Guest & External Access
Guest users and external collaboration
Restrict Guest Invitation Permissions
Unrestricted guest invitations allow any user to bring external identities into your tenant. This creates uncontrolled access paths and potential data exposure. Limiting invitations to authorized personnel ensures oversight.
Require MFA for Guest Users
Guest accounts often have weaker security than internal accounts. Requiring MFA for guests ensures external collaborators meet the same authentication standards as your employees.
External Sharing Visibility
External sharing is the most common data leakage vector. Without visibility into what is shared externally, you cannot assess your data exposure risk or detect sensitive data being shared inappropriately.
Detect External Mail Forwarding
Attackers commonly set up mail forwarding rules after compromising accounts. These rules silently copy all emails to external addresses, enabling ongoing data theft even after the initial compromise is remediated.
Configure Guest Access Expiration
Guest accounts created for temporary projects often outlive their intended use. Without expiration, ex-partners and former vendors retain access indefinitely. Automatic expiration ensures guest access is time-bound.
Audit Mailbox Delegation
Mailbox delegation enables users to send email as others or access their mailboxes. Unauthorized delegation can be used for impersonation attacks or to access sensitive communications without detection.
Restrict Guest Access to Allowlisted Domains
At Level 3, external collaboration is tightly controlled. Only pre-approved partner organizations can access your tenant. This prevents social engineering and limits data exposure to vetted third parties.
Ready to implement guest & external access controls?
TrueConfig continuously monitors your Microsoft 365 tenant and helps you maintain compliance with these security controls.