EXT-09: Guest User Lifecycle Review

Frequently asked questions about implementing and managing the EXT-09 security control in Microsoft 365 and Entra ID.

Q
What is EXT-09 (Guest User Lifecycle Review)?
A

EXT-09 is a security control that stale guest accounts are attack targets. unlike internal accounts, guest accounts may not be subject to your password policies or mfa requirements. regular lifecycle review prevents unauthorized access through forgotten guest identities. It requires that guest accounts inactive for 90+ days are identified and stale guests are disabled or removed, guest accounts that never signed in are reviewed.

Related controls:EXT-09
Q
Why is Guest User Lifecycle Review important for Microsoft 365 security?
A

Stale guest accounts are attack targets. Unlike internal accounts, guest accounts may not be subject to your password policies or MFA requirements. Regular lifecycle review prevents unauthorized access through forgotten guest identities.

Related controls:EXT-09
Q
How do I implement EXT-09 in my tenant?
A

TrueConfig provides one-click remediation for EXT-09. Can automatically disable guest accounts inactive for 90+ days

Related controls:EXT-09
Q
What license do I need for EXT-09?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:EXT-09
Q
Which security baseline includes EXT-09?
A

EXT-09 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:EXT-09

5

Questions

1

Related Controls

Categorized

Related Resources

EXT-09 Control Reference

Detailed documentation and implementation guidance

Guest & External Access Controls

All controls in the Guest & External Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →