ProvisionPoint addresses the challenge of inactive guest users in Microsoft 365
One of the strengths and weaknesses of Microsoft 365 is how easy it is to share with guest users. Authorised users can easily add a guest to their Microsoft Team or SharePoint Site. If that guest is using Microsoft 365, they can access it with their login credentials. It is the same for other guest users if they have an Outlook.com or Microsoft account. The challenge for administrators is they have no control over the lifecycle of the guest users.
When to remove a guest user
A Team or Site owner can remove a guest user from their workspace. Equally an administrator can disable a guest user in Microsoft Azure Active Directory. However, when should this occur:
- Should the guest be removed when a project is completed?
- Or when that guest user is no longer engaged by the organisation?
- What happens if the guest user leaves the organisation they are working for?
These are the challenges organisations face with the management of guest users in Microsoft 365.
One measurement that is available to administrators is the activity of a guest user. If a guest user has not logged into a Site or Team within a certain time frame this may indicate they are no longer actively working with the organisation. It may be that their involvement in that collaboration has ended or that they have left the external organisation they are working for. This inactivity may be a trigger to remove them from the Site or Team.
Guest user compliance policy
At ProvisionPoint we understand the challenges organisations face with the management of guest users. This is why we have introduced our inactive guest users compliance policy. This policy will allow administrators to configure scheduled checks to identify inactive guest users in a Site or Team. These policy checks’ output can be viewed as reports or emailed to administrators and workspace owners. Furthermore, rules can be implemented to automatically remove these inactive guest users from Sites and Teams.
As usual, ProvisionPoint approaches the management of guest users like the rest of Microsoft 365 governance. We understand the importance of delivering a configurable solution to organisations. The period of time of inactivity after which a guest user is removed will vary per organisation. For example, it could be 30 days, whilst other organisations may define inactivity as 60 days. This is why we have ensured that the rules for checking for an inactive guest are highly configurable.
This latest update by ProvisionPoint helps organisations manage guest users and builds on our extensive configurable compliance policies for Microsoft 365 governance.