Microsoft Azure has a tenant-level feature that allows all Azure Active Directory (AAD) members to create and invite guest users. The official name for this feature is Azure Active Directory B2B. The idea is simple: say your company needs to collaborate with an external vendor or a consultant, and you need to show them some nifty app demos you have set up in your company’s Azure tenant. You don’t want to make the app available for everyone on the internet to see. An easy solution to this problem is to invite them into your tenant as a guest user. Once you have sent them an invite, you can pull the guest user’s profile in AAD and assign them access to subscriptions and grant them roles as needed. This is indeed very convenient. As it is often the cases with convenient features, this comes with its own set of risks.