IAM misconfigurations

Azure subscription contains Active Directory guest users


Azure Active Directory (Azure AD) B2B collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. Guest users are set to a limited permission level by default in Azure AD. However, a guest user permission can be set to a higher level than default (as same as member users). Thus, guest user can gain unrestricted access to various services.
  • Recommended Mitigation

    {CloudAccount} Azure subscription contains guest users. Delete all unwanted guest users.