EXT-09MediumRecommended Secure
Guest User Lifecycle Review
Guest & External Access control for Microsoft 365 and Entra ID
Why This Control Matters
Stale guest accounts are attack targets. Unlike internal accounts, guest accounts may not be subject to your password policies or MFA requirements. Regular lifecycle review prevents unauthorized access through forgotten guest identities.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Guest accounts inactive for 90+ days are identified
- 2Stale guests are disabled or removed
- 3Guest accounts that never signed in are reviewed
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Available
Can automatically disable guest accounts inactive for 90+ days
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.