Learn how to secure Microsoft 365 users and guests throughout the organization
Solving guest user governance is one of the most important things to get right in M365. Organizations need to be proactive to have insight into their users sharing and have control once data leaves the system.
However, guest user settings are complex and require having each of the 5 puzzle pieces connected correctly across:
- Office 365 Security and Privacy settings
- Group settings
- SharePoint settings
- Teams settings
SharePoint and OneDrive for Business even have their own, independent set ups. Once users have solved the puzzle, they still need to create a process for managing the guest lifecycle within Microsoft 365. By default, users can now request guests to be added to the Microsoft 365 tenant.
Once they are in, they need to have the appropriate policies set, and even more importantly, a system for removing their access when it is no longer appropriate.
KMWorld held a webinar with John Peluso, chief product officer, AvePoint who discussed how to solve the guest user puzzle for Microsoft 365.
According to Peluso, before even logging a guest in, users should ask themselves a series of questions that include:
- Who do you want to collaborate with externally?
- What services and data should they have access to?
- How should external users be invited in?
- When should external users be re-assessed or removed?
The foundation of external collaboration in Microsoft Teams is the Azure AD “Guest” model, he explained. The benefits of this approach includes having the home domain authenticating the user, the guest domain can leverage AAD conditional access policies, and centralized identity in guest means centralized reporting or memberships.
The AvePoint Cloud governance approach can help secure organizations using M365 suites. Users can get a clear definition of ownership, business purpose, and guidelines. The platform can tailor by role and business units. There is an approval process for new workspaces and terms of service and use (example: protected health information).
An archived on-demand replay of this webinar is available here.