Thousands of customers have tested or deployed Microsoft Entra ID Governance since it launched on July 1, 2023, seeing the value in governing the identities of their workforce. Many of those customers have asked about extending this governance to the identities of their business guests—contractors, partners, and external collaborators—to more fully follow least privilege access principles while still enabling seamless collaboration.
I'm pleased to announce that we're helping organizations to more easily manage this situation by creating a new ID Governance for Microsoft Entra External ID meter for business guests. This add-on will operate on a monthly active usage (MAU) model. Customers will incur charges based on their actual business guest MAU. Learn more about Microsoft Entra External ID pricing at aka.ms/ExternalIDPricing.
To help our customers expand least privilege access to their business guests, ID Governance for External ID will be priced at $0.75 per monthly governed identity, and we anticipate making it available in Fall 2024. While the feature remains in public preview, organizations that govern the identities of their employees with ID Governance can govern the identities of their business guests for no additional cost.
Existing Azure AD External ID customers are grandfathered to continue using the subset of identity governance features that are included in Entra ID P1 and P2.
Why govern the identities of business guests?
Business guests are external collaborators who need access to an organization’s resources and applications for a specific purpose and duration. Examples of business guests include contractors, consultants, vendors, or partners. Business guests pose unique challenges for identity governance, as they often have dynamic and unpredictable access needs, and they may not follow internal policies and standards. Without proper governance, business guests can introduce access risks, such as over-privileged accounts, orphaned accounts, or unauthorized access.
Microsoft Entra ID Governance helps address these challenges by enabling you to:
- Define and enforce access policies for business guests, such as requiring sponsorship, approval, and attestation.
- Automate the provisioning and deprovisioning of business guest accounts, based on their project or contract duration.
- Monitor and audit the access activities and behaviors of business guests and detect and remediate any anomalies or violations.
- Provide a method for internal sponsors to review and approve their requests.
With this step, our customers can ensure that all identities in their organization are governed. Thank you for partnering with us to help protect your digital estates.
Kaitlin Murphy
Director, Product Marketing
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.