Forum Discussion
Deactivate Inactive Guest Users last 3 months
Hi, I am looking for a quick and easy solution for deactivating all guest users in Azure AD that has not logged in to their account the last 3 months. Appreciate all answers! Br,
Take a look at this article by Tony: https://petri.com/guest-account-obsolete-activity
If you are looking for UI-based approach, try Access reviews: https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews
If you are looking for UI-based approach, try Access reviews: https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews
- Hi and thanks for the reply!
Just a question, I know abot the access review functionality, but have not discovered yet how that can be used for this purpose. What configuration in that review can be used to automatically deactivate a guest account based on last sign in date?- It's not fully automatic, but you can use the "No sign-in within 30 days" setting to "suggest" to reviewers that such guests can be removed. Combine it with the appropriate action, and it's almost automated.
- Hi!
30 days of inactivity is a too low value for this particular organization to define the account as inactive. The value needs to be 90 days since last sign in, retrive a list of these guest users and deactivate their accounts.
I found this article on Microsoft Graph API, retrieving a list of the last sign in date of all users: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts
"https://graph.microsoft.com/beta/users?$select=displayName,signInActivity"
Can anyone help me write the same call, but only for guest users? Provide a list of all guest users last sign in date, then extract the output to .csv file? Then I can filter out all accounts not signed in the last 90 days.
