Edit

Share via


Security Assessment: Built-in Active Directory Guest account is enabled

This recommendation indicates whether an AD Guest account is enabled in your environment.
The goal is to ensure that the Guest account of the ___domain is not enabled

Organization risk

The on-premises Guest account is a built-in, non-nominative account that allows anonymous access to Active Directory. Enabling this account permits access to the ___domain without requiring a password, potentially posing a security threat.

Remediation steps

  1. Review the list of exposed entities to discover if there is a Guest account which is enabled.  

  2. Take appropriate action on those accounts by disabling the account.

    For example:

    Screenshot showing guest account in AD.

    Screenshot showing security report.

Next steps

Learn more about Microsoft Secure Score