@Charles-Hamill , I hope all is well. You are on the right track with Identity Governance, and it can be used to identify as well as remove guest accounts based on Access Reviews.
Once an Access Review has been completed, depending on how it was scoped and configured, the guest user account(s) identified based on the review's parameters can be dealt with as noted below:
Actions taken on denied guest users in an access review
On review, the creator can choose between two options for denied guest users in an access review.
Denied guest users can have their access to the resource removed. This is the default.
The denied guest user can be blocked from signing in for 30 days, then deleted from the tenant.
During the 30-day period the guest user is able to be restored access to the tenant by an administrator. After the 30-day period is completed, if the guest user has not had access to the resource granted to them again, they will be removed from the tenant permanently.
In addition, using the Azure Active Directory portal, a Global Administrator can explicitly permanently delete a recently deleted user before that time period is reached. Once a user has been permanently deleted, the data about that guest user will be removed from active access reviews. Audit information about deleted users remains in the audit log.
I cover the use of Access Reviews in the AZ-500 and MS-500 courses..
You can read up on them here:
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews
I hope that helps to get you moving in the correct direction.
If you have any questions as you try to figure out the best path forward, please be in touch as needed... my direct e-mail is: adam@itpro.tv
Good Luck !!!
Cheers,
Adam