Forum Discussion
Deactivate Inactive Guest Users last 3 months
Hi, I am looking for a quick and easy solution for deactivating all guest users in Azure AD that has not logged in to their account the last 3 months. Appreciate all answers! Br,
No, there's no way to export via the Graph explorer, afaik, unless you want to do manual copy/paste. You can always use PowerShell to query the Graph though, and exporting there is easy. The "Microsoft Graph" package can help you as well, in case you don't want to issue web requests directly: https://docs.microsoft.com/en-us/graph/powershell/installation
Alright, thanks again for all your replies! Then we have to go with powershell, with the Graph Powershell SDK - as I understand we can use the same query as in Graph Explorer.
So if I directly want to identify only guest users with a lastsignindatetime before a specified date (approx. 90 days) it will be like this?
https://graph.microsoft.com/beta/users?$filter=userType eq 'Guest'&$select=displayName,signInActivity/lastSignInDateTime le 2021-09-30T00:00:00Z
So if I directly want to identify only guest users with a lastsignindatetime before a specified date (approx. 90 days) it will be like this?
https://graph.microsoft.com/beta/users?$filter=userType eq 'Guest'&$select=displayName,signInActivity/lastSignInDateTime le 2021-09-30T00:00:00Z
- This cmdlet is basically a "wrapper" for the Graph queries we discussed above. It's pretty much the same thing. Anyway, to filter out Guest users only, simply check the corresponding property in your results.
$users = Get-MgUser -Filter "signInActivity/lastSignInDateTime le 2021-09-30T00:00:00Z"
$users | ? {$_.UserType -eq "Guest"} | ForEach-Object {@{ UserId=$_.Id}} | Update-MgUser -Settings $DisableUserHash -WhatIf - Hi again VasilMichev,
Maybe I found an even better solution to this problem. This command identify and deactivate all inactive users directly from powershell (got it from a John Savill youtube video). The only question now is how to ensure it only disable guest users, not all users. Anyone know?
$DisableUserHash = @{'accountEnabled' = 'false'}
Get-MgUser -Filter "signInActivity/lastSignInDateTime le 2021-09-30T00:00:00Z" |
ForEach-Object {@{ UserId=$_.Id}} | Update-MgUser -Settings $DisableUserHash -WhatIf - Not exactly, you cannot put filter statements as part of $select. Moreover, it looks like when filtering on lastSignInDateTime, you cannot use other clauses, so the Guest filter will need to be client-side. In other words, get the result of
https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2021-06-01T00:00:00Z&$select=id,displayName,userType
then filter based on userType in PowerShell, or in the exported CSV file.
