AZ-005 Microsoft Azure

Guest user access and invitations are restricted.

Domain: Microsoft Azure
Area: Entra ID / IAM
Automated / manual: Automated

Risk if it fails

Unmanaged guests can over-reach.

Loose guest settings let outsiders enumerate your directory or be invited by low-privilege staff, giving attackers an easy foothold inside your tenant.

How Tess tests it

1 test — each concludes only on cited evidence.

Guest user access and invitations are restricted.

Automated

Procedure: Review external collaboration settings and guest permissions level.

Read-only command

az rest --method get --url 'https://graph.microsoft.com/v1.0/policies/authorizationPolicy'

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-005 against your evidence?

Book a demo