The code is written to illustrate a principle. After that, it’s up to you to change/develop the code to do what makes sense in your organization.

Thanks!

Guest accounts can be licensed. Have you tried assigning a license using the Microsoft 365 admin center or PowerShell?

The issue that we mostly run into in terms of a Contractor is when they need to work on something specific that requires licensing. For example, PWA or Power BI Pro… Guest accounts can’t licensed from what I could see on my tenant. (Which is logical)

What events were you looking for in the event log? There have been some issues with searching the log in the past (and not finding events), but I think these problems have been squashed. At least, I haven’t heard of any lately (or encountered any).

There’s no doubt that Microsoft has work to do on Azure AD B2B Collaboration if they want people to use guest accounts more broadly. My hope is that by highlighting deficiencies, Microsoft might do something to fix the gaps.

As to developers using a guest account for DevOps, that sounds like a bridge too far…

The GitHub link is there… Can you check again? (don’t know what happened).

There’s always edge cases to consider, too – especially if AzureAD guest accounts are used in M365 tenants, but not to access M365 workloads. A client at my old company had contracted an external developer, who then used an AzureAD guest account in their tenant to access Azure Devops in the same tenant. He got blocked each and every time, no matter how often he logged in.

Great article (as usual). Microsoft should have account expiry for all accounts.

I was interested in having a look your script but noticed there isn’t a Github link for background job 2. Can you please provide this?

Thanks