Monitoring guest user sign-in activity is crucial for maintaining security and ensuring proper access management within your Microsoft 365 environment. With the Microsoft Graph PowerShell module, you can efficiently track and report on guest user sign-ins. This article will guide you through a PowerShell script that checks guest user sign-in activity and exports the results to a CSV file.
Below is the PowerShell script that retrieves guest user sign-in activity for the past 30 days and exports the data to a CSV file:
# Install the Microsoft Graph PowerShell module if not already installed
# Install-Module Microsoft.Graph -Scope CurrentUser
# Import the Microsoft Graph module
Import-Module Microsoft.Graph
# Authenticate to Microsoft Graph
Connect-MgGraph -Scopes "AuditLog.Read.All" "User.Read.All" "Directory.Read.All"
# Define the date range for checking sign-in activity (e.g. last 30 days)
$startDate = (Get-Date).AddDays(-30).ToString("yyyy-MM-ddTHH:mm:ssZ")
$endDate = (Get-Date).ToString("yyyy-MM-ddTHH:mm:ssZ")
# Get all guest users
$guestUsers = Get-MgUser -Filter "UserType eq 'Guest'" -All
# Initialize an array to store guest user sign-in activity
$guestUserSignInActivities = @()
# Check if any guest users exist
if ($guestUsers.Count -eq 0) {
Write-Host "No guest users found."
} else {
# Loop through each guest user and get their sign-in activity
foreach ($guestUser in $guestUsers) {
$userId = $guestUser.Id
$signInActivities = Get-MgAuditLogSignIn -Filter "userId eq '$userId' and createdDateTime ge $startDate and createdDateTime le $endDate" -All
if ($signInActivities) {
foreach ($activity in $signInActivities) {
$guestUserSignInActivities += [PSCustomObject]@{
UserId = $guestUser.Id
UserPrincipalName = $guestUser.UserPrincipalName
DisplayName = $guestUser.DisplayName
SignInDateTime = $activity.createdDateTime
Status = $activity.status.additionalDetails
}
}
}
}
# Export the guest user sign-in activities to a CSV file
$guestUserSignInActivities | Export-Csv -Path "GuestUserSignInActivities.csv" -NoTypeInformation
# Output the results to the console
$guestUserSignInActivities | Format-Table -AutoSize
The script works as follows:
Install-Module
line.AuditLog.Read.All
, User.Read.All
, and Directory.Read.All
).GuestUserSignInActivities.csv
and displayed in the console.try {
# Code to fetch sign-in activities
} catch {
Write-Host "An error occurred: $_"
}
# Send email notification if no sign-in activity
if ($guestUserSignInActivities.Count -eq 0) {
Send-MailMessage -To "admin@domain.com" -Subject "No Guest User Sign-In Activity" -Body "No sign-ins detected for guest users in the past 30 days."
}
Tracking guest user sign-in activity is vital for ensuring the security and proper management of your Microsoft 365 environment. This PowerShell script provides a simple yet effective way to monitor and report on guest user sign-ins. By implementing the suggested improvements, you can enhance the script's functionality and make it a powerful tool for your IT management toolkit.
© m365corner.com. All Rights Reserved. Design by HTML Codex