EXT-05: Cross-Tenant Access Policy Review
Frequently asked questions about implementing and managing the EXT-05 security control in Microsoft 365 and Entra ID.
QWhat is EXT-05 (Cross-Tenant Access Policy Review)?▼
EXT-05 is a security control that permissive cross-tenant defaults allow any external organization to collaborate with your tenant. restricting defaults and configuring partner-specific policies ensures only approved organizations can access your resources. It requires that default cross-tenant access policy is not overly permissive and partner-specific configurations exist for known collaborators, inbound and outbound b2b access is explicitly controlled.
QWhy is Cross-Tenant Access Policy Review important for Microsoft 365 security?▼
Permissive cross-tenant defaults allow any external organization to collaborate with your tenant. Restricting defaults and configuring partner-specific policies ensures only approved organizations can access your resources.
QHow do I implement EXT-05 in my tenant?▼
TrueConfig provides one-click remediation for EXT-05. Can restrict cross-tenant access defaults automatically
QWhat license do I need for EXT-05?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes EXT-05?▼
EXT-05 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial