Filter Out Guest and Service Accounts
When you first connect your OneDirectory to Microsoft 365 to sync your user profiles, you may notice that in addition to the employee profiles there may be many external guest accounts and service accounts in your OneDirectory.
This is because Azure Active Directory (Azure AD) not only stores accounts for your employees, but also stores user objects for any external identities that you may have invited into your organization (for example, via B2B collaboration).
Since these guest accounts are managed in the same Active Directory instance as your employee accounts, when synced into OneDirectory they will be pulled through as well. Which can be a good thing if you're looking to give external users access to your employee directory, and we have many customers who do.
But most of the time, you'll not want your external guest accounts showing in your company's internal employee directory.
Additionally, any service accounts that you use for various Microsoft applications and services will also exist in your AD environment and the same problem exists there.
To solve this, we've added a neat little feature that helps you automatically hide the guest accounts and service accounts from your OneDirectory 😎
To enable the feature, go to Settings > Filtering Rules, and toggle on Hide guest accounts and Hide service accounts, then click Save changes.
Here's what happens when you enable these settings.
For guest accounts, OneDirectory will automatically hide any accounts now and in the future that are annotated as external accounts in Azure AD. You don't need to do anything to mark an account as an external/guest account in AD, it already knows.
For service accounts however, since there is no way to automatically tell if an account in Active Directory is a service account or not, OneDirectory uses directory intelligence to figure out which accounts are most likely service accounts based on a variety of factors. These accounts are then marked as hidden in OneDirectory, both now and in future if new service accounts are added to your AD and are propagated to OneDirectory.
Another small addition is that you can now see which filtering rules have been applied to specific accounts.
To do this, switch to edit mode and hover over the "eye" icon on the left of any hidden account, and you'll see which rules have been applied to cause that account to be hidden.
Of course, you are still able to exclude accounts manually by toggling them to hide or show individually. You can do this by using the toggle switch on the left of each account when in edit mode.
We hope these new filtering features helps make it easier for you to keep unwanted accounts out of your OneDirectory!