If I reflect on the Microsoft 365 projects I participated in during the last couple of years, about 90% of those projects included the organisation’s need to improve collaboration and communication with external organizations like customers, subcontracters, partners, etc.. With Microsoft’s adoption of the cloud is has become so much easier to involve External Users with their projects, contracts, legal cases, etc.
External Users: Trojan horse?
These External Users can now securely collaborate with your users using their own familiar logon credentials. But providing these external users access to your information also introduced a few new challenges for your organization:
-
Which users should have access to which resources?
-
What are those users doing with that access?
-
Are there effective organizational controls for managing access?
-
Can auditors verify that the controls are working?
Many organizations rely on the basic features in Microsoft 365 for on-, through- and of-boarding of External Users. This means assigned users must ‘manually’ keep an eye on things and make decisions in compliance to the organisations policies. Experience learns that’s a time consuming task, especially when your organisation regularly collaborates with many external users.
Identity Governance
Implementing Microsoft’s Azure Active Directory Identity Governance (AAD-IG) is one way to improve your organizations management of external B2B users. It provides your organization with a rich feature set to:
-
Govern the identity lifecycle, Who gets access, via which approval and review processes? And what should happen at the end of the identity lifecycle?
-
Govern access lifecycle, Microsoft suports amongst others defining Terms of Use, Conditional Access with Multi Factor Authentication; defining Access Packages to your Teams, M365 Groups, SharePoint Sites and applications.
-
Secure privileged access for administration, Who can get temporary access to administrator permissions.
Small step – great benefits
Making the step from manually managing external user access to the automated and policy driven Identity Governance, your organization requires Microsoft AAD P2 or EMS E5 subscriptions for those users getting involved in administering the policies and approving and reviewing external users access.
It’s a excellent investment, when you consider it will:
-
make life easier for your administrators and super users;
-
save you administration costs;
-
mitigate risks of dataleaks;
-
stay in control of your information.
If you’re working on your Information Governance and are collaborating with external users in a structural way, I dare say you can’t do without Identity Governance.