EIDSCA.AP04 - Default Authorization Settings - Guest invite restrictions.
Overview
Manages controls who can invite guests to your directory to collaborate on resources secured by your Entra ID (Azure AD), such as SharePoint sites or Azure resources.
CISA SCuBA 2.18: Only users with the Guest Inviter role SHOULD be able to invite guest users
Test script
https://graph.microsoft.com/beta/policies/authorizationPolicy
.allowInvitesFrom -in @('adminsAndGuestInviters','none')
Related links
- Open in Graph Explorer
- authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AP04 |
| Severity | Medium |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAP04 |
| Tags | EIDSCA, EIDSCA.AP04 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAP04.ps1