EXT-03: Restrict Guest Access to Allowlisted Domains
Frequently asked questions about implementing and managing the EXT-03 security control in Microsoft 365 and Entra ID.
QWhat is EXT-03 (Restrict Guest Access to Allowlisted Domains)?▼
EXT-03 is a security control that at level 3, external collaboration is tightly controlled. only pre-approved partner organizations can access your tenant. this prevents social engineering and limits data exposure to vetted third parties. It requires that guest invitations are restricted to an allowlist of trusted domains and cross-tenant access policies block all other external tenants, external sharing in sharepoint/onedrive is restricted to allowed domains.
QWhy is Restrict Guest Access to Allowlisted Domains important for Microsoft 365 security?▼
At Level 3, external collaboration is tightly controlled. Only pre-approved partner organizations can access your tenant. This prevents social engineering and limits data exposure to vetted third parties.
QHow do I implement EXT-03 in my tenant?▼
TrueConfig provides one-click remediation for EXT-03. Configures cross-tenant access policy to block B2B direct connect by default. Partner allowlisting requires manual configuration.
QWhat license do I need for EXT-03?▼
This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.
QWhich security baseline includes EXT-03?▼
EXT-03 is included in the Maximum Security baseline (Level 3). This level is designed for high-security environments and regulated industries.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial