M365Corner

🔧 New: User Management Graph PowerShell Toolkit

Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.

🚀 Launch Toolkit
M365 PowerShell

Email Guest Users List to Microsoft 365 Administrator Using PowerShell

Managing guest accounts is an important task for administrators to ensure tenant security and compliance. With Microsoft Graph PowerShell, you can automate the retrieval of all guest users and have the list delivered straight to your inbox. Below is a simple yet powerful script to achieve this.


i) The Script



# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All","Mail.Send"

# Fetch all guest users
$Guests = Get-MgUser -All -Filter "userType eq 'Guest'" `
    -Property DisplayName, UserPrincipalName, Mail

# Export guest users to CSV
$ReportPath = "$env:TEMP\GuestUsers.csv"
$Guests | Select-Object DisplayName, UserPrincipalName, Mail |
    Export-Csv -Path $ReportPath -NoTypeInformation -Encoding UTF8

# Prepare email content
$AdminUPN = "admin@yourtenant.onmicrosoft.com"   # Change to your admin email
$Subject  = "Guest Users Report - $(Get-Date -Format 'yyyy-MM-dd')"
$Body     = "Hello Admin,

Please find attached the latest list of guest users in your tenant.

Regards,
Graph PowerShell Script"

# Attach the CSV file
$AttachmentContent = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($ReportPath))
$Attachments = @(
    @{
        "@odata.type" = "#microsoft.graph.fileAttachment"
        Name = "GuestUsers.csv"
        ContentBytes = $AttachmentContent
    }
)

# Build the mail body
$Message = @{
    Message = @{
        Subject = $Subject
        Body = @{
            ContentType = "HTML"
            Content     = $Body
        }
        ToRecipients = @(
            @{
                EmailAddress = @{
                    Address = $AdminUPN
                }
            }
        )
        Attachments = $Attachments
    }
    SaveToSentItems = "true"
}

# Send the email
Send-MgUserMail -UserId $AdminUPN -BodyParameter $Message

Write-Host "Guest users report emailed successfully to $AdminUPN"


ii) How the Script Works

  1. Authentication – The script starts by connecting to Microsoft Graph with the required scopes (User.Read.All and Mail.Send).
  2. Fetch Guest Users – It uses the Get-MgUser cmdlet with the filter userType eq 'Guest' to retrieve all guest accounts.
  3. Export to CSV – The list of guest users (DisplayName, UserPrincipalName, and Mail) is exported to a CSV file stored in the temp directory.
  4. Prepare Email – A subject line and HTML-based email body are created, along with an attachment that includes the CSV file.
  5. Send Email – The Send-MgUserMail cmdlet sends the email to the administrator with the guest user list attached.

This ensures administrators receive up-to-date guest user data in their inbox.


iii) Further Enhancements

  • Scheduling – Configure the script to run daily/weekly via Task Scheduler or Azure Automation.
  • Additional User Properties – Include other fields such as CreatedDateTime, LastSignInDate, or AccountEnabled for deeper insights.
  • Multiple Recipients – Send the report to multiple admins or a distribution list.
  • Cloud Storage – Store the CSV file in SharePoint, OneDrive, or Azure Blob for long-term tracking.
  • HTML Reports – Instead of a CSV attachment, generate a formatted HTML table and embed it in the email body.

iv) Use Cases

  • Security Monitoring – Regularly review external accounts to prevent unauthorized access.
  • Compliance Audits – Provide auditors with an updated list of all guest users.
  • Lifecycle Management – Identify inactive guest accounts for cleanup.
  • Access Reviews – Help business owners validate which guest users still require access.

v) Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation The account running the script lacks required Graph API permissions. Use an account with appropriate roles and consent to the scopes User.Read.All and Mail.Send.
Send-MgUserMail : Resource not found for the segment 'users' Incorrect or invalid admin UPN specified in $AdminUPN. Ensure the $AdminUPN value matches a valid mailbox in your tenant.
Access Denied when running in non-admin environment Limited permissions in PowerShell session. Run the script with elevated privileges or in a context with delegated rights.
Email Sent but No Attachment The CSV file was not created or was empty. Verify $ReportPath and ensure guest accounts exist in your tenant.

vi) Conclusion

This Graph PowerShell script provides administrators with an efficient way to automatically fetch and review guest users in their tenant. By emailing the list directly, it eliminates the need for manual exports and ensures visibility into external accounts. With small tweaks, the script can be extended for scheduled execution, richer reports, and integration into governance workflows.

Using automation like this not only improves efficiency but also strengthens the security posture of your Microsoft 365 environment.


Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex