Feb 05 2021
- last edited on
Jan 14 2022
I am a newbie in Azure AD, please help me out.
I would like to understand that if I set up a federated account of a 3rd party with my Org Azure AD, how much that account has control over my environment - in applications, policies, etc.? Is there any Microsoft recommended best practice to manage or control these federated accounts in Azure AD?
Thanks in advance!
Feb 06 2021 11:13 AM
@Ranjita For best practices or recommendations you should take a look at the Azure Security Center.
Settings on tenant level can be set in Azure Active Directory > External Identities >External Collaboration Settings. You should deactivate „Guest can invite“ there.
Under Azure Active Directory > User Settings restrict the access to the Azure AD Administration Portal.
It would make administration easier to create a security group which inhibits all guest users, so you can assign apps on a higher level.
Apr 23 2022 03:54 AM