-
Notifications
You must be signed in to change notification settings - Fork 5
Azure AD Guest User (B2B)
Chad Cox edited this page Apr 4, 2022
·
6 revisions
External collaboration settings (click here)
- Guest user access restrictions
- Minimum: Guest users have limited access to properties and memberships of directory objects
- Recommended: Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)
-
Guest invite restrictions
-
Minimum: Member users and users assigned to specific admin roles can invite guest users including guests with member permissions
-
Recommended: No one in the organization can invite guest users including admins (most restrictive)
-
Enable guest self-service sign up via user flows: No
- Minimal: Deny invitations to the specified domains
- Target domains: gmail.com, outlook.com, hotmail.com, msn.com, aol.com, ymail.com, yahoo.com, facebook.com
- Recommended: Allow invitations only to the specified domains (most restrictive)
External Identities | All identity providers (Click Here)
- Email one-time passcode: Yes
No Guidance Yet
- Should not be members of Azure Directory Roles
- Membership to Azure roles should be limited
- Unaccepted guest users should be deleted after 30 days
- Guest with no sign-ins after 90 days should be deleted.