Guest Users with Administrative Rights [CHK-1131]
This check identifies if there are any external (guest) users in your tenant who have been assigned administrative rights.
Rationale
Guest users with administrative rights pose a potential security risk. If these users are compromised, an attacker could gain access to your resources. It's crucial to regularly review and manage these assignments.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to Entra ID portal at https://entra.microsoft.com
- Go to Roles and administrators
- Click on the role that has guest users assigned
- Click on "Assignments"
- Identify guest users (look for #EXT# in the username)
- Select the guest user and click "Remove assignments"
- Repeat for each guest user that should not have admin roles
If the users are supposed to have these roles, you can whitelist them in the configuration. Please reply to this incident with a list of users that are allowed to have these roles.
Impact
Revoking unnecessary administrative rights from guest users reduces the risk of a potential hacking attack. It ensures that only the necessary individuals have access to your resources.
More Information
For more details, please refer to the official Microsoft documentation on managing guest access in Microsoft 365 groups: Manage guest access in Microsoft 365 groups