Risk Level: Low
Cloud Entity: AD Authorization Policy
CloudGuard Rule ID: D9.AZU.IAM.42
Covered by Spectral: No
Category: Active Directory

GSL LOGIC

ADAuthorizationPolicy should have guestUserRoleName='Restricted Guest User'

REMEDIATION

From Portal:

Go to Azure Active Directory.
Go to External Identities.
Go to External collaboration settings.
Under Guest user access, change Guest user access restrictions to be 'Guest user access is restricted to properties and memberships of their own directory objects'.
Click Save.

Note: By default, Guest user access restrictions is set to Guest user access is restricted to properties and memberships of their own directory objects.

References:

AD Authorization Policy

Represents a policy that can control Azure Active Directory authorization settings.

Compliance Frameworks

Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.0
Azure CIS Foundations v. 1.3.1
Azure CIS Foundations v. 1.4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CSA CCM v.4.0.1
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset