Track All the External User Activities in M365

As an administrator, ensuring the safety and security of your Microsoft 365 environment is paramount. Microsoft enables seamless collaboration with external partners. However, without proper monitoring, your organization may become vulnerable to threats. Monitoring external user activity in M365 is the key for admins to achieve the delicate balance between security and user productivity. This guide aids in tracking external user actions and bolstering data security in Microsoft 365.

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or any other privileged admin role.

Option 1 Using Microsoft 365 Admin Center

Login to the Microsoft 365 Purview portal.
Navigate to the Audit page under Solutions.
Now, provide the Date range and click on "Search" to start the search. Once the search is completed, open the result and click on the ‘Export’ button to download the external user activity report.
Open the downloaded file and apply a filter in the 'UserId' column to get only the UserIDs containing #EXT#. Now, you have successfully generated the external user activities report using the M365 purview portal.
Once you've filtered those entries, review the ‘Operation’ column for details on the activities of the external Microsoft 365 user account.

Option 2 Using Windows PowerShell

Connect to Exchange Online PowerShell using the below cmdlet.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the below PowerShell cmdlet to view all the external user activities in M365.

Windows PowerShell

 Search-UnifiedAuditLog -StartDate "MM/DD/YYYY" -EndDate "MM/DD/YYYY" -UserIds "#EXT#" -ResultSize 1000 | Format-Table CreationDate, UserType, UserIds, Operations, ClientIP, UserTypeDetails -AutoSize

Enhance your Microsoft 365 security with vigilant oversight of external user activities.

Option 3 Using PowerShell Script

Would you like to focus solely on the significant activities carried out by external users in the M365 environment? If yes, our PowerShell script can help you easily identify and categorize these major activities.
- Downloading sensitive files.
- Illegal document/file modifications.
- Confidential document access.
- Illicit resource sharing (i.e., Resource sharing by external users), etc.
Furthermore, the resulting report will be conveniently exported for your use. To enjoy this streamlined experience, simply execute the provided PowerShell script and view the significant activities performed by the external users.

AuditExternalUserActivity.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid Office 365 Reporter

Login to the AdminDroid Office 365 reporter.
Navigate to the User Activities by External Users dashboard under Dashboard»User Activities»By External Users.

Engage yourself in getting detailed insights into external user interactions across your M365 workloads and grab a graphical oversight.

You'll be able to view these data in a tabular format. Additionally, you can email and download them in various formats through the External User Activities report under Audit»General»Overall.

Furthermore, the report includes built-in graphs that specifically show the daily summary of file activities by external users, categorized by file name.

Explore a full range of reporting options

Effortlessly track your external user interactions!

Don't risk yourself leaving external user activities untracked! Safeguard your organization data with AdminDroid’s real-time external user activity dashboards and reports.

Witness the report in action using the

Live Demo

Important Tips

Effectively oversee external sharing and reduce the risk of data loss by tracking external sharing activities in SharePoint Online.

Restrict access to external users in Entra ID to enhance your security against internal threats and unpredictable risks.

Establish the necessary prerequisites to ensure a secure connection prior to hosting a meeting with an external user.

Azure ADBoost Your Microsoft 365 Security with Diligent Monitoring of External User Activities

Showing 1 of 5

What are the primary activities of an external user in Microsoft 365? How to monitor guest user login activities in Microsoft 365? How to monitor external user file activities in SharePoint/OneDrive? What are the capabilities of external and guest users in Microsoft Teams? How to block external user activities in M365?

What are the primary activities of an external user in Microsoft 365?

In Microsoft 365, external users are vital for facilitating seamless communication and collaboration across organizations. One of their primary activities includes leveraging email collaboration features to exchange information and share documents across organizations effortlessly.

Let's delve into their other primary activities within the M365 ecosystem.

OneDrive and SharePoint Document Collaboration External users can seamlessly collaborate on shared documents stored in SharePoint Online or OneDrive. They can view, edit, and co-author files, fostering efficient teamwork across organizational boundaries.
Participation in Teams Meetings Leveraging Microsoft Teams, external users can join meetings hosted by internal team members. Through audio, video, and chat functionalities, they actively contribute to discussions, brainstorming sessions, and decision-making processes. In overall aspect, enabling external chat and meetings in Microsoft Teams facilitates communication with users outside your organization.
Accessing SharePoint Sites External users gain access to designated SharePoint sites, enabling them to engage in project-specific activities, access relevant resources, and contribute to content creation and management.

Top 5 key strategies for secure external collaboration in Microsoft 365

Use Guest Accounts: Grant external users with temporary access to specific resources within your Microsoft 365 environment without compromising security.
SharePoint Online with Conditional Access: Restrict access to SharePoint Online resources based on conditions such as user location, device compliance, and login risk.
Microsoft Teams with Azure AD B2B: Enable secure collaboration by inviting external partners to Teams channels using Azure AD B2B, ensuring controlled access to conversations and files.
Microsoft Information Protection: Safeguard sensitive information by applying encryption, access restrictions, and data loss prevention policies across Microsoft 365 applications.
Azure Active Directory Privileged Identity Management: Manage and monitor access rights within Azure AD, reducing the risk of unauthorized access and potential security breaches.

Bonus Tip - By configuring external sharing settings at the tenant level, administrators can limit the level of access granted to external users, ensuring security and compliance while promoting collaboration within the organization's digital ecosystem.

Using AdminDroid’s Sharing Policy Setting Changes at Tenant Level report, you can effortlessly monitor alterations in external sharing settings made at the tenant level. Furthermore, you'll also gain insights into the timestamp of the activity and the admin responsible for the changes.

How to monitor guest user login activities in Microsoft 365?

Tracking external user login activities is essential for maintaining the security of your systems and data for a couple of key reasons:

Detecting Unauthorized Access: Monitoring login attempts helps identify suspicious activity such as logins from unusual locations or times, failed login attempts, and sudden spikes in external user access.
Ensuring Compliance: Monitoring logins ensures external users comply with data access regulations and access restrictions.
Maintaining Data Security: Tracking logins helps identify potential data breaches or leaks by external users who may not adhere to the same security protocols as internal employees.
Identifying Risky Behavior: Unusual login patterns from external users can indicate compromised accounts or unauthorized data access attempts.
Maintaining User Accountability: Tracking external user logins creates an audit trail for understanding resource access, aiding in security incident response and data leak prevention.

In summary, tracking external user logins provides visibility into who is accessing your systems and from where. This allows you to identify potential threats and ensure that only authorized users are gaining access to your data.

Run the below PowerShell cmdlet to get all the external user login activities.

Search-UnifiedAuditLog -StartDate "MM/DD/YYYY" -EndDate "MM/DD/YYYY" -Operations UserLoggedIn -UserIds "#EXT#"  -ResultSize 1000 | Format-Table CreationDate, UserType, UserIds, Operations, ClientIP, UserTypeDetails -AutoSize

With AdminDroid's All External and Internal Guest User Logins report, you can effortlessly access records of both successful and unsuccessful login attempts, including their respective timestamps, using the easy filter option with just a few clicks.

In addition, with the help of logged in application column, you can easily track the resources accessed by external users’ in your Microsoft 365 environment.
This time-saving tool proves invaluable for administrators tasked with monitoring external user logins, streamlining the process significantly.

How to monitor external user file activities in SharePoint/OneDrive?

Monitoring external user file access activities in Microsoft 365 involves tracking and analyzing actions such as document views, edits, and downloads performed by users outside the organization's network. For example, a company using Microsoft 365 might employ regular monitoring to ensure the security of sensitive files shared with external clients.

By implementing this practice, the organization can promptly identify any unauthorized access attempts, detect potential data breaches, and enforce key security measures to manage external sharing and access in SharePoint Online.

Run the below PowerShell cmdlet to get the external user file access activities.

Search-UnifiedAuditLog -StartDate "MM/DD/YYYY" -EndDate "MM/DD/YYYY" -UserIds "#EXT#" | Where-Object { $_.Operations -like "File*"} | Format-Table

What are the reasons for granting external access to files in M365?

Maximizing Collaboration: Two Key Reasons for External Access in Microsoft 365.

Seamless Collaboration: Granting specific file access allows teams to work together in real-time, eliminating communication barriers and accelerating project timelines.
Remote Work Support: External access empowers remote team members to access files and contribute to projects from anywhere, ensuring continuous and productive collaboration regardless of location.

What are the potential risks associated with enabling external user file activity?

Securing Your Data: Understanding the Risks of External User File Activity in M365.

Data Loss: Sensitive information leaks due to accidental or malicious sharing by external users.
Limited Visibility: Reduced ability to track external user activity, making it harder to identify suspicious behavior.
Weaker Security: External users might have weaker security practices, increasing vulnerability to phishing attacks.

AdminDroid's report on File/Folder Sharing Activities by External Users offers a streamlined approach to monitoring external user file activities. With its user-friendly filtering options, administrators can easily track all file sharing activities of specific external users using the convenient 'Operation Performer' filter.

What are the capabilities of external and guest users in Microsoft Teams?

Tracking external and guest user activities in Microsoft Teams allows organizations to monitor interactions between internal and external collaborators, ensuring security and compliance with company policies. For instance, a multinational corporation collaborating with external consultants and vendors need to track their activities within Teams,

To safeguard sensitive data exchange through Teams.
To ensure adherence to Teams regulatory requirements.
To implement Teams security best practices for a threat free collaboration.

Understanding external and guest users' capabilities

External Access:

Join meetings: External users can be invited to and participate in Teams meetings, even if they don't have a Microsoft 365 account.
Chat (limited access): They can chat with members of your organization who have Microsoft accounts. However, they cannot participate in team chats or channels.
Make calls (limited access): External users can make calls to other Teams users with Microsoft accounts, but they cannot see phone numbers for dial-in participants.
No file collaboration: Cannot access your Teams, channels, files, or other resources.

Guest Access:

Full Team Collaboration- Guests can be invited to join a specific team, granting them almost the same capabilities as regular team members. This includes,

Participating in team chats and channels: Guests can chat with other team members, both in private chats and channels.
Joining meetings: Guests can make and receive calls, including video conferencing, with other team members.
Making calls: Guests can join meetings scheduled by team members and participate fully.
Collaborating on files stored within the team: Guests can access and collaborate on files shared within the team through the Files tab. This allows them to view, edit, and co-author documents.

Using AdminDroid’s External User Activities in Teams report, you can monitor external user activities in your Microsoft Teams. Furthermore, you'll also gain insight into the timestamp of the activity and the individual responsible for the action.

How to block external user activities in M365?

Managing external or guest user access is crucial for both security and privacy reasons. To ensure a secure environment, certain guest user restrictions are often recommended. These restrictions commonly include limitations on accessing sensitive data, modifying settings, or performing administrative actions. Specific restrictions can vary depending on the platform and organization's security policies.

Recommended restrictions for external user activities in Microsoft Teams

Limiting external user channel creation: Limit external users from creating channels to prevent unauthorized creation of collaboration spaces.
Restricting meeting policies for external users: Define meeting policies for external users to control features like recording access and screen sharing permissions.
Blocking the downloads of Teams meeting recordings: Block downloads of meeting recordings to ensure sensitive information isn't downloaded and shared externally.

Recommended restrictions for external user activities in SharePoint & OneDrive

Blocking file downloads: Blocking downloads prevent unauthorized copying of files stored in SharePoint and OneDrive.
Preventing External Users from Re-sharing: Stop external users from resharing files and folders with others outside your organization, maintaining control over data distribution.
Limiting Guest Access Expiration: Set expiration times for guest access to SharePoint sites, ensuring temporary collaborators don't have permanent access.
Blocking Users from Syncing Files: Block syncing of files to external devices to prevent unauthorized access to your data even if a device is lost or stolen.

AdminDroid M365 User Activity TrackerElevate Your M365 Security: Master External User Monitoring Like a Pro!

With AdminDroid's M365 User Activity Tracker, monitoring external user activities within Microsoft 365 becomes streamlined and efficient. Moreover, it enables organizations to proactively protect digital assets and ensure secure collaboration. AdminDroid's solution stands as a reliable ally in the complex landscape of user activity monitoring, offering unparalleled visibility over external user engagements.

Unlock effortless management of External User activities with Admindroid's advanced features!

The External User Activities report under Audit»General»Overall gives a comprehensive overview of all the activities performed by an external/guest user within your Microsoft 365 environment. Utilizing this tool ensures seamless management and handling of external user activities within your organization.

A Quick Dive into the Functionalities

External User Monitoring Dashboard

Gain a graphical overview of external user activities and delve into specific actions on each workload, including success and failure rates, enabling you to revoke access for unauthorized actions through effective monitoring.

External User File Access Alerts

Utilize AdminDroid's alerting functionality, to receive notifications on any file sharings of external users, enabling effective tracking and avoiding potential security risks.

Automate the reports for weekly file access review

Keep yourself updated weekly on external users' file access activities by scheduling weekly reports to desired admins or managers.

Envision File Sharing Trend by External Users

Unlock daily insights with default built in charts to display a comprehensive summary of daily events in the File/Folder Sharing Activities by External Users report.

Supervise External Users within M365 Groups

Monitor M365 groups with external users regularly to implement restrictions to sensitive group data and prevent unauthorized sharing.

Get user insights along with activity log

With AdminDroid's Advanced customization feature, you can easily include external users'profile information in the activity reports with a few clicks.

In summary, AdminDroid optimizes your Microsoft 365 environment by efficiently managing external users through continuous activity monitoring. It provides actionable insights into their activities, empowering you to intervene as needed. Moreover, this process is seamlessly executed, minimizing any operational burden on your end.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps Related to External User Activities in Microsoft 365

The following are the possible errors and troubleshooting hints while viewing all the activities performed by the external user.

Error: “xxxxx” is part of an organization. It's possible they have message-related policies that will apply to the chat.

The popup message appearing in the message box when trying to reach out an external user could be due to a result of specific message policies configured within their organization.

Troubleshooting hint :To resolve the issue, you shall reach out them regarding their message policies, which could potentially be adjusted to allow for external user communication within their organization.

Error: Search-UnifiedAuditLog: The provided start date is later than the end date. Please provide valid dates.

This error occurs when the start date provided in the PowerShell command is later than the end date.

Troubleshooting hint :Ensure that the start date provided in the command comes before the end date. Double-check the date format to ensure it matches the required format (e.g., MM/DD/YYYY). If unsure, you can use the Get-Date cmdlet to retrieve the current date in the correct format.

Error: 1 person couldn’t be added.

The error encountered when trying to add a guest to a channel could be due to specific External Access settings configured within your organization.

Troubleshooting hint :To correct the issue, change those External Access configurations and try adding those users to desired channels.

Error: Set-SPOSite: The specified site 'https://yourtenantname.sharepoint.com/sites/yoursite' does not exist.

This error occurs when attempting to change configurations to a SharePoint Online site that doesn't exist within the tenant.

Troubleshooting hint :Double-check the URL specified in the Identity parameter to ensure that it corresponds to an existing SharePoint Online site within your organization.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Track External User Activities in Microsoft 365