Managing Guest User Accounts
-
Hey all
Hope you are doing well
I have been doing the MS-500, AZ500 and Az104 courses.
I have a question regarding Guest accounts
Is there any information on how to manage these accounts?
To give you some background that might help: Our on-prem accounts are synced to Azure so when HR put in a request to say Person A has left the business their on-prem AD account is deleted then during the next AD Connect cycle their their Azure AD (AAD) is disabled/deleted.
We have over 5000 guest user accounts in our tenancy. We used Identity Governance to remove guests from Teams BUT it does not remove them from our tenancy. What course material should I be looking at on how to manage guest user accounts or does anyone have any tips on the process of managing these account manually or scrippted?
How you can help
-
@Charles-Hamill , I hope all is well. You are on the right track with Identity Governance, and it can be used to identify as well as remove guest accounts based on Access Reviews.
Once an Access Review has been completed, depending on how it was scoped and configured, the guest user account(s) identified based on the review's parameters can be dealt with as noted below:
Actions taken on denied guest users in an access review
On review, the creator can choose between two options for denied guest users in an access review.
-
Denied guest users can have their access to the resource removed. This is the default.
-
The denied guest user can be blocked from signing in for 30 days, then deleted from the tenant.
During the 30-day period the guest user is able to be restored access to the tenant by an administrator. After the 30-day period is completed, if the guest user has not had access to the resource granted to them again, they will be removed from the tenant permanently.
In addition, using the Azure Active Directory portal, a Global Administrator can explicitly permanently delete a recently deleted user before that time period is reached. Once a user has been permanently deleted, the data about that guest user will be removed from active access reviews. Audit information about deleted users remains in the audit log.
I cover the use of Access Reviews in the AZ-500 and MS-500 courses..
You can read up on them here:
I hope that helps to get you moving in the correct direction.
If you have any questions as you try to figure out the best path forward, please be in touch as needed... my direct e-mail is: adam@itpro.tv
Good Luck !!!
Cheers,
Adam
-