Forum Discussion

Iron Contributor

Nov 07, 2018

external user access and lifecycle management

say we have sent across an share to someone not from the domain from a SharePoint online site. so the user will have their email say abc@gmail.com and redeems and say they use their phone number ...

admin

SharePoint Online

VasilMichev

MVP

Nov 07, 2018

The last part of your question is not really clear to me, but we have multiple way to control and revoke sharing, including periodic re-attestation as detailed in this session from Ignite:

What’s new in external sharing and collaboration with OneDrive and SharePoint - BRK3100

null null

Iron Contributor

Nov 08, 2018

if an external user is added to a group called <site name> visitors, when the user leaves the organisation; how do we make sure that the user no longer is able to access the site. What could be the best practice.

VasilMichev
MVP
Nov 08, 2018
The periodic re-attestation (Access reviews) feature can certainly help you with that, and you can also do the same process via custom PowerShell scripts.
kiran bellala
Brass Contributor
Nov 08, 2018
Hi null
The external user can leave a Team or Group. But external user's identity will continue to exist in your Azure AD as Guest user. As Azure AD admin, you have to disable/block sign-in or delete the external user from Azure AD.