Azure AD Guest Management
Microsoft Entra
3. Apr 2023 14:00

Azure AD Guest Management

von HubSite 365 über John Savill's [MVP]

Principal Cloud Solutions Architect

AdministratorMicrosoft EntraM365 Hot NewsM365 Admin

A look at technologies and practices to maintain guests in your Azure AD tenant. 🔎 Looking for content on a particular topic? Search the channel. If I have som

A look at technologies and practices to maintain guests in your Azure AD tenant.

Azure AD Guest Management is a feature in Microsoft’s cloud-based identity and access management platform that allows organizations to securely manage external users and their access to corporate resources. It enables an organization to easily add, manage, and remove guest users from their Azure AD tenant. Organizations can also apply policies to control access to corporate resources by guest users. Additionally, it can be used to audit guest user activity, including logins and access to corporate resources. Azure AD Guest Management provides a secure and easy way for organizations to collaborate with external users.

In this Video

  • 00:00 - Introduction
  • 01:21 - User object attributes
  • 09:29 - Guest restrictions
  • 14:03 - External collaboration settings
  • 17:50 - Cross-tenant access settings
  • 20:17 - Redemption and consent
  • 21:48 - Guest licensing
  • 26:36 - Provisioning guests
  • 31:35 - Entitlement management
  • 38:06 - Access control
  • 51:12 - Using custom attributes
  • 54:17 - Hygiene of guests
  • 55:21 - Access Reviews
  • 1:00:54 - Script to help
  • 1:01:52 - Summary

Whiteboard:

[https://github.com/johnthebrit/RandomStuff/raw/master/Whiteboards/]

► Restrict guest permissions:

[https://learn.microsoft.com/azure/active-directory/enterprise-users/users-restrict-guest-permissions]

► Cross-tenant access:

[https://learn.microsoft.com/azure/active-directory/external-identities/cross-tenant-access-overview]

► AAD External identity pricing:

[https://azure.microsoft.com/pricing/details/active-directory/external-identities/]

► External user access reviews:

[https://learn.microsoft.com/azure/active-directory/governance/access-reviews-external-users]

► Identity protection with guest users:

[https://learn.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-b2b]

► Clean-up stale guest users:

[https://learn.microsoft.com/azure/active-directory/enterprise-users/clean-up-stale-guest-accounts]