Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Preventing Guest Users from Inviting New Guests [CHK-1152]

This check ensures that guest users are not allowed to invite new guest users.

Rationale

In a Microsoft environment, guest users can be invited to collaborate or share data. However, it is not ideal for these guest users to have the ability to invite other guest users. This function should be limited to regular users or guest users with a special invitation role.

Fix

An automated fix is available through Attic.

To fix it yourself:

  1. Navigate to Entra ID portal at https://entra.microsoft.com
  2. Go to External Identities > External collaboration settings
  3. Under "Guest invite settings", select "Member users and users assigned to specific admin roles can invite guest users including guests with member permissions" or "Only users assigned to specific admin roles can invite guest users"
  4. Click "Save"

Impact

The check has two possible outcomes:

  • Okay: Guest users are not allowed to invite new guest users.
  • Warning: Guest users are allowed to invite new guest users themselves.

If the check results in a warning, we advise reserving guest invitations for regular users and guest users with a special invitation role.

More Information

For more details, please refer to the Microsoft Documentation.