This might have slipped under your radar, but Microsoft enforced a major change on January 30th that’s affecting Identity Governance for guest users. I’m seeing some confusion about it, so I wanted to break it down.
You now need an Azure subscription to use Identity Governance features for guest users. If you haven’t done this yet, you’re probably already running into issues. That means:
- ❌No new access reviews for guest users
- ❌Can’t update entitlement management policies involving guests
- ❌Can’t create or edit lifecycle workflows scoped to guests
- ❌Basically, any new governance action for guests is blocked
Microsoft shifted to a Monthly Active User billing model for guest governance, as they need proper billing tracking for governance actions on guest accounts, so subscription linkage became mandatory.
To resolve the issues, head to Entra → ID Governance → Dashboard, find the Guest Access Governance panel, and link your Azure subscription. You’ll need Contributor role permissions. The setup walks you through picking a subscription and resource group – takes about 10 minutes.
If you’re managing guest access and haven’t linked a subscription yet, prioritize this today. Your team might already be stuck, wondering why policies won’t save.