TenLens
Back to script library
Entra / Microsoft 365 · Users & guests

Report Entra ID guest sponsors

Report the sponsors assigned to Entra ID guest accounts.

Connect & set up

Run these once per session. All scopes are read-only unless the script makes changes.

Connect-MgGraph -NoWelcome -Scopes User.ReadWrite.All

Run it

The main script. Copy it, or download the .ps1 and run it from your console.

Connect-MgGraph -NoWelcome -Scopes User.ReadWrite.All
 
[int]$Threshold = 500
 
Write-Host "Finding guest accounts to analyze..." -ForegroundColor Green
[array]$Guests = Get-MgUser -Filter "userType eq 'Guest'" -All `
    -Property Id, DisplayName, Sponsors, CreatedDateTime, SignInActivity, Mail -ExpandProperty Sponsors | Sort-Object DisplayName
If (!($Guests)) {
    Write-Host "No guest accounts found." -ForegroundColor Red
}
 
Write-Host ("Checking {0} guest accounts..." -f $Guests.Count) -ForegroundColor Green
$Report = [System.Collections.Generic.List[Object]]::new()
 
ForEach ($Guest in $Guests) {
    $SponsorNames = $null
    If ($Null -eq $Guest.Sponsors.Id) {
        $SponsorNames = "No sponsor assigned"
    } Else {
        $SponsorNames = $Guest.Sponsors.additionalProperties.displayName -join ", "
    }
 
    $SignInDate = $null
    If ([string]::IsNullOrEmpty($Guest.SignInActivity.LastSuccessfulSignInDateTime)) {
        $SignInDate = "No sign-in activity"
        [int]$DaysSinceSignIn = (New-TimeSpan $Guest.CreatedDateTime).Days
    } Else {
        $SignInDate = Get-Date($Guest.SignInActivity.LastSuccessfulSignInDateTime) -format 'dd-MMM-yyyy HH:mm'
        [int]$DaysSinceSignIn = (New-TimeSpan $SignInDate).Days
    }
 
    $ReportLine = [PSCustomObject] @{
        Name                 = $Guest.DisplayName
        Email                = $Guest.Mail
        'Sponsor Names'      = $SponsorNames
        Created              = Get-Date($Guest.CreatedDateTime) -format 'dd-MMM-yyyy HH:mm'
        'Last Sign In'       = $SignInDate
        'Days Since Sign In' = $DaysSinceSignIn.ToString()
    }
    $Report.Add($ReportLine)
}
 
$Report | Out-GridView -Title "Entra ID Guest Account Sponsors"
 
# List all the guest accounts (and their sponsors) that haven't signed in for more than the threshold number of days
$OldGuests = $Report | Where-Object {$_.'Days Since Sign In' -as [int] -gt $Threshold}
Write-Host ""
Write-Host ("The following guest accounts have not signed in for more than {0}} days:" -f $Threshold) -ForegroundColor Red
Write-Host ""
$OldGuests | Format-Table Name, 'Sponsor Names', 'Days Since Sign In', 'Last Sign In' -AutoSize
Attribution
Author
Office365itpros
Related scripts
Entra / Microsoft 365 · Exchange Online

Add contacts to mailboxes

Copies organizational contacts from a SharePoint list into Exchange user mailboxes for newly licensed users, using app-only Microsoft Graph permissions.

Entra / Microsoft 365 · Applications

Add owners to apps

Finds Entra ID app registrations without owners and assigns the last modifier or creator as owner, using unified audit log records to identify who last managed each app.

Entra / Microsoft 365 · Teams

Add Teams to group expiration policy

Adds Microsoft Teams whose backing groups are not yet covered by the Microsoft 365 group expiration policy.