編輯

共用方式為


Security Assessment: Built-in Active Directory Guest account is enabled

This recommendation indicates whether an AD Guest account is enabled in your environment.
The goal is to ensure that the Guest account of the domain is not enabled

Organization risk

The on-premises Guest account is a built-in, non-nominative account that allows anonymous access to Active Directory. Enabling this account permits access to the domain without requiring a password, potentially posing a security threat.

Remediation steps

  1. Review the list of exposed entities to discover if there is a Guest account which is enabled.  

  2. Take appropriate action on those accounts by disabling the account.

For example:

Screenshot showing guest account in AD.

Screenshot showing security report.

Next steps

Learn more about Microsoft Secure Score