Forum Discussion
Guest Users governance - stale guest users
The "best practice" will vary greatly from one organization to the other, as some are very "open" in regards to guest users, other must allow their partners and customers, while organizations in certain industries will never even enable such a feature. Microsoft's own tool to manage guest user lifecycle is called Access Reviews (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azure-ad-controls-manage-guest-access-with-access-reviews), but unfortunately the license requirements are very prohibitive for any organization not already invested in AAD Premium P2.
PowerShell and the Graph API give you all the tools you need in order to manage Guest users, so you can build your custom solution around it, if the above is too costly.
VasilMichev thank you for your response.
I agree with you that Azure AD Premium P2 is expensive hence I am building my scripts and tools for External user management. Just wanted to ask community how long are you leaving an external user in Azure AD. We cannot leave inactive external users forever in the tenant.
Running the script/tool on a monthly basis seems like a sensible approach. But again, depends on the organization policies, some organizations will be perfectly fine doing the cleanup once per quarter.