Issue
Unprivileged users in Azure AD are permitted to invite guest users to the tenant.
Recommended Remediation
The following outlines the recommended steps that the systems and network administrators should take in order to secure the environment.
- After logging into the Azure tenant as a privileged user (i.e., Global Administrator), access the Azure Active Directory option.
- Select the User Settings blade under Manage.
- Click Manage external collaboration settings under External users.
- Under Guest invite settings, select “Only users assigned to specific admin roles can invite guest users.” Click save.
