to fix

Details of configuration item

RecommendationCISA SCuBA 2.18: Guest users SHOULD have limited access to Entra ID (Azure AD) directory objects.
Configurationpolicies/authorizationPolicy
SettingguestUserRoleId
Recommended Value'2af84b1e-32c8-42b7-82bc-daa82404023b'
Default Value10dae51f-b6af-4016-8d66-8c2a99b929b3
Graph API DocsauthorizationPolicy resource type - Microsoft Graph v1.0 - Microsoft Learn
Graph ExplorerOpen in Graph Explorer

MITRE ATT&CK

TacticTechniqueMitigation
TA0043 - Reconnaissance - Reconnaissance