How to clean up inactive guest users in Azure
HTML-код
- Опубликовано: 11 сен 2024
- In this How-to video I'm going to cover creating a dynamic group and access reviews. This video is centered around keeping your environment secure. Often times you'll receive request to create guest accounts but the requester will never inform IT when that guest is no longer needed. This causes major security risk to an organization. The strategy covered in this video provides you with a way to eliminate that risk.
My mission is to help guide you through your cloud journey! My motto is always learning
Our goal is to get you from scholar to consultant and from consultant to expert.
See you next time!
#AzureLearning #Azure #CloudSecurity #CloudTraining #Office365 #LearnCloud #CloudScholars #alwaysgrowing #knowledgeispower #cybersecurity
This is the best Channel about IT security. Watching from the UK
Please share to your friends! Love the feedback.
The governance identify license is $7 per user per month. Very expensive license! Again. Thank you for this wonderful video!
lol yes it is expensive. Glad you liked the video. Please share on your social media and subscribe. Helps me grow the page.
You can use the Group Expiration feature as an alternative.
Thanks for the videos
At last part of video, we need to add description because that will be notified to the user with the email content. otherwise, guest users feel it is phishing email and avoid clicking it.
If they need access, they will retain the access. If they no longer need it then they will ignore it
Yes, you are right
Great video.
Unfortunately, Microsoft now requires a Identity Governance license for this feature
Yeah this is an older video. MS knows how to make money lol
Thanks man, very helpfull!
Glad it helped!
Amazing work
Thanks a lot! Glad you were helped. Please like and subscribe if you haven’t already. Helps me out as well.
Great content. What if you don’t create the dynamic group and just choose the guest only in scope?
Yeah that should work. I like to use dynamic groups.
Great video!
Is the access review disables the inactive guest user?
Can with access review just disable the user and keep it to tenant if on the future you want to enable it again? There are only two options available on the "Action to apply..." settings tab.
Thanks
Just want to make sure you're talking about "Block user from signing-in for 30 days, then remove user from the tenant". If so, the system will block the user. The admin has 30 days to re-enable the user. If it isn't done within that time period the account will be removed.
Hello Cloud Scholars, very helpful video. Thanks for sharing! I am trying to create the policy: With this policy, if a guest user has not signed in for 180 days, the user will receive an access review notification that must be completed within 5 days, if the user does not respond, account will be
My settings:
Frequency: Monthly
Duration: 5 Days
If reviewers don't respond: Take recommendations
Enable reviewer decision helpers
No sign-in within 30 days (I can't disable this option)
So when I click on the result, I am seeing users which has last sign in date only 2 months ago and recommended options is deny because of Last signed in more than 30 days ago (2/27/2023).
Could you please tell me if this policy will work correctly or there is a bug? Thank you.
This sounds like it should work. The results are populating correctly since no activity for the past 30 days. You are correct the "No sign-in within 30 days" option can't be disabled. You'll received the "Decision helper needs to be enabled for inactive user review." error.
Does every Guest (self service access review) need a P2 license or any license
👍Nice video!
Your screen is blurry, hard to read though.
Sorry about that. Glad you still enjoyed it. This was one of my earlier videos. I've since changed the recording settings.
Great video, how do you target a specific company with the rules? Also from the U.K. 🙌💯
You would change the property value from guest to the company value. All the users in that company should have the same property value.
@@cloudscholars thanks
Great video - how do I do this for all users not just guest? I’m assuming I don’t add the usertype = guest condition?
Cheers!! From UK
Yes, that should do it. The guest type filters out the results for the type of user we want to pull in. Glad you enjoyed the video. Please subscribe if you haven't done so already.
Hello Cloud Scholars,
Suppose I selected inactive Guest account for 30 days and If the reviewer does not respond and I select remove access and block sign-in for 30 days and remove it from tenant, then does it keep the guest account for another 30 days and delete the guest account or does it immediately delete the guest account from tenant.
Great question! Yes, the account will still be available for 30 days. Once that time is met, then the account will be deleted from the tenant. I placed the link below that backs up the info.
learn.microsoft.com/en-us/azure/active-directory/governance/create-access-review
@@cloudscholars so it means it will be removed after 60 days. I mean 30 days in inactive mode and 30 days without action, right?
Thanks for your prompt response. One more doubt I have, if the reviewer denied access on the guest account, how long will it take to delete the guest account automatically from the tenant?
That is correct. The first inactive process is reversible.
I believe it goes through the same process. Once disabled it has a "time to live". Then after that process it's completely gone.
Users to remove forever.
are you asking a question?