ASD's Blueprint for Secure Cloud

External collaboration settings

This page describes the configuration of external collaboration settings within Microsoft Entra ID associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Guest user access

Guest user access restrictionsGuest user access is restricted to properties and memberships of their own directory objects (most restrictive)

Guest invite settings

Guest invite restrictionsNo one in the organization can invite guest users including admins (most restrictive)
Enable guest self-service sign up via user flowsNo

External user leave settings

Allow external users to remove themselves from your organization (recommended)Yes

Collaboration restrictions

collaboration restrictionsAllow invitations to be sent to any domain (most inclusive)

Security & Governance



  • None identified


Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra