Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Guest user activity

Copper Contributor

Wondering if anyone has found a way to check on activity for guest users.

For instance, last time they even logged in or last password reset like the things you're able to find in MSOL. 

 

Trying to scope out the inactive guest users.

The closest thing I can find is the WhenChanged attribute within their mailuser and even that value is a bit unreliable. 

9 Replies

Hi Adam!

Thanks, yeah I believe I've seen that article before and it deals more with Guest users within certain teams.

My ultimate goal was to reduce the number of Guest users in my tenant, as it appears to be getting out of hand. 

With this, I was hoping to see if the Guest user hasn't logged in within a few months or a year we can simply delete them. 

I did find this sign in log tutorial: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-signin-logs-down...

 
But i believe its only checks up to a month if I recall correctly. 

Guest activities should be recorded in the Office 365 Unified Audit log, just like with regular users. On the Azure AD side of things, you can check the Sign-in logs, which you already found, and the Audit logs next to them.

@VasilMichev 

 

Would you happen to know how to search who enabled "guests" access in Teams?

@Justin Scarborough 

 

It should be in the Audit logs for the guest user.

Under the Initiated by (Actor) field.

@Anthony Leong 

 

I am assuming the AL located in Azure. I was in there - and I am somewhat barely familiar with how to pull it. 

 

Are you able to tell me certain conditions i can use to pull it faster? If i do the initiated by actor - my name - it pulls up everything I do when I am just trying to look for a specific "Who turned on guest access" not per account - But tenant wide

@Justin Scarborough

 

 

Ah gotcha, sorry not sure for tenant wide.

I meant for a specific guest user. 

Look Adam, I need the same login information for guest users, did you get anything?

@Anthony Leong 

Did you ever get a powershell script to identify inactive guest user accounts older than XX (days)?