Skip to main content

Default Settings - Classification and M365 Groups - M365 groups - Allow Guests to become Group Owner

Indicating whether or not a guest user can be an owner of groups, manage

NameAllowGuestsToBeGroupOwner
ControlDefault Settings - Classification and M365 Groups
DescriptionDefine group configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior
SeverityMedium

How to fix

Microsoft Learn - Microsoft Entra cmdlets for configuring group settings

Details of configuration item

RecommendationCISA SCuBA 2.18: Guest users SHOULD have limited access to Azure AD directory objects
Configurationsettings
Setting`values
Recommended Value'false'
Default Valuefalse
Graph API DocsdirectorySetting resource type - Microsoft Graph beta - Microsoft Learn
Graph ExplorerOpen in Graph Explorer