Guest accounts in Azure AD (AAD) are meant to provide limited access to corporate resources for external third parties — the idea is to enable collaboration without risking too much exposure. But enterprises may be unknowingly oversharing access to sensitive resources and applications with guests in Azure AD, paving the way for data theft and more.
Source: Dark Reading: Cloud