Getting inactive or empty groups in Azure

Question

Access Reviews.

My client wants to get a report of inactive or empty groups in Azure

I attached the screenshots showing that Access Review has only checkbox to report on inactive users but not groups.

How can we get a report in Azure for inactive or empty groups in Azure through either KQL or Azure Access Review method?
Note: client has mostly synched groups from AD.

Thank you very much!

Answer 1

@Claudia Ferguson

Thank you for reaching out to us. As I understand you are trying to retrieve the information about inactive or empty groups in Azure AD.

Currently there is no option in Azure AD portal to retrieve this information, however you can run the below PowerShell commands to achieve the desired result ( helps to find the groups with no members in it ).

Get-MsolGroup -GroupType Security | ? {(Get-MsolGroupMember -GroupObjectId $_.ObjectId).count -eq 0 }

Get-MsolGroup -GroupType DistributionList | ? {(Get-MsolGroupMember -GroupObjectId $_.ObjectId).count -eq 0 }

Get-MsolGroup -GroupType MailenabledSecurity | ? {(Get-MsolGroupMember -GroupObjectId $_.ObjectId).count -eq 0 }

I have tested the above commands in my lab, it works as expected.

Let me know if you have any further questions.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

The above answer only describes how to list empty groups. The other part of the question is how to retrieve a list of Inactive groups (for instance, list all groups that haven't been modified in x amount of months or years). Is there a solution for this?