Find Guest Membership in Microsoft 365 Groups

Native Solution

Microsoft 365 Permission Required

High

Global Admin or a User Admin.

Option 1 Using Microsoft 365 Admin Center

Login to the Microsoft 365 admin center.
Navigate to the Guest Users section under the Users tab.
Click the desired user.

You can get the selected guest user's group membership in the Groups section as highlighted in the image above.

Option 2 Using Windows PowerShell

Connect to the Azure AD PowerShell.
Follow the below cmdlets to get the group memberships of Azure AD guest users.

Windows PowerShell

 Get-AzureADUser
Get-AzureADUserMembership

Option 3 Using PowerShell Script

As the above cmdlets cannot display the all guest users' group memberships in a single report, we have prepared a PowerShell script that can display the group memberships of all the guest users in your Microsoft 365 environment.
Download and run the following script in the Administrator PowerShell.

GuestUserReport.ps1

AdminDroid Solution

More than 150 reports are under free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 portal.
Navigate to Reports»Security»External User Reports»Group Membership.

Visualize the complete list of guest users’ group memberships along with their department, company, sign in status, location etc.

Take advantage of the built-in graphical representation capability to visually depict the number of guest users associated with each specific group.

Explore a full range of reporting options

Simple yet the best! Isn't it?

Revoke unnecessary guest user group membership before losing highly confidential data with the help of AdminDroid effectively!

Witness the report in action using the

Live Demo

Important Tips

Keep an eye on the groups with guest members and their count and disable unnecessary guest users from the Microsoft 365 groups.

Watch Microsoft 365 guest user login activities when they attempt to sign-in from unusual locations.

Monitor M365 guest users' group membership changes to avoid undesired suspicious attacks.

Azure ADFind the Guest Users’ Group Memberships to Avoid Sensitive Data Loss in Microsoft 365

Showing 1 of 5

Why are guest users added to Microsoft 365 groups? What are the risks of external access in Microsoft 365 groups? How to monitor external user group membership in Office 365? How to manage guest access in Office 365 groups? How to restrict guest access to a specific Microsoft 365 group?

Why are guest users added to Microsoft 365 groups?

Guest users are often added to Microsoft 365 groups to facilitate collaboration with users inside your organization. It is useful for companies that frequently work with external contractors, partners, or clients. Here are some reasons why admins add guest users to a Microsoft 365 group:

Cross-Organization Collaboration: In scenarios where projects involve multiple organizations or external members, admins add guests to a Microsoft 365 group and ensure everyone can collaborate using the same set of resources like SharePoint, OneDrive, Microsoft Teams, etc.
Single Point of Access: Microsoft 365 groups provide a single point of access for resources like shared mailboxes, calendars, and document libraries. Adding guest users enables them to access these features just like internal users, but with controlled permissions.
Ease of Management: Having Microsoft 365 guest users in a single group makes it easier to manage their permissions and resource access centrally. It is beneficial for IT admins who need to keep track of external users' access to resources.
Security: Guest users are assigned a specific set of M365 permissions that should be carefully managed. This means that organizations can extend their resources to outside users while maintaining security controls. Access can be revoked or modified centrally at any time.
Real-Time Collaboration: Microsoft 365's cloud-based structure enables real-time co-authoring and communication. By adding guest users to groups, you can leverage these features for more effective and efficient teamwork in your organization.

What are the risks of external access in Microsoft 365 groups?

When more guest users are added to Office 365 groups, an admin must be aware of the following risks,

Unauthorized access: When guest users accounts are compromised or shared with unauthorized individuals, it could lead to potential data breaches from the respective Microsoft 365 groups.
Loss of sensitive information: If the organization has set up the most permissive sharing policies for SharePoint sites associated with Microsoft 365 groups having guest users, it may result in the loss of sensitive information.
Malware attacks: Guest users may accidentally open emails from Microsoft 365 group mailboxes that may contain malicious links.
Lack of Control: When files with Anyone links are shared with external users via groups, organizations have less control over how those files are accessed and used. Monitoring their activities and tracking the flow of information becomes challenging.

Allowing the sign-in status of guest users whenever not required might pose severe security risks!

Using AdminDroid, you can easily find the 'Sign-in status' of guest users in your organization and block access during prolonged inactivity.

To find the Sign-in status of guest users in your Office 365 environment, you can make use of the Sign-in status column from the Group Membership report.

How to monitor external user group membership in Office 365?

Exporting a regular report on guest users’ group membership is important for a secure working environment. So, monitor and revoke guest users' membership once it becomes unnecessary. You can get the complete details of which groups a guest user is a member of using the below ways:

Microsoft 365 Admin Center: To get the guest users’ group memberships, select the desired user from the Guest Users section under the Users tab.
Microsoft PowerShell: Run the PowerShell script to get the guest users’ membership report.

Since the Microsoft 365 admin center requires navigation to each guest user profile for viewing group memberships, it will be a time-consuming task. Also, there is no single PowerShell cmdlet to get Azure AD guest users’ and their group memberships.

With AdminDroid, you can monitor the Microsoft 365 guest group membership periodically and get it delivered into your email.

You can receive the group membership report of guest users in your mailbox periodically by clicking the Schedule this report now option.
You can also manage the created schedules from the Schedule Reports page in your AdminDroid portal.

How to manage guest access in Office 365 groups?

Follow the below ways and manage group membership of external users to stay away from data leakages.

Azure B2B Collaboration: Allow trusted external users and groups to be eligible for group membership in your organization by configuring Azure B2B collaboration settings from Azure Active Directory.
Sensitivity Labels: Use sensitivity labels for “Groups & sites” and label highly confidential groups so that members cannot add guests to those groups.
Review Guest User Access: To manage guest access reviews effectively, create Access Reviews and assign specific reviewers to review all groups with guest users using the scope 'All Microsoft 365 groups with guest users. With the help of the User to group affiliation' option, you can help the reviewers to deny a guest who has a low affiliation with other group members.
- How to remove guests from the Microsoft 365 groups? To remove a guest whom the reviewer denies, select the “Remove user’s membership from the resource” option under the “Upon completion settings” section.
License Management: To optimize Office 365 license usage on guest users, avoid assigning group-based licenses to Microsoft 365 groups that have a significant number of guest users.

AdminDroid enables effortless monitoring of groups that are assigned with licenses and have a higher count of external users.

You can directly click on the Column Customization option to add the External Users Count column from the Group Details section.
Revoke license assignments for groups that have a higher number of guest users, thereby optimizing your licensing expenditure.

How to restrict guest access to a specific Microsoft 365 group?

Block even owners from adding guest users to Microsoft 365 groups!

Your Microsoft 365 environment may have specific groups containing sensitive information that should be only accessed by users within your organization. Since adding guest users to these groups might result in potential data breaches, it is crucial to configure Office 365 guest user limitations.

Run the below PowerShell cmdlet to block guests from being added to a specific Microsoft 365 group:

$GroupName = "<GroupName>"
Connect-AzureAD
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False
$groupID= (Get-AzureADGroup -SearchString $GroupName).ObjectId
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy

Including guest users in highly confidential groups might be unnecessary as these groups are intended for internal users.

With AdminDroid, you can create an alert when a guest user is added to specific Microsoft 365 groups.

Follow the below steps to create an Alert by applying the filter for "Group Name" equal <Desired Group’s name>.

AdminDroid Group Membership ReportingStreamlining your Microsoft 365 guest users' management

AdminDroid's Microsoft 365 group membership reporting offers a comprehensive solution for Microsoft 365 admins, providing a user-friendly interface that allows you to easily view guest users with their group membership by minimal navigations.

Unique functionalities that AdminDroid provides you to get the external users’ memberships

External User Group Membership report under Reports»Security»External User Reports will assist you in the decision-making process related to group membership of guest users by giving complete information such as member display name, member domain, company, and sign-in status.

An Overview

Get Alerted on the Unusual Count of Guest User Membership

Create alert policies to generate alerts for any abnormal increase in the count of addition of guest users to a group occurring within a short period of time.

Entire Details of Guest Users' Membership Activity

Gain visibility into the individuals who add a guest user to a group and proactively prevent them from adding guest users who may result in undesirable group memberships.

Retrieve Complete Microsoft 365 Guest User Reports in One Section

Knock out the difficulties in searching reports related to external users. See the entire reports related to external users in a unified view from the Security section under ReportBoards.

Comprehensive Profile Summary of Guest Users in Groups

Merge the columns of “External User Group Membership” report with columns depicting user details to get a clear understanding of guest users’ profiles.

Customizable Report Export

Export the “External User Group Membership” report in various formats like HTML, PDF, CSV, XLS, and XLSX. Make your Power BI reporting easier using the RAW format.

Role-Based Access Delegation

Delegate the responsibility for monitoring guest's group membership reports to specific admins who require access using the Roles functionality.

Overall, AdminDroid provides you with a unified view of all the guest users’ group memberships. With the help of unique functionalities, you can overcome the difficulties in getting the data tailored to your requirement.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for getting Microsoft 365 guest user memberships.

The following are the possible errors and troubleshooting hints while dealing with group memberships of guest users

Error: The term 'Get-AzureADUserMembership' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error will occur if the Azure AD module wasn't installed properly.

Troubleshooting hint :Install the Azure AD PowerShell module. If it is already installed, updating it could resolve the issue.

// Run the below cmdlet for installing it.
Install-Module AzureADPreview
// Run the below cmdlet for updating it.
Update-Module -Name AzureADPreview

Error: You can’t share this channel with people from this org

This happens because your organization may not allow access to the collaborating organization in the B2B direct connect feature.

Troubleshooting hint :Review the inbound settings of your B2B direct connect in Azure AD and verify that you have granted access to the Microsoft 365 organization collaboration.

Error: Conflicting service plans

This scenario arises when you allocate a license to a group, and the service plans within that license can’t overlap with the plans already assigned to a guest user through a different license directly.

Troubleshooting hint :Disable any one of the plans from the Microsoft 365 guest user licenses.

Error: Request_ResourceNotFound

This happens because the user specified is not found in your Office 365 environment.

Troubleshooting hint :Check the user’s Object ID properly and ensure that it is found in your Microsoft 365 environment.

Error: Authorization_RequestDenied

This happens if the Office 365 admin account used for authenticating into PowerShell may not have sufficient permissions.

Troubleshooting hint :Authenticate using an account that has a Global or Group Administrator role to get guest users’ Microsoft 365 group memberships.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Export Azure AD Guest Users Report with Group Memberships