Forum Discussion
Inactive Guest users in Azure Active Directory Organizational relationships
Need a Power Shell script that would provide a list of stale guest accounts with the last log in date for users who don't have a mailbox? Additionally that haven't signed in for 90 days.
These are users that show up in the following blade: Organizational relationships | Users from other organizations, and have External Azure Active Directory guest access
I have a sample script here: https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.ps1
https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.md
But it still requires you to fiddle with it a bit if you only want the Guest users data, and setting it up might also be challenging if you haven't done such things before. Your only other option is to get the Sign-in logs from the Azure AD blade, then filter them out in a external tool.
7 Replies
- Hi Chad,
The problem you are trying to solve could be solved by the "Access Review" feature in Azure AD Premium P2.
"As people move teams or leave the company, how do you ensure their old access is removed, especially when it involves guests?"
To learn more:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview Use the SignInActivity property/endpoint: https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-beta&tabs=http#example-3--list-users-including-their-last-sign-in-time
Thanks, but how would one use this please? Not familiar with coding. Was looking for a powershell script please.
I have a sample script here: https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.ps1
https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.md
But it still requires you to fiddle with it a bit if you only want the Guest users data, and setting it up might also be challenging if you haven't done such things before. Your only other option is to get the Sign-in logs from the Azure AD blade, then filter them out in a external tool.
