Guest Users In Use
More Info:
Avoid creating guest users, as they are typically added outside your employee on-boarding/off-boarding process and could potentially be overlooked indefinitely leading to a potential vulnerability.Risk Level
MediumAddress
SecurityCompliance Standards
HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
The presence of guest users in an Azure Active Directory (AD) can pose a security risk. Here are the steps to remediate the issue of guest users in use in Azure:
- Sign in to the Azure portal using your administrator credentials.
- In the left-hand menu, click on “Azure Active Directory”.
- Under “Manage”, select “Users”.
- On the “Users” page, click on the “Guest users” tab.
- Review the list of guest users to determine which ones need to be removed.
- Select the guest user that you want to remove by clicking on the checkbox next to their name.
- Click on the “Remove” button at the top of the screen.
- Confirm that you want to remove the guest user by clicking “Yes” in the confirmation dialog box.
Using CLI
Using CLI
The “Guest Users in Use” misconfiguration in Azure refers to the presence of external users who have access to your Azure Active Directory tenant. To remediate this misconfiguration, you can follow the below steps using Azure CLI:
-
Run the following command to list all the external/guest users in your Azure Active Directory tenant:
- Identify the guest users that should not have access to your Azure resources.
-
Run the following command to remove a guest user:
Replace
<guest-user-object-id>with the object ID of the guest user you want to remove. - Repeat step 3 for all the guest users that should not have access to your Azure resources.
-
After removing the guest users, you can also disable external sharing for your Azure Active Directory tenant by running the following command:
Replace
<object-id-of-the-external-users-group>with the object ID of the group that contains all the external users in your Azure Active Directory tenant.
Using Python
Using Python
The misconfiguration “Guest Users In Use” occurs when guest users are granted access to Azure resources. To remediate this issue, we can use the Azure Python SDK to write a script that will identify the guest users and remove their access.Here are the steps to remediate “Guest Users In Use” for Azure using Python:This script will remove the guest users’ access to all Azure resources in your subscription. You can schedule this script to run periodically to ensure that guest users do not have access to your Azure resources.
-
Install the Azure Python SDK by running the command
pip install azure-mgmt-resource. -
Authenticate with Azure using your Azure account credentials. You can do this by using the
ServicePrincipalCredentialsclass from the Azure Python SDK. Here’s an example:
- Use the Azure Python SDK to list all the guest users in your Azure AD tenant. You can do this by using the
GraphRbacManagementClientclass from the Azure Python SDK. Here’s an example:
- Use the Azure Python SDK to remove the guest users’ access to Azure resources. You can do this by using the
RoleAssignmentsOperationsclass from the Azure Python SDK. Here’s an example: