Manage guest user lifecycle (preview)
Entitlement management allows you to gain visibility into the state of a guest user's lifecycle through the following viewpoints:
- Governed - The guest user is set to be governed.
- Ungoverned - The guest user is set to not be governed.
- Blank - The lifecycle for the guest user isn't determined. This happens when the guest user had an access package assigned before managing user lifecycle was possible.
Note
When a guest user is set as Governed, based on entitlement management tenant-wide settings their account will be deleted or disabled in specified days after their last access package assignment expires. Learn more about entitlement management settings here: Manage external access with Microsoft Entra entitlement management.
You can directly convert ungoverned users to be governed by using the Mark Guests as Governed (preview) functionality in the top menu bar.
Manage guest user lifecycle in the Microsoft Entra admin center
Tip
Steps in this article may vary slightly based on the portal you start from.
To manage user lifecycle, you'd follow these steps:
Prerequisite role: Global Administrator, Identity Governance Administrator, Catalog owner, Access package manager or Access package assignment manager
Sign in to the Microsoft Entra admin center as at least an Identity Governance Administrator.
Browse to Identity governance > Entitlement management > Access package.
On the Access packages page open the access package you want to manage guest user lifecycle of.
In the left menu, select Assignments.
On the assignments screen, select the user you want to manage the lifecycle for, and then select Mark guest as governed (Preview).
Select save.
Manage guest user lifecycle programmatically
To manage user lifecycle programatically using Microsoft Graph, see: accessPackageSubject resource type. For bulk conversion, see: ConvertTo-EmGovernedGuest.ps1.
Next steps
Feedback
Submit and view feedback for