Here's some sample PowerShell that will
- Identify Office 365 Groups with a "HBI" classification and if there are Guest users within the group.
- Identify the owners of the respective groups
- Identify the specific guest users within each group
This could be used in conjunction with Microsoft Flow to programmatically
- automate the removal of guest users from groups with specific classifications
- automate an email to the owners of the group to alert the presence of external (guest) users in an Office 365 Group
- automate an email to the owners of the group to indicate the Office 365 Group is not compliant with guest access policy and then programmatically disable/remove external guests
$Groups = Get-UnifiedGroup -Filter {GroupExternalMemberCount -gt 0} | Where-Object {$_.Classification -eq 'HBI'}
$groups| Format-Table -AutoSize DisplayName, Classification, GroupMemberCount, GroupExternalMemberCount, Managedby
ForEach ($G in $Groups)
{
$Ext = Get-UnifiedGroupLinks -Identity $G.Identity -LinkType Members
ForEach ($E in $Ext) {
If ($E.Name -match "#EXT#")
{ Write-Host "Group " $G.DisplayName "includes guest user" $E.Name }
}
}