External users/guests validation by group owners
Include a periodical check if guests are still needed
There is a need to also check the guests periodically (every 30, 60, 90, or 180 Days).
There an owner should decide for every guest if access is still needed or access should be removed automatically.
Dear ShareGate Apricot users,
We’ve added the Guest Review experience for the owners that go with the external sharing links review. The review is a 2 steps process starting with guest review and then external sharing link reviews.
You can also adapt the frequency at which the external shares review occurs based on the level of sensitivity of a group. (blog link here: https://sharegate.com/blog/update-auto-apply-customized-governance-policies-to-microsoft-teams)
In addition, we’re currently adding more information on the admin side to let you know when guests are inactive.
If you have any questions or comment, don’t hesitate to contact me! I’m always grateful to talk with you.
Again, your feedback is very appreciated.
Have a nice day,
Jury Baragatti commented
To meet compliance and audit requirements, we should ask the “member validation by group owners” every 6 months. I hope that the function provided for guests could be extended to all members.
Ben Seo commented
Dear SG, For financial sector, this is a "requirement" being asked from compliance team for fulfilling audit requirements for SEC regulation for tracking sensitive communications. Please advise.
in my opinion this is more important than reviewing external sharing links.... I wish it could be prioritised.
guests have access to ALL of the group's content and should be reviewed
It would be helpful to be able to quickly identify Teams that have external guests listed as members - not just Teams that have had a link shared externally. Additionally, extend the emailing capabilities so that we can send the Owners of these teams an email to review/verify this security is still needed. If a Team is stale and hasn't gotten deleted, owners may be more willing to clean up Guest access before the deletion.
This is something we thought it did. Checking external sharing is useful but bringing it up a level to just a simple 'dear owner do you know your Team/Group has guests' is what our Infogov colleagues want. To meet compliance we are required to ask every 3 months about access to systems from guest or sponsored users. Perhaps if it had a check box next to each guest so an owner could tick the ones they are ok with and the remainder would get emailed to IT for action to purge or v.v