How to get the report of guest users in tenants who are invited by which individual users to the tenant as guests via PowerShell script or Graph API?

Question

How to get the report of guest users in tenants who are invited by which individual users to the tenant as guests via PowerShell script or Graph API?

For example: There is user with UPN ******@abc.com who has invited external user as guest with UPN ******@jkl.com to the tenant from Teams or any other way.

Answer 1

To generate a report of guest users in an Azure AD tenant and identify who invited them, you can use either PowerShell or the Microsoft Graph API. Both methods require specific permissions and pre-configurations. Here's how you can do it with each method:

1. Using PowerShell

To use PowerShell, you need to have either the AzureAD or MSOnline module installed. Here’s how to do it with AzureAD:

1. Install AzureAD Module (if not already installed):

      Install-Module -Name AzureAD
   

2. Connect to Azure AD:

      Connect-AzureAD
   

3. Get the List of Invited Users and Who Invited Them: This script will look for all guest users and then try to find who invited them.

      $invitedUsers = Get-AzureADUser -Filter "userType eq 'Guest'"
      foreach ($user in $invitedUsers) {
          # Here, you can add logic to find out who invited each user
          # This can be complex, as Azure AD doesn’t directly store this information
      }
   

   Note: Azure AD does not directly store the information about who invited each guest user. This information might be traceable through audit logs, but it requires additional logic and permissions to access these logs.

2. Using Microsoft Graph API

The Microsoft Graph API offers a more flexible and powerful way to work with Azure AD data.

1. Register an Application in Azure AD to get a Client ID and Client Secret.
2. Set the necessary permissions on the registered application (like User.Read.All to read user data).
3. Make the API Request to get guest users:

• Endpoint for users: https://graph.microsoft.com/v1.0/users
• Filter for guest user type and then conduct additional searches to determine who invited them. Example Graph API Request:

     GET https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'
  

Like with PowerShell, determining who invited each user is more complex and might require reviewing audit logs available through the Graph API.

Since the direct identification of the inviter isn't explicitly available, this process involves additional steps and possibly reviewing audit logs to ascertain who invited each user. If you need more assistance with the scripts or setting up the Graph API, feel free to ask.

If you find this information helpful, please remember to accept the answer. And if you have more questions about Azure, Microsoft 365, or Windows, I'm here to help!