You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.
Over time, you might join several Office 365 tenants as a guest. Some of those Azure AD guest accounts probably won’t be needed forever and you want to clean them up. This is easy for individuals to do through their MyAccount page, which might just be a page that they never knew existed.
You can easily add people from outside your Office 365 tenant to the membership of Teams, but some oversight of who those people are and what teams they join is probably needed. This PowerShell script shows how to find records in the Office 365 audit log and figure out if they relate to the creation of new guest accounts before sending email asking to justify the addition of the new account.
Office 365 makes extensive use of Azure Active Directory guest accounts. Implementing a risky sign-in policy is a good idea, but it can have the unfortunate side-effect of suddenly blocking guest accounts that could previously access tenant resources. If blocks happen, they can only be lifted through administrative intervention in the guest account’s home tenant.
Microsoft has launched email one-time passcodes (OTP) into preview for Azure Active Directory guest accounts. It’s all to do with better collaboration. OTP doesn’t support Teams, Planner, or Office 365 Groups yet, but it can be used to share documents from SharePoint Online or OneDrive for Business.
How many guest users does your Office 365 tenant have? And how many of those accounts are actually used? Given that many Office 365 applications now generate guest user accounts to facilitate external access to content, managing these accounts is a growing concern.
During transitions, things sometimes don’t go so smoothly. Such is the case if you want to enable or disable guest user access to Teams and find that the setting to control the access is no longer available in the Office 365 Admin Center. But PowerShell can control the setting, so that’s the solution to the problem.
This Petri.com article tells you how to set a policy on confidential Office 365 Groups to stop owners being able to add guest users to the group (or team).