Microsoft 365 Guest User Account Reporting Using Graph PowerShell

Managing and auditing guest users in Microsoft 365 is an important task for administrators. Automating this process with Graph PowerShell can significantly streamline your administration tasks. Below is a detailed script to fetch and generate a report of all guest users in your Microsoft 365 environment, including their Display Name, User Principal Name, and Invitation Status.


PowerShell Script

# Install the Microsoft.Graph module if not already installed
Install-Module -Name Microsoft.Graph -Force -AllowClobber

# Connect to Microsoft 365
Connect-MgGraph -Scopes "User.Read.All"

# Define the output CSV file path
$outputFile = "C:\Reports\GuestUsersReport.csv"

# Initialize an array to store guest user details
$guestUsersReport = @()

# Get all guest users
$guestUsers = Get-MgUser -Filter "UserType eq 'Guest'" -All -Property DisplayName, UserPrincipalName, ExternalUserState

# Process each guest user
foreach ($guestUser in $guestUsers) {
    $guestUserDetails = [PSCustomObject]@{
        DisplayName       = $guestUser.DisplayName
        UserPrincipalName = $guestUser.UserPrincipalName
        InvitationStatus  = $guestUser.ExternalUserState
    }
    $guestUsersReport += $guestUserDetails
}

# Export the report to a CSV file
$guestUsersReport | Export-Csv -Path $outputFile -NoTypeInformation

Write-Output "Guest users report generated: $outputFile"

# Disconnect from Microsoft 365
Disconnect-MgGraph

The CSV file output by the script should look like this:



Script Explanation

Prerequisites:

  • Ensure the Microsoft.Graph module is installed and connected to your Microsoft 365 tenant.
  • The Connect-MgGraph command initiates a connection to Microsoft 365 with the required scopes for reading user information, namely User.Read.All.

Define Output File:

  • Specify the path for the output CSV file where the guest users report will be saved.

Initialize Array:

  • Initialize an array to store guest user details.

Get Guest Users:

  • Retrieve all guest users with the properties DisplayName, UserPrincipalName, and ExternalUserState using the Get-MgUser cmdlet with the filter UserType eq 'Guest'.

Process Each Guest User:

  • Loop through each guest user, create a custom object with the required details, and add each guest user’s details to the array.

Export Report:

  • Export the array of guest user details to a CSV file at the specified path using the Export-Csv cmdlet.

Disconnect:

  • The Disconnect-MgGraph command ends the session with Microsoft 365.

Enhancements

  • Add More Guest User Details: Include additional guest user properties such as Job Title, Department, or Invitation Date in the report. For example, you can add these properties to the $guestUser query and include them in the custom object.
  • Filter Guest Users: Add filters to generate reports for specific guest users, such as those from a specific domain or with a specific invitation status. Modify the script to include additional filtering logic before adding details to the array.
  • Schedule the Script: Schedule the script to run at regular intervals using Windows Task Scheduler or Azure Automation to keep the report updated. This ensures you always have the latest information on guest users.
  • Email Report: Add functionality to email the report to administrators once it is generated. You can use the Send-MailMessage cmdlet to send the CSV file as an attachment.

Conclusion

Automating the retrieval of guest users using Graph PowerShell simplifies administrative tasks, saving time and reducing the potential for human error. This script provides a straightforward way to generate comprehensive reports on guest users, ensuring you have up-to-date information on who has access to your Microsoft 365 environment.

By further enhancing the script, you can add more functionalities and make it an even more powerful tool in your administrative toolkit. Embrace automation and streamline your Microsoft 365 management with the power of Graph PowerShell!


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex