EXT-03Easy

How to Fix: Restrict Guest Access to Allowlisted Domains

Step-by-step guide to implement restrict guest access to allowlisted domains in your Microsoft 365 environment.

5-10 minutes

Estimated Time

4

Steps

high

Severity

Maximum Security

Baseline Level

Why This Matters

At Level 3, external collaboration is tightly controlled. Only pre-approved partner organizations can access your tenant. This prevents social engineering and limits data exposure to vetted third parties.

Prerequisites

  • 1Global Administrator or appropriate admin role in Microsoft Entra ID
  • 2Access to Microsoft Entra admin center (entra.microsoft.com)
  • 3Microsoft Entra ID P1 or higher license

Expected Configuration

  • Guest invitations are restricted to an allowlist of trusted domains
  • Cross-tenant access policies block all other external tenants
  • External sharing in SharePoint/OneDrive is restricted to allowed domains

Remediation Steps

1

Review Current Configuration

Assess your current configuration in Microsoft Entra admin center.

  • Navigate to the relevant section in Entra admin center
  • Document current settings
  • Compare against expected state
2

Plan Implementation

Determine the changes needed to meet the expected configuration.

  • Review expected configuration requirements
  • Identify affected users or resources
  • Plan rollout strategy
3

Implement Changes

Apply the necessary configuration changes.

  • Make required configuration updates
  • Apply to appropriate scope
  • Document changes made
4

Validate and Monitor

Verify the changes are working as expected.

  • Run TrueConfig scan to verify compliance
  • Test affected functionality
  • Set up ongoing monitoring

Auto-Remediation Available

TrueConfig can automatically fix this control for you. Enable auto-remediation to have this configuration applied and maintained automatically.

Learn about auto-remediation

Related Resources

Control Reference

Full control documentation

FAQ

Common questions answered

Full Guide

Detailed implementation guide

Guest & External Access Controls

Related security controls

Automate Your Security Configuration

TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.

Start Free Trial
← All ControlsView Control Details →