Exporting the last logon time of guest users in Microsoft 365 helps detect inactive accounts and ensures that access is removed when no longer needed. This approach reduces the risk of unauthorized access through inactive guest accounts.
- Navigate to All users in the Microsoft Entra admin center.
- Click on Add filter, select ‘User type’ as Guest and then click Apply.
- In ‘Manage View’, select Edit columns and choose 'Last interactive & non-interactive sign-in time' columns from the drop-down.
- Click Save to get the last login time of Microsoft 365 guest users.
Note: Interactive sign-ins are performed directly by users, requiring credentials or MFA. Non-interactive sign-ins occur in the background, where applications or systems automatically use tokens to maintain the user's session without requiring direct input.
Exporting the guest users' last sign-in time report is not possible through the Microsoft Entra admin center. However, with PowerShell, admins can efficiently fetch and export the guest users' last login details.
Connect to the Microsoft Graph PowerShell with the required permission using the cmdlet below.
Connect-MgGraph -Scopes "AuditLog.Read.All"
Run the below cmdlet to retrieve the last sign-in time of all guest users in Microsoft 365.
Get-MgBetaUser -Filter "UserType eq 'Guest'" -Property SignInActivity | Select UserPrincipalName, DisplayName, @{Name="LastSignInDateTime";Expression={$.SignInActivity.LastSignInDateTime}}, @{Name="LastNonInteractiveSignInDateTime";Expression={$.SignInActivity.LastNonInteractiveSignInDateTime}} | Format-Table
Moreover, you can use the script below to export Microsoft 365 guest users’ last logon time report. The report includes details such as UPN, last sign-in time, inactive days, license details, account status, and more.
M365GuestsLastLoginTimeReport.ps1While native methods allow you to audit guest users' sign-in logs for the past 30 days, the above PowerShell script gives you the ability to schedule the script to run weekly or monthly, offering timely insights for extended audit purposes.