external user access and lifecycle management

Question

say we have sent across an share to someone not from the domain from a SharePoint online site.

so the user will have their email say abc@gmail.com and redeems and say they use their phone number to redeem.

Later if this user leaves the support organisation, what happens to the id, it will still remain and the user can still keep on using the site.

Is there a solution to this.

vasilmichev · Answer

The last part of your question is not really clear to me, but we have multiple way to control and revoke sharing, including periodic re-attestation as detailed in this session from Ignite:
What’s new in external sharing and collaboration with OneDrive and SharePoint​ - BRK3100

null null · Answer

if&nbsp; an external user is added to a group called &lt;site name&gt; visitors, when the user leaves the organisation; how do we make sure that the user no longer is able to access the site. What could be the best practice.

kiran bellala · Answer

Hi nullThe external user can leave a Team or Group. But external user's identity will continue to exist in your Azure AD as Guest user. As Azure AD admin, you have to disable/block sign-in or delete the external user from Azure AD.&nbsp;

vasilmichev · Answer

The periodic re-attestation (Access reviews) feature can certainly help you with that, and you can also do the same process via custom PowerShell scripts.

Forum Discussion

external user access and lifecycle management

Share

Resources