A quick overview of setting up guest access in Azure AD

A quick overview of setting up guest access in Azure AD

Setting up external sharing in Microsoft 365 is complicated with interrelated settings on six different admin interfaces. So we’ll use an analogy to simplify the process: the security precautions that many organizations take to access their physical environments.

If you invite an outside person to come to your office for a meeting, they will go through multiple levels of security checks in order to gain access to the meeting room and sensitive information shared in that room. We will represent the first level as we approach the building’s campus.

Azure AD: access the campus

These global settings focus on verifying identity and defining the rules by which outsiders can be added to the directory (and by whom), as well as their rights once established. An organization can have 5 guest users for each paid license.

Graphical user interface, text, application, e-mail Description automatically generated

The Microsoft 365 external sharing model is configured so that guests should check with their own identity provider, and then you can choose to add more stringent requirements for signing in to your environment. This is a nice feature, because it means that when a user leaves their department (may be for an external supplier) their account is no longer active and they no longer have the means to log in as a guest toyourenvironment.

As we described oIn our reminder, the key settings at the Azure AD level are whether guests can see your entire member directory or only members of the teams they belong to.

This is also where you can select the “Administrators and guest role users can invite” toggle to determine whether administrators can invite guests through the administration interface. It will need to be enabled to allow team owners to invite guests through additional downstream settings. You can also choose to allow guests to invite other guests, but most departments do not do that.

Azure announcement

Since March 2021, a one-time passcode option has been made available to customers by default. This means that if a resource like a document is shared with them and they are not currently in the directory or they do not have a Microsoft account, they will be provided a one-time access code for identity verification. Using our analogy with physical security, those housed in larger buildings or campuses may impose entry requirements at the entrance road, parking lot, or campus perimeter for foreigners arriving by vehicle. A security guard checks that the foreigner has a valid identity document with a trusted authority before lifting the entry barrier.

Some highly secure sites will only allow certain organizations on on the premises while others may just have a list of blacklisted organizations that can never get in. In other words, someone cannot access a meeting room if they cannot get inside the campus, but being allowed inside the campus does not grant them access. to all meeting rooms.

For more information on configuring guest access settings in the Microsoft 365 Global Admin Center and Microsoft Teams Admin Center, be sure todownload the full ebook here!


AvePoint accelerates the success of your digital transformation. More than 16,000 businesses and 7 million SharePoint and Office 365 users around the world trust AvePoint software and services for their data migration, management and protection needs in cloud, on-premises and hybrid environments.

See more stories by AvePoint

Source link

Leave a Reply

Your email address will not be published.