GetGuestUserLastSignIn.ps1

Install-Module Microsoft.Graph
Import-Module Microsoft.Graph
Connect-MgGraph
Select-MgProfile -Name beta
Get-MgUser -All -Filter "userType eq 'Guest'" -Select "mail,userPrincipalName,signInActivity" | Select-Object -Property mail,@{Name = 'LastSignIn'; Expression = {$_.signInActivity.lastSignInDateTime}}

Thanks for sharing this, this looks exactly what I need for my tenant right now.

However I can't get it to return signInActivity. I can in Graph Explorer, just not with Get-MgUser.

Do you know what scopes it requires?

I've tried a number of combinations including variations of the following (some taken from what I can see consented in Graph Explorer).

"User.Read", "User.Read.All", "AuditLog.Read.All", "Directory.Read.All", "email", "openid", "profile"

I'm using Microsoft.Graph 1.9.0 and am signed in as a Global Admin

User.Read should do it. Can you share the error you are seeing?

Hi @merill, thanks for getting back to me. There was no error, just an absence of data for that property.

I'm new to the graph module so didn't look at the syntax, especially since it wasn't giving an error. But I've managed to make it work now. I wonder has something changed in the module as -Select doesn't appear to be a parameter of Get-MgUser (docs).

The following works (even without the scope):

Connect-MgGraph -Scopes "User.Read"
Select-MgProfile -Name beta
Get-MgUser -All -Filter "userType eq 'Guest'" -Property signInActivity | Select-Object -Property mail,@{Name = 'LastSignIn'; Expression = {$_.signInActivity.lastSignInDateTime}}

It's interesting because I couldn't get signInActivity to return using the Graph Explorer unless I consented to AuditLog.Read.All (and maybe some of the others). I might have to revisit that and see if that's really true.