-
Notifications
You must be signed in to change notification settings - Fork 5
Azure AD Guest User (B2B) Maintenance and Automation Task
Chad Cox edited this page Apr 14, 2022
·
25 revisions
In my guest script area i have examples of how to do this with the microsoft.graph cmdlets
- Link to the PowerShell script that will create a report: (Click Here)
- Copy the script locally (click here for script)
- Run the script and provide the parameters notsignedonindays and removalthreshold
PS C:\> remove-aadstaleguest.ps1 -notsignedonindays 120 -removalthreshold 1000
- If you haven't already created a Azure Automation Account follow these instructions to set up (can use previous created account): Click Here
- Create a runbook following these instructions: Click Here
- Use this runbook (runbook-removeAADStaleGuest.ps1)
- Update the following values in the script:
- notsignedonindays is the number of days since a guest has logged in, anything older than that value will be removed
#this is the number of days a guest account has to sign in before, they are considered to be deleted.
$notsignedonindays = 120
- removalthreshold is used to limit the number of guest deleted on a particular day
#this is a standard theshold, only the number provided below will be returned and deleted.
$removalthreshold = 250
- Have this runbook run at minimum weekly
- If you haven't already created a Azure Automation Account follow these instructions to set up (can use previous created account): Click Here
- Create a runbook following these instructions: Click Here
- Use this runbook (runbook-removeAADUnacceptedGuest.ps1)
- Update the following values in the script:
- notacceptedindays is the number of days since a was invited and not accepted, anything older than that value will be removed
#this is the number of days a guest account has to accept before, they are considered to be deleted.
$notacceptedindays = 30
- removalthreshold is used to limit the number of guest deleted on a particular day
#this is a standard theshold, only the number provided below will be returned and deleted.
$removalthreshold = 100
- Have this runbook run at minimum weekly
- Viral guest account is an account that was created prior to October 2021, where a viral tenant was created and a domain was added but not verified. Then a user with that domain name in their email address was invited as a guest to your tenant or another tenant.
- The issue with a viral tenant is a process has been created to take over or hijack these viral tenants to reclaim the non verifired domain.
- In doing so the user who takes over a viral tenant is able to grant themselves privileges that allow control over the b2b guest user account that can be used to log into any resources that account has access to.
- Enable External User One Time Use Password (MS is rolling this out as default behavior) Link: Enable email one-time passcode
- Remove all stale guest users. (follow previous guidance)
- Run this script to scan AAD for Active Viral Guest users click here for create-aadguestisviralreport.ps1
- Reset the invite status for all Active viral users. (script in progress)
Single Azure AD tenant for large enterprises, part 4: Azure AD Viral tenants
Take over an unmanaged directory as administrator in Azure Active Directory