Forum Discussion
MosesLim
Oct 10, 2020Copper Contributor
Best Practice to Administer Guest Users from another Tenant
All, I have a requirement to implement B2B for few partners with are with us. I would like to know what the best practice for doing this? AAD is configured with AAD Connect to Windows AD....
- Oct 10, 2020
Hello,
For 1) you can take a look at https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/users-restrict-guest-permissions (in preview)
For 3) (MFA) you can use https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-tutorial-require-mfa
For password complexity I'm not sure you can do it because, to me, it doesn't make sense a tenant manage passwords for external identities.
MosesLim
Oct 12, 2020Copper Contributor
I assumed, guest user are still treated like normal user where we can still track their activity through log analytics right?
Thijs Lecomte
Oct 12, 2020Bronze Contributor
You cannot change the guest users password, but all conditional access control will apply to a user (require MFA, block etc...)
You can monitor through log analytics indeed
For number 2, I would look into access packages - https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first
You can monitor through log analytics indeed
For number 2, I would look into access packages - https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first