We are have several customer teams and a lot of B2B guest users in our AzureAD. Recently noticed that when a user is deleted in the home tenant, it will still remain in our AD.
Other than deleting it after a period of inactivity, is it possible, to do a regular cleanup like (pseudocode)
For each user in guest users
if removed from home tenant
delete user
To do this, I assume there must be some kind of flag in the guest user in our tenant. Would be nice to do it in Graph or PowerShell. Any clever ideas?
You can manage guest access with access reviews.
The idea behind the access review is that guest users participate in the review and re-certify their access.
When an access review is finished, you can then make changes and remove access for guests who no longer need it.
The Graph API supports access review but I would recommend to start with the doc and ask later if you need a help with some part of the access review flow.