Comments on: Five Practical Actions to Control Guest Accounts for Microsoft Teams https://practical365.com/control-guest-accounts-microsoft-teams/ Practical Office 365 News, Tips, and Tutorials Thu, 02 Mar 2023 21:52:05 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Tony Redmond https://practical365.com/control-guest-accounts-microsoft-teams/#comment-255563 Thu, 02 Mar 2023 21:52:05 +0000 https://practical365.com/?p=54992#comment-255563 In reply to JohnM.

I don’t believe so because guests authenticate against their home directory. I would focus on MFA and insist on it for all guest connections. You can do that easily with a simple conditional access policy.

]]> By: JohnM https://practical365.com/control-guest-accounts-microsoft-teams/#comment-255549 Thu, 02 Mar 2023 17:21:43 +0000 https://practical365.com/?p=54992#comment-255549 Hi Tony –
is there a way to have Guest accounts match our global password policy.
Currently our users users have 14 characters, we would want the same for guests.

]]> By: Tony Redmond https://practical365.com/control-guest-accounts-microsoft-teams/#comment-250765 Wed, 11 Jan 2023 21:37:50 +0000 https://practical365.com/?p=54992#comment-250765 In reply to Dave.

I have no idea because I have never tried. It might be the case that you’ll need a Microsoft Services account (MSA) for non-Microsoft guest accounts to be able to update MFA methods.

]]> By: Dave https://practical365.com/control-guest-accounts-microsoft-teams/#comment-250761 Wed, 11 Jan 2023 20:46:07 +0000 https://practical365.com/?p=54992#comment-250761 How can non-Microsoft guest accounts (gmail, for example) update or add their MFA method? For example, if they used MS Authenticator on initial login, but want to add SMS as another option. It is not possible to log into the security verification page with a non-Microsoft account.

]]> By: Tony Redmond https://practical365.com/control-guest-accounts-microsoft-teams/#comment-237805 Sat, 19 Feb 2022 21:34:14 +0000 https://practical365.com/?p=54992#comment-237805 In reply to Jakke.

Guest accounts don’t need licenses unless they use premium Azure AD features. And if they do, there’s free access for the first 50,000 monthly active users. See https://office365itpros.com/2021/11/04/azure-ad-mau-billing-external-identities/

]]> By: Jakke https://practical365.com/control-guest-accounts-microsoft-teams/#comment-237804 Sat, 19 Feb 2022 21:29:21 +0000 https://practical365.com/?p=54992#comment-237804 It seeems to me that there extra license needs when adding guest accounts….

]]> By: Angelo Cassano https://practical365.com/control-guest-accounts-microsoft-teams/#comment-237783 Thu, 17 Feb 2022 18:51:11 +0000 https://practical365.com/?p=54992#comment-237783 Excellent blog Tony. Thank you for the ideas on how to contain guest sprawl.

]]> By: Tony Redmond https://practical365.com/control-guest-accounts-microsoft-teams/#comment-237741 Fri, 11 Feb 2022 16:43:56 +0000 https://practical365.com/?p=54992#comment-237741 In reply to Anil Kumar.

I covered this topic in https://practical365.com/review-azure-ad-guest-accounts-annually/, which is linked to in the article. Signins are only one signal. Audit logs are also valuable in determining user activity.

]]> By: Anil Kumar https://practical365.com/control-guest-accounts-microsoft-teams/#comment-237740 Fri, 11 Feb 2022 16:37:07 +0000 https://practical365.com/?p=54992#comment-237740 Thanks for the explanation. A quick question regarding cleanup, We tried to use Azure AD Sign in logs to cleanup inactive accounts and as they only store 30 days of activity we couldn’t rely on them as it’s a short span. Do you have any other parameters on how to find the inactive accounts

]]>