Ensure guest user access is restricted
Why This Matters
Guest user access to Microsoft Fabric can expose sensitive BI content and workspaces to external collaborators who may not have the same security controls as internal users. If left unrestricted, any B2B guest in your Azure AD tenant could potentially access Fabric resources, violating the principle of least privilege and increasing the risk of data leakage. Enforcing a defined security group ensures only authorized guests can access Fabric, giving you granular control and supporting compliance with role-based access control (RBAC).
What Aether365 Checks
This check verifies that the "Guest users can access Microsoft Fabric" tenant setting is either disabled or restricted to specific security groups. It appears in the Aether365 dashboard under microsoft-365 checks and flags Medium severity noncompliance when the setting is set to "Enabled for all guests."
How to Fix
Follow these steps to restrict guest access to Microsoft Fabric: