IAMinerva
HomeBlogAbout
m3M365 NewscoMicrosoft CopilotteMicrosoft TeamsshSharePoint & OneDriveinIntune & SecurityexExchange & OutlookpoPower PlatformazAzure & Entra IDtuTutorials & GuidesevEvents & ConferencesseSecuritywiWindows
IAMinerva

Professional blog dedicated to the Microsoft 365 ecosystem.

Quick links

HomeBlogAboutNewsletter

Stay informed

Get the latest Microsoft 365 news delivered straight to your inbox.

© 2026 IAMinerva. All rights reserved.

Built withNext.js&Tailwind
Comment empĂȘcher les invitĂ©s d'inviter d'autres invitĂ©s dans Microsoft Entra
BlogAzure & Entra IDHow to Prevent Guests from Inviting Other Guests in Microsoft Entra
Azure & Entra ID#Microsoft Entra#Azure AD#External collaboration

How to Prevent Guests from Inviting Other Guests in Microsoft Entra

Prevent guests in Microsoft Entra from adding other users by configuring external permissions. Follow this guide to secure your tenant.

Houssem MAKHLOUF
June 11, 2026
3 min read

TL;DR par Minerva

généré par IA

Prevent guests in Microsoft Entra from adding other users by configuring external permissions. Follow this guide to secure your tenant.

Introduction

The management of guests in Microsoft Entra is an essential feature that enables secure collaboration with external users. However, allowing guests to invite other users themselves can introduce security risks and complicate access management.

In this article, you will learn how to adjust external collaboration settings to prevent this practice while strengthening control over your Azure AD environment.

i

Good to know

Changing external collaboration settings affects only future guests and not existing accounts in your tenant.

Why limit invitations by guests?

Enabling external invitation capability by default can lead to:

  • Uncontrolled proliferation of guests: Rapid expansion of unverified external users in your system.
  • Bypassing standard invitation workflows: This weakens your control and onboarding processes.
  • Increased security risks: Encouraging unauthorized access to your internal resources.

By correctly configuring these settings, you establish clear boundaries and improve overall security through better identity management.

Steps to configure permissions

Here's how to adjust external collaboration settings in Microsoft Entra to block invitations by guests.

1

Access the Microsoft Entra portal

Sign in to the Microsoft Entra portal with global administrator or identity management privileges.

2

Navigate to external collaboration settings

In the main menu, select Settings > External collaboration.

3

Modify guest rights

Disable the option that allows guests to invite other users by modifying the Guest permissions field.

{}JSON
1{
2 "guestUserPermissions": {
3 "canInviteGuests": false
4 }
5}
4

Save changes

Validate your changes by clicking Save and ensure the settings are applied to your tenant.

!

Caution

Be sure to inform affected users of these restrictions to avoid potential misunderstandings when using the system.

Comparison of default and restricted permissions

To help you better understand the impact of this change, here is a comparison table of default and restricted permissions for guests:

CategoryDefault permissionsRestricted permissions
Users & ContactsRead their own properties, change their passwordRead their own properties, manage their mobile number only
GroupsRead properties of non-hidden groups, search for groupsRead object ID of joined groups only
ApplicationsRead properties of registered applicationsSame as default permissions
OrganizationRead organization display name and domainsSame as default permissions

Additional recommendations

To maximize the effectiveness of restrictions:

  • Perform regular audits of external access through identity reviews.
  • Implement an onboarding process for guests that includes rigorous authentication controls.
  • Use Azure AD reports to monitor guest activities.
✩

Tip

Combine these settings with robust access governance to create a secure and well-managed collaborative environment.

Conclusion

Preventing guests from inviting other users in Microsoft Entra is a simple yet effective measure to strengthen your tenant's security. By applying these settings in conjunction with other identity management best practices, you ensure optimal control over external access and protect your internal resources.

Feel free to explore additional approaches to Azure governance for even greater security.

Share:
HM

Houssem MAKHLOUF

Microsoft 365 enthusiast & IT professional.

Previous article

Converting Get-MailboxFolderStatistics Identifiers for Graph API

Jun 11, 2026
Next article

Monitor Windows Servers with Prometheus and Grafana

Jun 13, 2026

Related articles

Réseau de données avec une loupe et graphiques informatiques.azure

Azure Copilot Observability Agent: Diagnosing Your Applications

Discover Azure Copilot Observability Agent: automatically diagnose application problems and reduce resolution time with Azure AI.

Jun 29, 20267 min
Arbre stylisé en doré sur fond noir avec des éléments circulaires.azure

Choosing the Right Extension Type in Microsoft Entra

Discover Microsoft Entra extension types and choose the optimal configuration for your directory objects based on their usage.

Jun 27, 20264 min
Pyramide réfléchissante au centre de réseaux de fils dorés et cercles.azure

Graph Delta Queries for Entra ID Groups

Learn how to use Graph Delta Queries for Entra ID groups to track changes in real-time. Tutorials and scripts included.

Jun 27, 20264 min