🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Export Azure AD Guest Users Report with Group Memberships

Are you concerned about the risk of leaking sensitive information in your organization because of adding guest users to Microsoft 365 groups? Now, safeguard your data by getting the guest users' membership report and revoke unnecessary guest access to ensure your organization’s security.

Option 1
Option 2
Option 3
Option 4
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft 365 Admin Center

Microsoft 365 Permission Required
Global Admin or a User Admin.
Using Microsoft 365 Admin Center
  • You can get the selected guest user's group membership in the Groups section as highlighted in the image above.

Using Windows PowerShell

Microsoft 365 Permission Required
Global Admin or a User Admin.
  • Connect to the Azure AD PowerShell.
  • Follow the below cmdlets to get the group memberships of Azure AD guest users.
  • Windows PowerShell Windows PowerShell 
     Get-AzureADUser
Get-AzureADUserMembership

Using PowerShell Script

Microsoft 365 Permission Required
Global Admin or a User Admin.
  • As the above cmdlets cannot display the all guest users' group memberships in a single report, we have prepared a PowerShell script that can display the group memberships of all the guest users in your Microsoft 365 environment.
  • Download and run the following script in the Administrator PowerShell.
Using PowerShell Script
GuestUserReport.ps1
AdminDroid Group Membership Reporting

Streamlining your Microsoft 365 guest users' management

AdminDroid's Microsoft 365 group membership reporting offers a comprehensive solution for Microsoft 365 admins, providing a user-friendly interface that allows you to easily view guest users with their group membership by minimal navigations.

Get Alerted on the Unusual Count of Guest User Membership

Create alert policies to generate alerts for any abnormal increase in the count of addition of guest users to a group occurring within a short period of time.

Entire Details of Guest Users' Membership Activity

Gain visibility into the individuals who add a guest user to a group and proactively prevent them from adding guest users who may result in undesirable group memberships.

Retrieve Complete Microsoft 365 Guest User Reports in One Section

Knock out the difficulties in searching reports related to external users. See the entire reports related to external users in a unified view from the Security section under ReportBoards.

Comprehensive Profile Summary of Guest Users in Groups

Merge the columns of “External User Group Membership” report with columns depicting user details to get a clear understanding of guest users’ profiles.

Customizable Report Export

Export the “External User Group Membership” report in various formats like HTML, PDF, CSV, XLS, and XLSX. Make your Power BI reporting easier using the RAW format.

Role-Based Access Delegation

Delegate the responsibility for monitoring guest's group membership reports to specific admins who require access using the Roles functionality.

Overall, AdminDroid provides you with a unified view of all the guest users’ group memberships. With the help of unique functionalities, you can overcome the difficulties in getting the data tailored to your requirement.

Explore a full range of reporting options
Download Live Demo

Important Tips

Keep an eye on the groups with guest members and their count and disable unnecessary guest users from the Microsoft 365 groups.

Watch Microsoft 365 guest user login activities when they attempt to sign-in from unusual locations.

Monitor M365 guest users' group membership changes to avoid undesired suspicious attacks.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while dealing with group memberships of guest users

Error The term 'Get-AzureADUserMembership' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error will occur if the Azure AD module wasn't installed properly.

Fix Install the Azure AD PowerShell module. If it is already installed, updating it could resolve the issue. 
// Run the below cmdlet for installing it.
Install-Module AzureADPreview
// Run the below cmdlet for updating it.
Update-Module -Name AzureADPreview

Error You can’t share this channel with people from this org

This happens because your organization may not allow access to the collaborating organization in the B2B direct connect feature.

Fix Review the inbound settings of your B2B direct connect in Azure AD and verify that you have granted access to the Microsoft 365 organization collaboration.

Error Conflicting service plans

This scenario arises when you allocate a license to a group, and the service plans within that license can’t overlap with the plans already assigned to a guest user through a different license directly.

Fix Disable any one of the plans from the Microsoft 365 guest user licenses.

Error Request_ResourceNotFound

This happens because the user specified is not found in your Office 365 environment.

Fix Check the user’s Object ID properly and ensure that it is found in your Microsoft 365 environment.

Error Authorization_RequestDenied

This happens if the Office 365 admin account used for authenticating into PowerShell may not have sufficient permissions.

Fix Authenticate using an account that has a Global or Group Administrator role to get guest users’ Microsoft 365 group memberships.
Azure AD

Frequently Asked Questions

Find the Guest Users’ Group Memberships to Avoid Sensitive Data Loss in Microsoft 365

Why are guest users added to Microsoft 365 groups?

Why are guest users added to Microsoft 365 groups? +

Guest users are often added to Microsoft 365 groups to facilitate collaboration with users inside your organization. It is useful for companies that frequently work with external contractors, partners, or clients. Here are some reasons why admins add guest users to a Microsoft 365 group:

  • Cross-Organization Collaboration: In scenarios where projects involve multiple organizations or external members, admins add guests to a Microsoft 365 group and ensure everyone can collaborate using the same set of resources like SharePoint, OneDrive, Microsoft Teams, etc.
  • Single Point of Access: Microsoft 365 groups provide a single point of access for resources like shared mailboxes, calendars, and document libraries. Adding guest users enables them to access these features just like internal users, but with controlled permissions.
  • Ease of Management: Having Microsoft 365 guest users in a single group makes it easier to manage their permissions and resource access centrally. It is beneficial for IT admins who need to keep track of external users' access to resources.
  • Security: Guest users are assigned a specific set of M365 permissions that should be carefully managed. This means that organizations can extend their resources to outside users while maintaining security controls. Access can be revoked or modified centrally at any time.
  • Real-Time Collaboration: Microsoft 365's cloud-based structure enables real-time co-authoring and communication. By adding guest users to groups, you can leverage these features for more effective and efficient teamwork in your organization.

What are the risks of external access in Microsoft 365 groups?

What are the risks of external access in Microsoft 365 groups? +

When more guest users are added to Office 365 groups, an admin must be aware of the following risks,

  • Unauthorized access: When guest users accounts are compromised or shared with unauthorized individuals, it could lead to potential data breaches from the respective Microsoft 365 groups.
  • Loss of sensitive information: If the organization has set up the most permissive sharing policies for SharePoint sites associated with Microsoft 365 groups having guest users, it may result in the loss of sensitive information.
  • Malware attacks: Guest users may accidentally open emails from Microsoft 365 group mailboxes that may contain malicious links.
  • Lack of Control: When files with Anyone links are shared with external users via groups, organizations have less control over how those files are accessed and used. Monitoring their activities and tracking the flow of information becomes challenging.

Allowing the sign-in status of guest users whenever not required might pose severe security risks!

Using AdminDroid, you can easily find the 'Sign-in status' of guest users in your organization and block access during prolonged inactivity.

  • To find the Sign-in status of guest users in your Office 365 environment, you can make use of the Sign-in status column from the Group Membership report.

How to monitor external user group membership in Office 365?

How to monitor external user group membership in Office 365? +

Exporting a regular report on guest users’ group membership is important for a secure working environment. So, monitor and revoke guest users' membership once it becomes unnecessary. You can get the complete details of which groups a guest user is a member of using the below ways:

  • Microsoft 365 Admin Center: To get the guest users’ group memberships, select the desired user from the Guest Users section under the Users tab.
  • Microsoft PowerShell: Run the PowerShell script to get the guest users’ membership report.

Since the Microsoft 365 admin center requires navigation to each guest user profile for viewing group memberships, it will be a time-consuming task. Also, there is no single PowerShell cmdlet to get Azure AD guest users’ and their group memberships.

With AdminDroid, you can monitor the Microsoft 365 guest group membership periodically and get it delivered into your email.

  • You can receive the group membership report of guest users in your mailbox periodically by clicking the Schedule this report now option.
  • You can also manage the created schedules from the Schedule Reports page in your AdminDroid portal.
schedule-report-now

How to manage guest access in Office 365 groups?

How to manage guest access in Office 365 groups? +

Follow the below ways and manage group membership of external users to stay away from data leakages.

  • Azure B2B Collaboration: Allow trusted external users and groups to be eligible for group membership in your organization by configuring Azure B2B collaboration settings from Azure Active Directory.
  • Sensitivity Labels: Use sensitivity labels for “Groups & sites” and label highly confidential groups so that members cannot add guests to those groups.
  • Review Guest User Access: To manage guest access reviews effectively, create Access Reviews and assign specific reviewers to review all groups with guest users using the scope 'All Microsoft 365 groups with guest users. With the help of the User to group affiliation' option, you can help the reviewers to deny a guest who has a low affiliation with other group members.
    • How to remove guests from the Microsoft 365 groups? To remove a guest whom the reviewer denies, select the “Remove user’s membership from the resource” option under the “Upon completion settings” section.
  • License Management: To optimize Office 365 license usage on guest users, avoid assigning group-based licenses to Microsoft 365 groups that have a significant number of guest users.

AdminDroid enables effortless monitoring of groups that are assigned with licenses and have a higher count of external users.

  • You can directly click on the Column Customization option to add the External Users Count column from the Group Details section.
  • Revoke license assignments for groups that have a higher number of guest users, thereby optimizing your licensing expenditure.
column-customization

How to restrict guest access to a specific Microsoft 365 group?

How to restrict guest access to a specific Microsoft 365 group? +

Block even owners from adding guest users to Microsoft 365 groups!

Your Microsoft 365 environment may have specific groups containing sensitive information that should be only accessed by users within your organization. Since adding guest users to these groups might result in potential data breaches, it is crucial to configure Office 365 guest user limitations.

Run the below PowerShell cmdlet to block guests from being added to a specific Microsoft 365 group:

$GroupName = "<GroupName>"
Connect-AzureAD
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowToAddGuests"]=$False
$groupID= (Get-AzureADGroup -SearchString $GroupName).ObjectId
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy

Including guest users in highly confidential groups might be unnecessary as these groups are intended for internal users.

With AdminDroid, you can create an alert when a guest user is added to specific Microsoft 365 groups.

  • Follow the below steps to create an Alert by applying the filter for "Group Name" equal <Desired Group’s name>.
create-alert
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Export Azure AD Guest Users Report with Group Memberships
Azure AD Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo