External Collaboration

Guest access, user consent and cross-tenant collaboration

3 findings in this category.

• High Guests have full member access External guest users are assigned the built-in "User" role granting full directory enumeration and member-level access.
• Medium Permissive guest invite policy Guest invitations are allowed from all members or everyone, making external user sprawl difficult to govern.
• Medium Users can consent to third-party applications The tenant allows regular users to grant consent to third-party applications, enabling illicit consent grant (phishing) attacks.