SOLVED

Inactive Guest users in Azure Active Directory Organizational relationships

Copper Contributor

Need a Power Shell script that would provide a list of stale guest accounts with the last log in date for users who don't have a mailbox? Additionally that haven't signed in for 90 days.  

These are users that show up in the following blade: Organizational relationships | Users from other organizations, and have External Azure Active Directory guest access

7 Replies

@VasilMichev 

Thanks, but how would one use this please? Not familiar with coding. Was looking for a powershell script please.

@Chad Rodriguez With a bit of back end work you can actually put that code chunk into a Powershell script if I recall correctly... 

best response confirmed by Chad Rodriguez (Copper Contributor)
Solution

I have a sample script here: https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.ps1

https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.md

 

But it still requires you to fiddle with it a bit if you only want the Guest users data, and setting it up might also be challenging if you haven't done such things before. Your only other option is to get the Sign-in logs from the Azure AD blade, then filter them out in a external tool.

@VasilMichev 

 

Is that basically the same approach you would give PowerBI rights to do the same type of User queries? 

 

As I read things there is no Powershell cmdlet, at least in the MS supplied module, for this type of query.

@PeterJ_Inobits 

would be nice, thanks for checking as I wasn't finding anything either. 

Hi Chad,
The problem you are trying to solve could be solved by the "Access Review" feature in Azure AD Premium P2.
"As people move teams or leave the company, how do you ensure their old access is removed, especially when it involves guests?"
To learn more:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
1 best response

Accepted Solutions
best response confirmed by Chad Rodriguez (Copper Contributor)
Solution

I have a sample script here: https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.ps1

https://github.com/michevnew/PowerShell/blob/master/Graph_Last_Login_Date.md

 

But it still requires you to fiddle with it a bit if you only want the Guest users data, and setting it up might also be challenging if you haven't done such things before. Your only other option is to get the Sign-in logs from the Azure AD blade, then filter them out in a external tool.

View solution in original post