Custom policy for guest account

Question

HiI would like to configure a custom expérience for guest user in my tenant.The principal reason : on many application, guests can list/read my Azure AD and eventually, browse all existing clients.Have you a suggestion ?I know an existing parameter who can blocked this experience in the tenant (but his affect all users...)Thank you for your help !

moe_kinani · Answer

Hi Romain,What kind of policies you like to force on the guest users?You can apply some policies to Guest users using Conditional Access like MFA, device platform etc, check url below:https://docs.microsoft.com/en-us/azure/active-directory/b2b/b2b-tutorial-require-mfaMoe

romain_lasmi · Answer

Hi MoeI would like to restrict guests right on the session and in the top idea, blocked list/read user in my Directory

365vcloud · Answer

Try using Azure AD conditional access technology?&nbsp;https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

moe_kinani · Answer

Guest will be able to access and read what invited for.
In your case, Conditional Access should do the trick by blocking the guest from accessing other apps. I would also recommend using Access reviews to review the Guest Permissions, so you have an idea of permissions have given to guests in your directory.

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

hitesh_jansari · Answer

Moe_Kinani&nbsp;Great recommendation and I am big fan of Azure B2B.We normally restrict our external partner by white list their ip addresses with our Azure B2B Solution. What would you suggest with partners which uses Public / Dynamic ip addresses as we dont want to open up this up.&nbsp;&nbsp;Any other way we can restrict or would you suggest VDI solution?Hitesh

Forum Discussion

Custom policy for guest account

5 Replies

Resources