Default Authorization Settings - Guest user access
Why This Matters
Guest user access permissions determine what directory objects external users can view in your Entra ID tenant. If guest users are assigned the default role rather than a restricted role, they can enumerate user details, group memberships, and other directory information that should remain internal. Limiting guest access reduces the risk of data exposure and aligns with zero-trust principles.
What Aether365 Checks
This check verifies that the guestUserRoleId setting in the authorizationPolicy is configured to the restricted value 2af84b1e-32c8-42b7-82bc-daa82404023b. It appears in the Aether365 dashboard under entra-id checks and flags any deviation from this recommended configuration.