Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'
Why This Matters
By default, any user in your organization can invite guest users to your Microsoft Entra ID tenant, including non-admins and existing guests. This broad access increases the risk of unauthorized external accounts gaining access to your cloud resources. Restricting guest invitations to specific admin roles enforces least privilege and prevents inadvertent data exposure from unvetted invites.
What Aether365 Checks
Aether365 verifies that the "Guest invite restrictions" setting is configured to "Only users assigned to specific admin roles can invite guest users." This check appears in your Aether365 dashboard under the Entra ID checks section.