https://cloudrun.co.uk/office365/securing-guest-access-in-azure-ad/