What we have to take inito account when we have guests in out tenant? In this post I want to throw some guides about it:
Limitations for guests
Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of:
- Per licensed user you can add up to five guests (1:5 ratio)
- Guest user permissions in Azure AD are limited by default
- cannot browse other tenant information
- but can view their own profile
- but can retrieve input on other users if he/she searches for a UPN or object ID
- Guest user permissions in Office 365 groups are limited
- Guest user permissions in Teams are limited
- no One Drive for Business
- no people search outside of Teams
- no calendar
- no meeting scheduling
- no pstn/telephony
- no org chart
- no teams creation/revision
- no teams browsing
- no file upload in P2P chats
What you can do to secure your Microsoft 365 guest identities?
The following are simply recommendations, so it will change depending the security you want to apply to your tenant:
- enforce multi-factor authentication for guests
- provide terms which guests musts agree on
- regularly review permission needs are still valid
- restrict access for guest to web-only / browser-only
- set session timeout to enforce regular/daily authentication by guests
- classify content by using sensitivity labels
- auto classify defined sensitive information to highly confidential
- auto remove guests access from files labeled high confidential
Albandrod's Memory 