Version: 2.1.1-preview

EIDSCA.AP06 - Default Authorization Settings - User can join the tenant by email validation.

Overview

Controls whether users can join the tenant by email validation. To join, the user must have an email address in a domain which matches one of the verified domains in the tenant.

Self-service sign up for email-verified users - Microsoft Entra ID - Microsoft Learn

Test script

https://graph.microsoft.com/beta/policies/authorizationPolicy
.allowEmailVerifiedUsersToJoinOrganization -eq 'false'

Open in Graph Explorer
authorizationPolicy resource type - Microsoft Graph v1.0 | Microsoft Learn

MITRE ATT&CK

Tactic	Technique	Mitigation
TA0001 - Initial Access - Initial Access

Test Metadata

Field	Value
Test ID	EIDSCA.AP06
Severity	Medium
Suite	Entra ID SCA
Category	General
PowerShell test	Test-MtEidscaAP06
Tags	EIDSCA, EIDSCA.AP06

Source

Pester test: tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1
PowerShell source: powershell/internal/eidsca/Test-MtEidscaAP06.ps1

Overview​

Test script​

Related links​

MITRE ATT&CK​

Test Metadata​

Source​

Overview

Test script

Related links

MITRE ATT&CK

Test Metadata

Source