Forum Discussion
Guest Users governance - stale guest users
Hello All I want to reach out to community and ask how admins are managing and creating governance around Guest users (external users). In O 365 tenant users can invite non-tenant users to particip...
I have the same issue. This must be a relevant problem for a lot of organisations, and the fact that it is hard to disable stale guest users, let alone identify them, is incredible. The access reviews Microsoft pushes are worthless. What is needed is a catch all script that disables all guest accounts not signed in during the last X days.
You have replied to a post being 3 years old. If you've read the conversation you'd see that there's actually a script added for doing just that https://github.com/JBines/Remove-StaleGuests
The access reviews are great btw removing guest users not responding for ex.
A quick search got me here as well
https://github.com/12Knocksinna/Office365itpros/blob/master/FindOldGuestUsers.ps1
The access reviews are great btw removing guest users not responding for ex.
A quick search got me here as well
https://github.com/12Knocksinna/Office365itpros/blob/master/FindOldGuestUsers.ps1
- Thank you, the script looks like it could fix some issues. However, I would hope that Microsoft could come up with a more 'official' solution. If I were to use this script in a prod environment, which guarantees do I have it works, if this is a best-effort solution from JBines.
As for the access reviews, users not comfortable with English, guest users not having any clue about their own group memberships, etc etc makes them not suitable for our needs. When Microsoft security engineers push clean-up of inactive users as a high priority, I would assume their flagship product Azure could support user friendly ways of ensuring this.- If you want something more official you could consider this from a MS dev but still script based. https://devblogs.microsoft.com/premier-developer/azure-active-directory-automating-guest-user-management/
On my side we have been running this in prod for a couple of years now but there are a couple changes coming (Using service principles, Converting to graph api with the new lastlogon value, and sending a email reminder before guest accounts are deleted) I'm hoping to work complete this by the end of the year if other projects don't interfere. - Use Tony Redmonds then? If you don't think your guest users can handle the review email, use a group owner then? (called sponsor in the docs).
You can always contact the official support https://docs.microsoft.com/en-us/microsoft-365/business-video/get-help-support?view=o365-worldwide
