Configure Guest Access Expiration for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The EXT-04 control helps address these requirements by:

• Guest accounts have expiration dates configured
• Guest access expires after 90 days unless renewed
• Access reviews are configured for guest users

Guest accounts created for temporary projects often outlive their intended use. Without expiration, ex-partners and former vendors retain access indefinitely. Automatic expiration ensures guest access is time-bound.

When implementing EXT-04 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

EXT-04 requires the following configuration:

• Guest accounts have expiration dates configured
• Guest access expires after 90 days unless renewed
• Access reviews are configured for guest users

Requires Entra ID Governance access reviews configuration

Follow the steps above in your Microsoft Entra admin center to enable this control.