Azure B2B External Accounts

%3CLINGO-SUB%20id%3D%22lingo-sub-548974%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20B2B%20External%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-548974%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20use%20Access%20Reviews%20for%20that%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fmanage-guest-access-with-access-reviews%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fmanage-guest-access-with-access-reviews%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20the%20feature%20requires%20Azure%20AD%20P2%20license%2C%20so%20you%20might%20as%20well%20just%20implement%20your%20own%20process%20via%20PowerShell%2FGraph.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-545796%22%20slang%3D%22en-US%22%3EAzure%20B2B%20External%20Accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-545796%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20would%20like%20to%20enable%20the%20feature%20which%20allows%20external%20users%20to%20be%20invited%20to%20our%20Teams%20and%20SharePoint%20sites%20based%20on%20white%20listed%20domains.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIdeally%20we%20would%20like%20to%20identify%20and%20remove%20external%20users%20who%20have%20not%20logged%20in%20the%20last%2060%20days.%20Is%20there%20a%20way%20of%20identifying%20these%20user%20accounts%20using%20the%20OOTB%20logging%20available%3F%20Or%20even%20via%20PowerShell%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-545796%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Contributor

We would like to enable the feature which allows external users to be invited to our Teams and SharePoint sites based on white listed domains.

 

Ideally we would like to identify and remove external users who have not logged in the last 60 days. Is there a way of identifying these user accounts using the OOTB logging available? Or even via PowerShell

1 Reply

You can use Access Reviews for that: https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-r...

 

But the feature requires Azure AD P2 license, so you might as well just implement your own process via PowerShell/Graph.