Default Authorization Settings - Guest invite restrictions
Why This Matters
Guest user invitations that are open to all users create a significant security risk by allowing unauthorized individuals to invite external parties into your tenant. Restricting guest invitation permissions to only designated administrators and guest inviters reduces the attack surface and prevents rogue access. Without this control, any user in your organization could potentially invite malicious actors into your environment.
What Aether365 Checks
Aether365 verifies that the allowInvitesFrom setting in the authorization policy is configured to either adminsAndGuestInviters or none. This check appears in your Aether365 dashboard under entra-id checks with the identifier EIDSCA.AP04.