Unprivileged Users Can Invite Guest Users
TCM-KB-CLD-003
Last Updated: 6/26/2023
Microsoft Azure
Microsoft Azure is a comprehensive collection of cloud computing services offered by Microsoft. These services allow businesses and individuals to build, deploy, and manage applications and services through Microsoft-managed data centers.
Active Directory
Contributor
Joe Helle
Chief Hacking Officer
Recent Blogs
Issue
Unprivileged users in Azure AD are permitted to invite guest users to the tenant.
Recommended Remediation
The following outlines the recommended steps that the systems and network administrators should take in order to secure the environment.
- After logging into the Azure tenant as a privileged user (i.e., Global Administrator), access the Azure Active Directory option.
- Select the User Settings blade under Manage.
- Click Manage external collaboration settings under External users
- Under Guest invite settings, select “Only users assigned to specific admin roles can invite guest users.” Click save.
AI Assisted Pentest Reporting
In this blog, we’ll show how to generate pentest finding templates with DeepSeek AI using MITRE’s Common Weakness Enumeration (CWE) categories.
AI-Automated Credential Stuffing
Credential stuffing remains one of the most efficient paths to account takeover, and AI assistance is changing the scale and effectiveness of those attacks.
OSINT Resources and Tools
Explore some of the fundamental domains of OSINT research, plus a list of tools and resources to develop this discipline as a cyber security professional.
See What We Can Do For You
Download a sample penetration test report to see the results we can deliver for your organization.
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.