iCompaas Support

Description:

This setting controls who can invite guest users. When set to “Only users assigned to specific admin roles can invite guest users,” only approved administrators can send guest invitations. This prevents regular users from inviting external people without permission.

Rationale:

Limiting guest invitations to specific admin roles prevents unauthorized or accidental guest access. It ensures that only trusted administrators can add external users, which helps protect the organization from security risks.

Impact:

This setting increases security by stopping regular users from inviting guests. Only approved administrators can add external users, which reduces the risk of unwanted or unsafe guest accounts.

Default Value:

By default, Microsoft Entra ID allows all users to invite guest users unless this setting is changed. The restrictive option is not enabled automatically and must be set by an administrator.

Pre-requisites:

• You must sign in with a Global Administrator or Privileged Role Administrator account.

•  Guest user accounts should be correctly set up in the directory.

Test Plan:

1. Sign in to the Azure portal at https://portal.azure.com

2. In the portal, search for Microsoft Entra ID.

3. Select External Identities under Manage.

4. Click External collaboration settings.

5. Find the Guest invite restrictions section.

6. Verify that the selected option is ‘Only users assigned to specific admin roles can invite guest users’.

7. If not, follow the implementation Plan.

Implementation Steps:

1. Sign in to the Azure portal at https://portal.azure.com.

2. In the portal, search for Microsoft Entra ID.

3. Select External Identities under Manage.

4. Click External collaboration settings.

5. Find the Guest invite restrictions setting.

6. Change the option to Only users assigned to specific admin roles can invite guest users.

7. Click Save to apply the change.

Backout Plan:

1. Go to the Azure portal login page: https://portal.azure.com

2. Navigate to Microsoft Entra ID.

3. Select External Identities under Manage.

4. Click External collaboration settings.

5. Find the Guest invite restrictions setting.

6. Change it back to a less restrictive option, such as allowing all users to invite guest users.

7. Click Save to apply the change.

Reference:

• https://learn.microsoft.com/en-us/entra/external-id/external-collaboration-settings