| Plugin Title | Ensure No Guest User |
| Cloud | AZURE |
| Category | Active Directory |
| Description | Ensures that there are no guest users in the subscription |
| More Info | Guest users are usually users that are invited from outside the company structure, these users are not part of the onboarding/offboarding process and could be overlooked, causing security vulnerabilities. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator |
| Recommended Action | Remove all guest users unless they are required to be members of the Active Directory account. |
- Log in to the Microsoft Azure Management Console.
- Find the search bar at the top and search for Azure Active Directory.
- Select the "Azure Active Directory" and on the left navigation panel, select the "Users" under "Manage".
- In the users list, look for users with "User type" as "Guest". If there are "Guest" type users then those users are not part of the onboarding/offboarding process and are considered a security vulnerability. Such accounts must be deleted.
- Select all Users with "User type" as "Guest" and click "Delete User" on the top right.
- Click OK in the confirmation popup.
- Repeat step number 3 to 6 for all other directories.
