Medium

Permissive guest invite policy

Guest invitations are allowed from all members or everyone, making external user sprawl difficult to govern.

Category: External Collaboration
Default severity: Medium
Rule key: CHECK_GUEST_INVITE_POLICY
Last updated: April 17, 2026

How to fix it

Set allowInvitesFrom to "adminsAndGuestInviters" so only admins and the Guest Inviter role can invite external users.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Policy.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →