10 Graph API Calls to Monitor Guest Users in Microsoft 365

Guest users play a significant role in the collaborative environment of Microsoft 365, allowing external partners, contractors, and other stakeholders to access organizational resources securely. However, it's essential to monitor these guest users to maintain security and compliance. Microsoft Graph API provides robust capabilities to manage and monitor guest users effectively. Here are 10 crucial Graph API calls that can help you monitor guest users in your Microsoft 365 environment.

1. List Guest Users

To get a list of all guest users in your organization, you can use the following API call. This helps in maintaining an overview of all external users who have access to your resources.

GET https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'        

2. Get Guest User Details

For detailed information about a specific guest user, such as their email, status, and assigned roles, use this API call. It provides comprehensive data about the user.

GET https://graph.microsoft.com/v1.0/users/{user-id}        

3. List Guest User’s Group Memberships

To monitor the access levels of a guest user, it's crucial to know which groups they are a part of. This API call lists all the groups a guest user belongs to.

GET https://graph.microsoft.com/v1.0/users/{user-id}/memberOf        

4. Check Sign-In Activity

Monitoring sign-in activity helps in identifying any unusual login attempts or patterns. This API call retrieves the sign-in logs for a guest user.

GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=userId eq '{user-id}'        

5. Audit Directory Activities

To audit directory changes such as addition or removal of guest users, use this API call. It provides a log of directory activities related to user accounts.

GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=targetResources/any(tr:tr/userPrincipalName eq '{user-email}')        

6. List Guest User’s Assigned Licenses

Checking the licenses assigned to guest users ensures they have the appropriate access without unnecessary permissions. This API call lists all licenses assigned to a guest user.

GET https://graph.microsoft.com/v1.0/users/{user-id}/licenseDetails        

7. Get Sign-In Risk Events

To enhance security, monitor any risky sign-ins by guest users. This API call retrieves information about sign-in risk events for a user.

GET https://graph.microsoft.com/v1.0/identityProtection/riskyUsers/{user-id}/riskEvents        

8. List Directory Role Memberships

Understanding the directory roles assigned to guest users helps in monitoring their level of access and administrative capabilities. This API call lists all directory roles a user is a member of.

GET https://graph.microsoft.com/v1.0/users/{user-id}/memberOf/directoryRoles        

9. Monitor Consent and Permissions

Review the OAuth2 permissions granted by guest users to applications. This API call helps in monitoring the delegated permissions and application permissions assigned to a guest user.

GET https://graph.microsoft.com/v1.0/users/{user-id}/oauth2PermissionGrants        

10. List Recent Activities

To monitor recent activities by guest users, such as file access or sharing events, use this API call. It provides insights into user actions within the organization.

GET https://graph.microsoft.com/v1.0/users/{user-id}/activities/recent        

Summary

Monitoring guest users in Microsoft 365 is essential for maintaining security, compliance, and operational efficiency. These 10 Graph API calls provide a robust framework for tracking and managing the activities and access of guest users. By leveraging these API calls, administrators can ensure that external users have the appropriate access while safeguarding organizational resources.