Description
- Type: CUSTOMER
- Severity: NOTICE
- Protection against: HACKING
This Customer Check verifies if external (guest) users have been created in the tenant and are granted administrative rights.
Why this check?
In your tenant, guest users can be added, for example, to exchange files or to add to a Teams channel. These are usually employees outside your organization with a different email address.
When such users are granted administrative rights, it is an indicator of a potential hacking attack. An attacker could grant themselves rights in this way to access other resources in your tenant.
It is also possible that you have consciously granted these rights, but due to the potential risk, it is advisable to check this.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is expressed as follows:
- Okay: No external users with administrative rights exist in your tenant
- Notice: At least 1 external user with administrative rights has been found
How should this be followed up?
If the output is Notice , we advise reviewing the specific external users. And if the rights indeed should not have been granted to these users, initiate further investigation into the root cause and activities performed with this account.
Comments
0 comments
Please sign in to leave a comment.