Only users with the Guest Inviter role SHOULD be able to invite guest users.

Why This Matters

Guest accounts that can be created by any user pose a security risk by bypassing access control processes. If unauthorized users invite external guests, it can lead to shadow IT, data leakage, or unintended exposure of internal resources. Restricting guest invitation to only the Guest Inviter role ensures that all external access is auditable and controlled.

What Aether365 Checks

This check verifies that only users assigned the Guest Inviter role are permitted to invite guest users to your Microsoft Entra ID tenant. It appears in the Aether365 dashboard under entra-id checks with a Medium severity rating.

How to Fix

To restrict guest invitation permissions, follow these steps: