Jun 29 2020 04:56 PM
When you enable guest access in Teams, those users get brought into your Azure AD environment, but unlike your regular internal users, you have no way of knowing if those external users are still active or not. How do people typically handle this? Do you just monitor sign in activity maybe and disable accounts that had not logged in for a while? Do you require your external users to periodically response to an email saying that are still active? Maybe this not an issue people are typically concerned about so nothing needs to be done?
Jun 29 2020 11:19 PM
SolutionAzure AD Access Reviews, Entitlement management if you have the licensing, or just periodically checking their activity via the Unified audit log.
Jun 30 2020 12:01 AM
@michaelkubala For us it is a joint responsibility. The HR department are responsible for notifying the IT department of any staff who are leaving in advance, providing IT with a leaving/last date, and if available the named person who will be taking over that persons role or position (Account). We then schedule to a) change the password and b) forward incoming emails or allow shared access to that account either to check, or manage the account for an agreed period of time. Once this time is up, the account is set to auto-reply for a further month before being archived. Additionally any New starters, IT are again notified by the HR department in order to setup and prepare any accounts in good time.
Jun 30 2020 07:18 AM
Jun 30 2020 08:44 AM
Jun 29 2020 11:19 PM
SolutionAzure AD Access Reviews, Entitlement management if you have the licensing, or just periodically checking their activity via the Unified audit log.