EIDSCA.AP07 - Default Authorization Settings - Guest user access.
Overview
Represents role templateId for the role that should be granted to guest user.
CISA SCuBA 2.18: Guest users SHOULD have limited access to Entra ID (Azure AD) directory objects.
Test script
https://graph.microsoft.com/beta/policies/authorizationPolicy
.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b'
Related links
- Open in Graph Explorer
- authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn
- View in Microsoft Entra admin center
Test Metadata
| Field | Value |
|---|---|
| Test ID | EIDSCA.AP07 |
| Severity | High |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaAP07 |
| Tags | EIDSCA, EIDSCA.AP07 |
Source
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaAP07.ps1