Hi @shashi kaushal ,
Francis Lacroix created a blog post detailing how to do this.
He creates a runbook and queries all the guest users:
$guestUsers = Get-AzureADUser -Filter "UserType eq 'Guest' and AccountEnabled eq true"
His particular script queries whether the guest has signed in in the last seven days, but you could change it up and set it to 30 days:
You would just use
`$queryStartDateTime = (Get-Date).AddDays(-30)`
His script also disables inactive users, but you could cut that out if that's not part of your goal.
# For each Guest user, validate there is a login in the last week
foreach ($guestUser in $guestUsers) {
Write-Output "Getting User's logins for the last week"
$guestUserSignIns = Get-AzureADAuditSignInLogs -Filter "UserID eq '$($guestUser.ObjectID)' and createdDateTime ge $queryStartDateTimeFilter"
if ($guestUserSignIns -eq $null) {
Write-Output "No logins, blocking sign-in and sending email to manager"
# Block Sign-In
Set-AzureADUser -ObjectID $guestUser.ObjectID -AccountEnabled $false
# Get the manager
$manager = Get-AzureADUserManager -ObjectID $guestUser.ObjectID
# Format the subject and body
$targettedSubject = $subject -f $guestUser.DisplayName
$targettedBody = $body -f $guestUser.DisplayName
Send-MailMessage -To $manager.OtherMails[0] -Subject $targettedSubject -Body $targettedBody `
-From $fromAddress -SmtpServer $smtpServer -Credential $emailCredentials `
-Port 587 -UseSSL
}
You can follow the steps in the blog post here.
You can check for these in the audit and sign in logs, but as you mentioned there isn't a particular filter for guests. You could kind of filter in a hacky way by going to the audit logs, filtering on the activity, and specify "Redeem external user invite" to see when the users accepted the guest invitation. From there you could check their other audit logs (not great because it's multiple steps).
I would also recommend leveraging access reviews if your ultimate plan is to make sure that guests have appropriate access: https://learn.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews