EXT-04MediumEnhanced Security
Configure Guest Access Expiration
Guest & External Access control for Microsoft 365 and Entra ID
Why This Control Matters
Guest accounts created for temporary projects often outlive their intended use. Without expiration, ex-partners and former vendors retain access indefinitely. Automatic expiration ensures guest access is time-bound.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Guest accounts have expiration dates configured
- 2Guest access expires after 90 days unless renewed
- 3Access reviews are configured for guest users
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Requires Entra ID Governance access reviews configuration
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.