You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/governance/manage-guest-access-with-access-reviews.md
+10-4Lines changed: 10 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,14 +4,14 @@ description: Manage guest users as members of a group or assigned to an applicat
4
4
services: active-directory
5
5
documentationcenter: ''
6
6
author: amsliu
7
-
manager: karenhoran
7
+
manager: amycolannino
8
8
editor: markwahl-msft
9
9
ms.service: active-directory
10
10
ms.workload: identity
11
11
ms.tgt_pltfrm: na
12
12
ms.topic: conceptual
13
13
ms.subservice: compliance
14
-
ms.date: 4/16/2021
14
+
ms.date: 08/23/2021
15
15
ms.author: amsliu
16
16
ms.reviewer: mwahl
17
17
ms.collection: M365-identity-device-management
@@ -38,7 +38,7 @@ For more information, [License requirements](access-reviews-overview.md#license-
38
38
First, you must be assigned one of the following roles:
39
39
- global administrator
40
40
- User administrator
41
-
- (Preview) M365 or AAD Security Group owner of the group to be reviewed
41
+
- (Preview) Microsoft 365 or Azure AD Security Group owner of the group to be reviewed
42
42
43
43
Then, go to the [Identity Governance page](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/) to ensure that access reviews is ready for your organization.
44
44
@@ -119,7 +119,13 @@ In some organizations, guests might not be aware of their group memberships.
119
119
120
120
4. After the reviewers give input, stop the access review. For more information, see [Complete an access review of groups or applications](complete-access-review.md).
121
121
122
-
5. Remove guest access for guests who were denied, didn't complete the review, or didn't previously accept their invitation. If some of the guests are contacts who were selected to participate in the review or they didn't previously accept an invitation, you can disable their accounts by using the Azure portal or PowerShell. If the guest no longer needs access and isn't a contact, you can remove their user object from your directory by using the Azure portal or PowerShell to delete the guest user object.
122
+
5. You can automatically delete the guest users Azure AD B2B accounts as part of an access review when you are configuring an Access review for **Select Team + Groups**. This option is not available for **All Microsoft 365 groups with guest users**.
123
+
124
+
125
+
126
+
To do so, select **Auto apply results to resource** as this will automatically remove the user from the resource. **If reviewer don't respond** should be set to **Remove access** and **Action to apply on denied guest users** should also be set to **Block from signing in for 30 days then remove user from the tenant**.
127
+
128
+
This will immediately block sign in to the guest user account and then automatically delete their Azure AD B2B account after 30 days.
0 commit comments