![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 55.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
25,081 questions
- Invited external users in Azure Active Directory (Azure AD) can be created in several ways:
- By sending a guest invitation to a person outside your organization through the Azure portal or through the Microsoft Teams or SharePoint platform.
- By allowing users to sign up for an Azure AD B2B collaboration account using their personal email address.
- By automatically creating guest accounts for users who are part of a federation with another Azure AD tenant.
- You can safely remove these external users if they are no longer needed or if they have been mistakenly added to your Azure AD. Before removing the users, you should verify that they don't have any active licenses assigned or aren't members of any Microsoft 365 groups or teams. You can remove external users using the Azure portal, Azure AD PowerShell or Graph API.
- To prevent external users from being added without your consent, you can do the following:
- Configure Azure AD policies to control the external sharing of content and resources in your organization. For example, you can block external sharing, allow sharing only with specific domains, or set up restrictions for specific user roles.
- Enable multi-factor authentication for all guest users to enhance the security of your environment.
- Regularly review and remove guest users who are no longer needed.
- Train your users on best practices for collaborating with external users, including when and how to invite external users, and the importance of removing external users when they are no longer needed.