How to clean up inactive guest users in Azure

Просмотров 5 тыс.

% 124

In this How-to video I'm going to cover creating a dynamic group and access reviews. This video is centered around keeping your environment secure. Often times you'll receive request to create guest accounts but the requester will never inform IT when that guest is no longer needed. This causes major security risk to an organization. The strategy covered in this video provides you with a way to eliminate that risk.
My mission is to help guide you through your cloud journey! My motto is always learning
Our goal is to get you from scholar to consultant and from consultant to expert.
See you next time!
#AzureLearning #Azure #CloudSecurity #CloudTraining #Office365 #LearnCloud #CloudScholars #alwaysgrowing #knowledgeispower #cybersecurity

Опубликовано:

12 дек 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 36

@Ddesigns1931 Год назад

This is the best Channel about IT security. Watching from the UK

@cloudscholars Год назад

Please share to your friends! Love the feedback.

@abdoel.rahman8737 Год назад

Amazing work

@cloudscholars Год назад

Thanks a lot! Glad you were helped. Please like and subscribe if you haven’t already. Helps me out as well.

@khotesagar Год назад

Thanks for the videos At last part of video, we need to add description because that will be notified to the user with the email content. otherwise, guest users feel it is phishing email and avoid clicking it. If they need access, they will retain the access. If they no longer need it then they will ignore it

@cloudscholars Год назад

Yes, you are right

@daye1997 5 месяцев назад

Great content. What if you don’t create the dynamic group and just choose the guest only in scope?

@cloudscholars 5 месяцев назад

Yeah that should work. I like to use dynamic groups.

@daye1997 5 месяцев назад

The governance identify license is $7 per user per month. Very expensive license! Again. Thank you for this wonderful video!

@cloudscholars 5 месяцев назад

lol yes it is expensive. Glad you liked the video. Please share on your social media and subscribe. Helps me grow the page.

@NDSLAB Месяц назад

You can use the Group Expiration feature as an alternative.

@dimpro 11 месяцев назад

Great video! Is the access review disables the inactive guest user? Can with access review just disable the user and keep it to tenant if on the future you want to enable it again? There are only two options available on the "Action to apply..." settings tab. Thanks

@cloudscholars 11 месяцев назад

Just want to make sure you're talking about "Block user from signing-in for 30 days, then remove user from the tenant". If so, the system will block the user. The admin has 30 days to re-enable the user. If it isn't done within that time period the account will be removed.

@hakaiyou4532 6 месяцев назад

Thanks man, very helpfull!

@cloudscholars 6 месяцев назад

Glad it helped!

@andrewg.t9714 Год назад

Great video, how do you target a specific company with the rules? Also from the U.K. 🙌💯

@cloudscholars Год назад

You would change the property value from guest to the company value. All the users in that company should have the same property value.

@andrewg.t9714 Год назад

@@cloudscholars thanks

@Thiagoofficial85 8 месяцев назад

Great video. Unfortunately, Microsoft now requires a Identity Governance license for this feature

@cloudscholars 8 месяцев назад

Yeah this is an older video. MS knows how to make money lol

@alidogancolak6095 Год назад

Hello Cloud Scholars, very helpful video. Thanks for sharing! I am trying to create the policy: With this policy, if a guest user has not signed in for 180 days, the user will receive an access review notification that must be completed within 5 days, if the user does not respond, account will be My settings: Frequency: Monthly Duration: 5 Days If reviewers don't respond: Take recommendations Enable reviewer decision helpers No sign-in within 30 days (I can't disable this option) So when I click on the result, I am seeing users which has last sign in date only 2 months ago and recommended options is deny because of Last signed in more than 30 days ago (2/27/2023). Could you please tell me if this policy will work correctly or there is a bug? Thank you.

@cloudscholars Год назад

This sounds like it should work. The results are populating correctly since no activity for the past 30 days. You are correct the "No sign-in within 30 days" option can't be disabled. You'll received the "Decision helper needs to be enabled for inactive user review." error.

@josephjoestar995 Год назад

Great video - how do I do this for all users not just guest? I’m assuming I don’t add the usertype = guest condition? Cheers!! From UK

@cloudscholars Год назад

Yes, that should do it. The guest type filters out the results for the type of user we want to pull in. Glad you enjoyed the video. Please subscribe if you haven't done so already.

@hafizrahman1509 Месяц назад

Does every Guest (self service access review) need a P2 license or any license

@sanjaychauhan86 Год назад

Hello Cloud Scholars, Suppose I selected inactive Guest account for 30 days and If the reviewer does not respond and I select remove access and block sign-in for 30 days and remove it from tenant, then does it keep the guest account for another 30 days and delete the guest account or does it immediately delete the guest account from tenant.

@cloudscholars Год назад

Great question! Yes, the account will still be available for 30 days. Once that time is met, then the account will be deleted from the tenant. I placed the link below that backs up the info. learn.microsoft.com/en-us/azure/active-directory/governance/create-access-review

@sanjaychauhan86 Год назад

@@cloudscholars so it means it will be removed after 60 days. I mean 30 days in inactive mode and 30 days without action, right?

@sanjaychauhan86 Год назад

Thanks for your prompt response. One more doubt I have, if the reviewer denied access on the guest account, how long will it take to delete the guest account automatically from the tenant?

@cloudscholars Год назад

That is correct. The first inactive process is reversible.

@cloudscholars Год назад

I believe it goes through the same process. Once disabled it has a "time to live". Then after that process it's completely gone.