Sign-up now and get instant access
Leave a comment
Customized training to master new skills and grow your business.
Beginner to advanced classes taught by Microsoft MVPs and Authors.
In-depth boot camps take you from a novice to mastery in less than a week.
Season Learning Pass
Get access to our very best training offerings for successful up-skilling.
Stream Pro Plus
Combine On-Demand Learning platform with face-to-face Virtual Mentoring.
Quick references for when you need a little guidance.
Summaries developed in conjunction with our Learn with the Nerds sessions.
Digital goodies - code samples, student files, and other must have files.
Stay up-to-date on all things Power BI, Power Apps, Microsoft 365 and Azure.
Earn money by driving sales through the Pragmatic Works' Training Affiliate Program.
It's time to address your client's training needs.
Learn how to get into IT with free training and mentorship.
Discover the faces behind our success: Meet our dedicated team
How can we help? Connect with Our Team Today!
Find all the information you’re looking for. We’re happy to help.
In this post I’d like to talk about Azure Active Directory, how guest users are created and how best to manage them. Azure Active Directory is one of the components that covers your entire business included with Office365, Power BI and other Azure assets. Azure Active Directory is the identity backbone of the Microsoft cloud.
We’ve worked with many customers that need to support external users in their environment for a variety of reasons, such as Power BI Embedded, to share assets with business partners in multiple active directory domains within the environment. The B to B functionality in Azure Active Directory is the solution to these scenarios.
Here are 3 key things to know about guest users in Azure Active Directory:
1. Tools in the Microsoft cloud can create guest users without necessarily asking your permission. For example, Power BI has multiple mechanisms, including email and sharing, which are simply button clicks. They can allow users with Pro licenses to share with users outside of your organization.
This is done though an invitation to allow a guest user to be added to your Azure Active Directory. Depending on the Microsoft cloud product, you may have a variety of ways to lock this down or change it. However, you can always trump the apps by using Azure Active Directory. I recommend managing those permissions, or at least the permissions allowing who can share with guest users, which can be set in Active Directory.
2. Guest users can be added to a security user group and should be. It’s not uncommon or bad to have guest users in your environment, but you should be using Active Directory security groups to drop them into, so you can manage your permissions at a group level. I would not recommend blending groups between guest users and your normal domain users, but that’s for you to decide.
3. Guest users can come from any domain. You should know who your guests are; if you don’t recognize or know anything about their email domain, for instance, be careful. You must know and understand where those guest users come from and manage them accordingly, so they’re easy to identify in Active Directory and you know who has access to your assets.
Azure Active Directory is a powerful feature inside of Azure, but it’s important to know how to manage the B to B feature and how guest users are created. If you have any questions about this feature, Azure Active Directory in general, or anything Azure related, click the link below or contact us—we’d love to help.
Join other Azure, Power Platform and SQL Server pros by subscribing to our blog.