EXT-04: Configure Guest Access Expiration

Frequently asked questions about implementing and managing the EXT-04 security control in Microsoft 365 and Entra ID.

Q
What is EXT-04 (Configure Guest Access Expiration)?
A

EXT-04 is a security control that guest accounts created for temporary projects often outlive their intended use. without expiration, ex-partners and former vendors retain access indefinitely. automatic expiration ensures guest access is time-bound. It requires that guest accounts have expiration dates configured and guest access expires after 90 days unless renewed, access reviews are configured for guest users.

Related controls:EXT-04
Q
Why is Configure Guest Access Expiration important for Microsoft 365 security?
A

Guest accounts created for temporary projects often outlive their intended use. Without expiration, ex-partners and former vendors retain access indefinitely. Automatic expiration ensures guest access is time-bound.

Related controls:EXT-04
Q
How do I implement EXT-04 in my tenant?
A

EXT-04 requires manual implementation. Requires Entra ID Governance access reviews configuration

Related controls:EXT-04
Q
What license do I need for EXT-04?
A

This control requires Azure AD Premium P2 (included in Microsoft 365 E5) or standalone P2.

Related controls:EXT-04
Q
Which security baseline includes EXT-04?
A

EXT-04 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Related controls:EXT-04

5

Questions

1

Related Controls

Categorized

Related Resources

EXT-04 Control Reference

Detailed documentation and implementation guidance

Guest & External Access Controls

All controls in the Guest & External Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →