Microsoft Entra ID

How to Get Sponsors and Their Assigned Guest Users in Microsoft 365

The shift toward increased external collaboration makes it vital to maintain precise records of sponsors and their assigned guest users in Microsoft 365. As improper sponsor assignments cause oversight issues and approval delays, regularly reviewing user sponsors ensures accountability and streamlines management. Therefore, this guide will help you retrieve Microsoft Entra ID user sponsor assignments to maintain control and simplify your audit workflow.

List the Sponsors of a Guest User Using Entra Portal

Microsoft 365 Permission Required

Report Reader Least Privilege

Global Admin Most Privilege

Navigate to the All users section in the Microsoft Entra admin center.
Click the desired user’s display name and select the Properties tab.
Then, under Job Information, click View next to Sponsors.
Now, you can see the list of Entra ID sponsors of the user and their type in the flyout pane.

List the Sponsors of a Guest User Using Entra Portal

List Entra ID Sponsors Using Microsoft Graph PowerShell

Microsoft 365 Permission Required

Default user role Least Privilege

Global Admin Most Privilege

Connect to Microsoft Graph PowerShell using the below cmdlet.

Windows PowerShell

 Connect-MgGraph –Scope "User.Read.All", "Group.Read.All"

Case 1: To list sponsors of a particular Microsoft 365 user, run the below cmdlet after replacing <UPN> with user’s user principal name.

Get-MgUserSponsor -UserId "<UPN>" | 
Select-Object -ExpandProperty AdditionalProperties | 
ForEach-Object { 
    [PSCustomObject]@{
        DisplayName = $_.displayName;
        Type = if ($.'@odata.type' -eq "#microsoft.graph.user"){'user'} else{'group'};
        UserPrincipalName = $_.userPrincipalName;
        Mail = $_.mail
    } 
} | Format-Table

Case 2: To find all users assigned to a specific sponsor in Entra ID, run the following command after replacing <User’s/Group’s UPN/Mail/ID> with the sponsor user's or group's UPN, mail, or ID.

$SponsorId = "<User's/Group's UPN/Mail/ID>" 
try {
    $Sponsor = Get-MgUser -UserId $SponsorId -ErrorAction Stop
  } 
catch {
    $Sponsor = Get-MgGroup -All -Filter "mail eq '$SponsorId'" -ErrorAction Stop 
  if (-not $Sponsor) {
    $Sponsor = Get-MgGroup -All -Filter "Id eq '$SponsorId'" -ErrorAction Stop 
    }
  }
Get-MgUser -All -Property UserPrincipalName, DisplayName,  UserType, Sponsors -ExpandProperty Sponsors | 
    Where-Object { $Sponsor.Id -in $_.Sponsors.Id } | 
    Select-Object DisplayName, UserPrincipalName, UserType

list-all-users-assigned-to-specific-sponsor

Simple & Quick
Get Sponsors and Their Assigned Users in Entra ID using AdminDroid

AdminDroid Permission Required Delegated

Any user with the report access delegated by the Super Admin.

Login to the AdminDroid 365 reporter.
Navigate to the Sponsors and Their Assigned Users report under Reports»Entra»Users Reports»Sponser-User Details.
This report complies all sponsors and their assigned users in Microsoft 365. It includes essential details, such as the sponsor’s name, sponsor’s UPN, assigned user’s name, user’s UPN, user type, and more.

Get Sponsors and Their Assigned Users in Entra ID using AdminDroid

AdminDroid Management Tool

Track Sponsor-User Relationships to Enhance Access Control in Microsoft Entra ID!

AdminDroid’s Microsoft 365 Entra ID reports simplify access management by tracking sponsor-user relationships. These reports allow you to instantly identify which sponsors are responsible for specific external users while also providing clear visibility into the access rights assigned to each user.

Track Sponsor Removal for M365 Guest Users

Check the sponsor removed guest users report to track sponsor removals and take action by either reassigning a new sponsor or revoking unnecessary access.

Simplify Microsoft Guest & Sponsor Tracking

Use sponsor assigned guest users report to track number of users or groups managing and monitoring the lifecycle of Microsoft Entra ID guest users.

Proactively Handle Guest Users License Expiration

Leverage license assigned guest users report to ensure timely license renewal when guest collaboration is extended, thus avoiding unexpected service disruptions.

Keep an Eye on Guest Users Activities

Detect shifts in guest user interactions with Microsoft 365 resources using the external user activities report to spot increased dependence on resources or suspicious activity.

Eliminate User Management Gaps in Microsoft 365

List managers and their direct reports in Microsoft 365 to enhance internal oversight and clarify reporting relationships.

Spotlight on Guest’s Sponsors in Seconds

Simply add the ‘Sponsors’ column to the external and internal guest users report to easily trace access approvals for both types of guest users.

Overall, AdminDroid’s Entra ID management tool helps in understanding of sponsor assignments as well as the designated users to efficiently track and manage access reviews. Moreover, it helps to gain deep insights into user roles, activities, guest user expirations, and sign-in trends in Microsoft 365.

Explore a full range of reporting options

Download Live Demo

Important Tips

Designate sponsors as the approvers in the access package in Entra ID to simplify users’ resource access management and reduce overhead.

Use content approvals in SPO to assign Entra ID sponsors as approvers for lists and libraries that guest users can access.

Assign sponsors as first stage or fallback reviewers for guest user access reviews in Entra to prevent delays when primary reviewers are unavailable.

Common Errors and Resolution Steps

The following are the potential errors and troubleshooting hints when auditing or managing sponsors in Microsoft 365.

Error Only 5 items can be selected.

This error occurs when you try to assign more than five sponsors for a user via the Microsoft Entra admin center.

Fix To resolve this error, try not to assign more than five sponsors to a user in Entra ID.

Error Error with the inputs provided. RequestId:98gh76fe-54dc-32ba-10ji-klmnopqrstuv; Search duration is too long. Please select a date range less than 6 months.

This error appears in the Audit search of Microsoft Purview portal when the selected date and time range exceeds the permitted limit.

Fix In Microsoft Purview Audit (Standard), logs are retained for up to 180 days, so ensure your selected time range falls within this period.

Error Get-MgUserSponsor : Resource '<UPN>' does not exist or one of its queried reference-property objects are not present.

This error occurs when you try to retrieve the sponsors for a user who is not present in your tenant.

Fix Ensure you have entered the user UPN correctly and check entered user available on your tenant using the following cmdlet.

Get-MgUser -All

Error Connect-MgGraph : The term ' Connect-MgGraph' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you don’t have the Microsoft Graph module installed on your machine.

Fix To resolve this error, you need to install Microsoft Graph PowerShell using given below cmdlet.

Install-Module Microsoft.Graph -Scope CurrentUser

Microsoft Entra ID

Frequently Asked Questions

Streamline Guest Users Management with Entra ID Sponsor Assignments!

What is the difference between sponsors and managers in Microsoft 365?

How to add sponsors to the users in Microsoft 365?

How to audit sponsor added to the users in Microsoft 365?

What are the best practices for managing sponsors assignments in Entra ID?

1. What is the difference between sponsors and managers in Microsoft 365?

When including new resources to projects, Microsoft 365 admins often face the challenge of deciding whether to assign a sponsor or a manager for overseeing resource access and project accountability. Understanding the distinction between sponsors and managers can help streamline collaboration and oversight in Entra ID.

In conclusion, sponsors are ideal for external users who require controlled, short-term access, while managers oversee internal users and manage them. A clear knowledge of these responsibilities helps ensure the right permissions are in place.

2. How to add sponsors to the users in Microsoft 365?

When resource access requests from guests increase in your organization, your task overhead grows as well. This leads to delays in approvals and potentially affects operational efficiency. However, this can be avoided by assigning sponsors to users in Microsoft Entra ID. Sponsors act as the dedicated internal contact for guest users’ access and establish a clear approval chain.

In Microsoft Entra, when a guest user is invited, the person who invites them becomes their sponsor automatically unless a different sponsor is specified during the invitation process. In this section, we’ll explore methods, such as assigning sponsors during guest invitations and adding or modifying Entra ID sponsors for existing users.

Assign sponsors in Entra ID while sending guest user invitation

Sign in to the Microsoft Entra admin center.
Navigate to Identity»Users»All users»New user»Invite external user.
Enter the guest user’s basic details and click Next: Properties.
Click Add sponsors under Job Information, then choose the desired users/groups that need to be assigned as sponsors and click Select.
Hit Review + invite to verify the user details and finally click Invite.

Add or modify Entra ID sponsors for an existing user

Go to the respective user’s profile in the Entra portal and click Edit properties from the toolbar.
Then, head to the Job Information tab and click Add sponsors (if none added) or Edit (if a sponsor is already assigned) option available straight to the Sponsors.
Choose users and groups you want to add as sponsors, then click Select and Save.

Note: Only a maximum of five sponsors can be added to the user in Microsoft 365.

3. How to audit sponsor added to the users in Microsoft 365?

Unnecessary sponsor assignments can create confusion about who is responsible for a guest user and make it harder for you to track accountability. However, auditing sponsor assignments allows you to track who added or modified the sponsorship assignment and when. This helps you in removing any redundant assignments and reassigning appropriate ones to prevent prolonged access approvals.

To track the sponsor added to the B2B users, you can use the following methods.

Audit sponsor added activities using Microsoft Purview portal

Navigate to the Audit section in the Microsoft Purview portal and customize the start & end date as per your requirement.
In the Activities-operation names field, enter ‘Add user sponsor’, then click Search and wait for the results.
Once the search is complete, you can export the audit log on sponsor added to the B2B users.

Audit sponsor added activities using PowerShell

Although the Microsoft Purview portal allows you to view added sponsors, it does not display the sponsor’s UPN. To view the sponsor’s UPN, you must manually check each sponsor assignment event, which is especially time-consuming in large organizations.
To address this issue, use the following PowerShell script that filters the sponsor’s UPN and other important audit details.

Before running the script below, make sure to replace <StartDate> and <EndDate> with the desired date range, both in MM-DD-YYYY format. Then, <FilePath> with the location where you want to export the output as CSV file.

Connect-ExchangeOnline 
Search-UnifiedAuditLog -StartDate "<StartDate>" -EndDate "<EndDate>" -Operations "Add user sponsor" | 
ForEach-Object {
    $auditData = $($.AuditData | ConvertFrom-Json) 
    $userUpnProperty = $auditData.ModifiedProperties | 
Where-Object { $.Name -eq "User.UPN" } [PSCustomObject]@{  
      CreationDate = $.CreationDate 
      Operations = $.Operations 
      Identity = $.Identity 
      Sponsor = $auditData.ObjectId 
      User = $userUpnProperty.NewValue  
      More_info = $.AuditData
    } 
} | Export-Csv -Path "<FilePath>" -NoTypeInformation

Keep a close eye on user sponsorship changes in Microsoft Entra ID with AdminDroid's instant alert!

Simply click the bell 🔔 icon in the user sponsor added report to set up an alert policy for sponsor assignments across your tenant.
This will deliver key details like user’s assigned sponsor, who assigned the sponsor, date and time of the sponsor assignment, and more.

Pro-tip: Utilize the Threshold property when creating the alert policy to get notified when a specific number of sponsor modifications occurs within a short period.

4. What are the best practices for managing sponsors assignments in Entra ID?

Here are some best practices for managing sponsor assignments in Microsoft Entra ID.

Limit the Number of Entra ID Sponsors: Although up to five sponsors can be assigned, it’s best to assign no more than three. This helps prevent confusion and ensures clear accountability.
Limit Sponsorship to Essential Users with Security Groups: If you prefer to use groups as sponsors, always choose security groups. Ensure these groups include only the minimum number of users with the required privileges to avoid unauthorized approvals and simplify oversight.
Avoid Circular Sponsorship Assignments: Do not assign sponsors interchangeably. For example, if User A is the sponsor for User B, avoid making User B the sponsor for User A. This prevents a circular dependency and avoids the least privileged user becoming a sponsor.
Regularly Review and Update User Sponsors: Incorporate sponsor assignments into your regular access reviews. Ensure that if a sponsor leaves or changes roles, the guest’s sponsorship is updated accordingly.
Align Sponsorship Assignment with Organizational Governance: To ensure proper accountability, never leave external users without sponsors and always assign the manager attribute for internal users. Also, make sure to assign a manager to guest users, especially when they become internal users in your organization.