Forum Discussion
Deactivate Inactive Guest Users last 3 months
Hi, I am looking for a quick and easy solution for deactivating all guest users in Azure AD that has not logged in to their account the last 3 months. Appreciate all answers! Br,
Hi and thanks for the reply!
Just a question, I know abot the access review functionality, but have not discovered yet how that can be used for this purpose. What configuration in that review can be used to automatically deactivate a guest account based on last sign in date?
Just a question, I know abot the access review functionality, but have not discovered yet how that can be used for this purpose. What configuration in that review can be used to automatically deactivate a guest account based on last sign in date?
It's not fully automatic, but you can use the "No sign-in within 30 days" setting to "suggest" to reviewers that such guests can be removed. Combine it with the appropriate action, and it's almost automated.
- Hi!
30 days of inactivity is a too low value for this particular organization to define the account as inactive. The value needs to be 90 days since last sign in, retrive a list of these guest users and deactivate their accounts.
I found this article on Microsoft Graph API, retrieving a list of the last sign in date of all users: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts
"https://graph.microsoft.com/beta/users?$select=displayName,signInActivity"
Can anyone help me write the same call, but only for guest users? Provide a list of all guest users last sign in date, then extract the output to .csv file? Then I can filter out all accounts not signed in the last 90 days.- Here you go:
https://graph.microsoft.com/beta/users?$filter=userType eq 'Guest'&$select=displayName,signInActivity- Excellent, thanks! So if I directly want to identify only guest users with a lastsignindatetime before a specified date (approx. 90 days) it will be like this?
https://graph.microsoft.com/beta/users?$filter=userType eq 'Guest'&$select=displayName,signInActivity/lastSignInDateTime le 2021-09-30T00:00:00Z
How can the output from Graph Explorer be extracted to a .csv file? We expect results of several thousands of users.