How to remove guests from All users group in Microsoft Entra ID (formerly Azure AD)

Managing group membership efficiently is crucial for maintaining organizational security and access control. A key aspect of this involves configuring the All users group, a special dynamic group that automatically includes all internal users within your organization's directory. This simplifies assigning access permissions. However, it's important to note that the All users group also includes guest users by default. Guest users are external collaborators who often don't require the same level of access as your internal employees. Granting them access through the All users group could unintentionally provide them with permissions to your organization's internal resources.

To mitigate this risk, it's recommended to exclude guests from the All users group. This can be achieved by leveraging the dynamic membership rules in Microsoft Entra ID. By creating a custom rule that filters out guests, you can ensure the All users group only includes members of your organization. This way, you can maintain control over guest access and minimize the risk of unauthorized permission issues.

To remove guests from the All users group,

1. Log in to the Microsoft Entra admin center with privileges equivalent to a Groups Administrator or higher.
2. Navigate to Groups > All Groups.
3. Look for the All users group in the list of groups displayed using the search function.
4. Click on the All users group to open its settings.
5. Navigate to Dynamic Membership Rules > Configure Rules.
6. Click Edit next to the Rule syntax field.
7. Enter the syntax given below in the Rule syntax text box:

   (user.objectId -ne null) -and (user.userType -eq "Member")

8. Click OK.
9. Click Save to apply the changes.

About ManageEngine M365 Manager Plus

M365 Manager Plus is an extensive Microsoft 365 tool used for reporting, managing, monitoring, auditing, and creating alerts for critical incidents. With M365 Manager Plus, you can enhance the administration of your entire Microsoft 365 environment.

• Delegate specific tasks, access to selected reports, or control over specific objects in your environment via Virtual Tenants to your help desk, ensuring tasks are performed without elevating their Microsoft 365 privileges.
• Manage mailboxes, users, groups, sites, and contacts effortlessly in bulk.
• Gain a thorough understanding of your environment in Exchange Online, Azure Active Directory, SharePoint Online, OneDrive for Business, and other Microsoft 365 services with detailed reports.
• Keep tabs on even the most granular user activities in your Microsoft 365 environment.
• Monitor the health and performance of Microsoft 365 features and endpoints around the clock.