Monitor Guest User Invitations in Microsoft 365 Using Graph PowerShell
This guide demonstrates how to monitor guest user invitations in Microsoft 365 using Graph PowerShell. Learn to retrieve invitation statuses, track pending invites, and export invitation details with practical examples.
Monitoring guest user invitations in Microsoft 365 is crucial for ensuring that external collaborators have timely and proper access to your organization's resources. This guide will show you how to use Graph PowerShell to track the status of guest user invitations and generate reports.
Prerequisites
- Install the Microsoft Graph PowerShell module by running
Install-Module Microsoft.Graph -Scope CurrentUser. -
Ensure you have the necessary permissions to read user data and directory information. Connect to Microsoft Graph with the following command:
Connect-MgGraph -Scopes "User.Read.All" "Directory.Read.All"
Script: Monitoring Guest User Invitations
The following script retrieves and displays the status of guest user invitations, showing whether they are pending, accepted, or expired.
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All" "Directory.Read.All"
# Retrieve guest users
$guestUsers = Get-MgUser -Filter "userType eq 'Guest'"
# Check if any guest users were found
if ($guestUsers -ne $null -and $guestUsers.Count -gt 0) {
$invitationStatusList = @()
foreach ($guestUser in $guestUsers) {
# Attempt to retrieve additional properties
$userDetails = Get-MgUser -UserId $guestUser.Id -Property ExternalUserState, CreatedDateTime, ExternalUserStateChangeDateTime
$status = if ($userDetails.ExternalUserState) {
$userDetails.ExternalUserState
} else {
"Unknown"
}
$invitedDate = if ($userDetails.CreatedDateTime) {
$userDetails.CreatedDateTime
} elseif ($userDetails.ExternalUserStateChangeDateTime) {
$userDetails.ExternalUserStateChangeDateTime
} else {
"Unknown"
}
$invitationStatusList += [PSCustomObject]@{
Email = $guestUser.UserPrincipalName
Status = $status
InvitedDate = $invitedDate
}
}
$invitationStatusList | Format-Table -AutoSize
} else {
Write-Output "No guest user invitations found."
}When you run the script, you get an output similar to the one shown here:
Explanation of the Script
Connect to Microsoft Graph
The script starts by connecting to Microsoft Graph with the necessary permissions to read user data and directory information.
Connect-MgGraph -Scopes "User.Read.All" "Directory.Read.All"Retrieve Guest Users
The script then retrieves all guest users in the directory using the Get-MgUser cmdlet and filters for users where userType is Guest.
$guestUsers = Get-MgUser -Filter "userType eq 'Guest'"Check for Guest Users
It checks if any guest users were found and proceeds to process each guest user.
if ($guestUsers -ne $null -and $guestUsers.Count -gt 0) {Retrieve Additional Properties
For each guest user, the script retrieves additional properties such as ExternalUserState, CreatedDateTime, and ExternalUserStateChangeDateTime.
$userDetails = Get-MgUser -UserId $guestUser.Id -Property ExternalUserState, CreatedDateTime, ExternalUserStateChangeDateTimeDetermine Status and Invited Date
The script determines the status and invited date of the guest user. If these properties are not available, it defaults to "Unknown".
$status = if ($userDetails.ExternalUserState) {
$userDetails.ExternalUserState
} else {
"Unknown"
}
$invitedDate = if ($userDetails.CreatedDateTime) {
$userDetails.CreatedDateTime
} elseif ($userDetails.ExternalUserStateChangeDateTime) {
$userDetails.ExternalUserStateChangeDateTime
} else {
"Unknown"
}Collect Results
It collects the results in a list and formats the output in a table.
$invitationStatusList += [PSCustomObject]@{
Email = $guestUser.UserPrincipalName
Status = $status
InvitedDate = $invitedDate
}
$invitationStatusList | Format-Table -AutoSizeNo Invitations Found
If no guest users are found, it outputs a message.
} else {
Write-Output "No guest user invitations found."
}Possible Errors You Might Face
Possible errors you might face and how to solve them.
| Error | Cause | Solution |
|---|---|---|
| Insufficient Permissions | Insufficient privileges to complete the operation. | Ensure you have the necessary permissions. Connect to Microsoft Graph with the appropriate scopes:
Connect-MgGraph -Scopes "User.Read.All" "Directory.Read.All" |
| No Invitations Found | No guest user invitations found. | Verify that invitations have been sent. If you are sure there are invitations, ensure the account you are using has the necessary permissions to view them. |
| Rate Limiting | Too many requests. | If you are querying a large number of invitations, you might hit the rate limit. Consider adding delays between requests or running the script during off-peak hours. |
Frequently Asked Questions
- How can I list all guest user invitations in Microsoft 365?
- How can I filter guest invitations that are still pending?
- Can I export guest user invitation details to a CSV file?
- How can I monitor guest invitations for a specific inviter?
- What permissions are required to monitor guest user invitations?
Use the following script to retrieve all guest user invitations:
Get-MgInvitation -AllUse the -Filter parameter to fetch pending invitations. Example:
Get-MgInvitation -Filter "status eq 'PendingAcceptance'" -AllYes, use this script to export invitation details:
$Invitations = Get-MgInvitation -All
$Invitations | Select-Object InvitedUserDisplayName, InvitedUserEmailAddress, InviteRedeemUrl, Status | Export-Csv -Path "C:\Path\To\GuestInvitations.csv" -NoTypeInformation
Filter by the inviter’s email using the invitedBy property:
Get-MgInvitation -Filter "invitedBy/userPrincipalName eq 'admin@domain.com'" -AllYou need the Directory.Read.All or User.Invite.All permission in Microsoft Graph PowerShell. Ensure appropriate permissions are granted and consented.
Conclusion
By using this script, you can efficiently monitor the status of guest user invitations in Microsoft 365. This allows you to ensure that external users are properly onboarded and can access the necessary resources without delay. Regular monitoring helps in maintaining security and tracking the invitation lifecycle.
For more PowerShell scripts and tips on managing Microsoft 365, visit M365Corner.com.
Related Articles:
Using Get-MgDirectoryRole in Graph PowerShellUsing Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell