EXT-01MediumRecommended Secure
Restrict Guest Invitation Permissions
Guest & External Access control for Microsoft 365 and Entra ID
Why This Control Matters
Unrestricted guest invitations allow any user to bring external identities into your tenant. This creates uncontrolled access paths and potential data exposure. Limiting invitations to authorized personnel ensures oversight.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Only admins and users in the Guest Inviter role can invite guests
- 2Member users cannot invite guests
- 3Guests cannot invite other guests
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Available
Configures external collaboration settings to restrict guest invitations
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.