Microsoft Now Lets IT Admins Assign Sponsors to Entra ID Guest Accounts

Windows Logo

Key Takeaways:

  • Microsoft has released a new feature that lets IT admins assign sponsors to Entra ID guest accounts.
  • The sponsor is a responsible individual or group that can track guest account usage within an organization.
  • IT admins can add up to five sponsors, including a combination of accounts and groups, while inviting a new guest user.

Microsoft has released a new update that enables IT admins to designate sponsors for Entra ID guest accounts. The feature launched in public preview in July, allowing organizations to appoint individuals or groups as sponsors for their guest accounts (via Office 365 for IT Pros).

A sponsor is a “responsible individual” who tracks each guest account within the organization. The sponsor tracks the usage of the guest account and what access they have to corporate data. Sponsors can choose to retain the guest account or request for its removal from the tenant.

“The Sponsors field on the user object refers to the person or a group who invited the guest user to the organization. You can use this field to track who invited the guest user and to help with accountability. Being a sponsor doesn’t grant administrative powers for the sponsor user or the group, but it can be used for approval processes in Entitlement Management,” Microsoft explained.

Microsoft notes that administrators can add up to five sponsors while inviting a new guest user, and it can be a combination of accounts and groups. If there are no sponsors in the payload, the service will automatically add the inviter as a sponsor. Keep in mind that the ability to invite a guest user is currently only available for users with the Global Administrator role or a limited administrator directory role.

Microsoft Now Lets IT Admins Assign Sponsors to Entra ID Guest Accounts

How to add Microsoft Entra ID Guest Account Sponsors

To add sponsors when inviting a new guest user, IT admins will need to follow the steps mentioned below:

  • Sign in to the Azure portal and navigate to Azure Active Directory >> Users.
  • Now, click the Invite external user option available in the menu.
  • Enter the details on the Basic tab and select Next: Properties.
  • Navigate to the Job Information section on the Properties tab and click the Add sponsors option.
  • Finally, click the Review and invite button to save the changes.

Microsoft notes that IT admins can use Microsoft Graph API to add sponsors for Entra ID guest accounts. They can also change the Sponsors field on the user group object in case the sponsor leaves the organization. This approach helps to ensure proper tracking and accountability for the guest user’s account.

Last month, Microsoft released a new continuous access evaluation (CAE) setting for the Entra ID Conditional Access service. The feature is currently available in public preview, and it allows IT admins to strictly enforce location policies for network access.