Microsoft Entra ID Governance licensing for business guests


Thousands of customers have tested or deployed Microsoft Governance since it launched on July 1, 2023, seeing the value in governing the identities of their workforce. Many of those customers have asked about extending this governance to the identities of their business guests—contractors, partners, and external collaborators—to more fully follow least privilege access principles while still enabling seamless collaboration. 

I'm pleased to announce that we're helping organizations to more easily manage this situation by creating a new ID Governance license for business guests. This license will operate on a monthly active usage (MAU) model. Customers will be able to acquire licenses matching their anticipated business guest MAU.

To help our customers expand least privilege access to their business guests, ID Governance for business guest licenses will be priced at $0.75 per MAU, and we anticipate making them available in spring 2024. In the interim, organizations that govern the identities of their employees with ID Governance can govern the identities of their business guests for no additional cost. Existing Azure AD External ID customers are grandfathered to continue using the subset of identity governance features that are included in P1 and P2.

Why govern the identities of business guests? 

Business guests are external collaborators who need access to an organization's resources and applications for a specific purpose and duration. Examples of business guests include contractors, consultants, vendors, or partners. Business guests pose unique challenges for identity governance, as they often have dynamic and unpredictable access needs, and they may not follow internal policies and standards. Without proper governance, business guests can introduce access risks, such as over-privileged accounts, orphaned accounts, or unauthorized access. 

Microsoft Governance helps address these challenges by enabling you to: 

  • Define and enforce access policies for business guests, such as requiring sponsorship, approval, and attestation. 
  • Automate the provisioning and deprovisioning of business guest accounts, based on their project or contract duration. 
  • Monitor and audit the access activities and behaviors of business guests and detect and remediate any anomalies or violations. 
  • Provide a method for internal sponsors to review and approve their requests. 

With this step, our customers can ensure that all identities in their organization are governed. Thank you for partnering with us to help protect your digital estates. 

Kaitlin Murphy 

Director, Product Marketing 


Learn more about Microsoft Entra: 


This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.