full audit of external guest accounts, their access levels, and activity status.
full audit of external guest accounts, their access levels, and activity status.
The data covers the full scope of Autotask PSA records relevant to this analysis, broken down by the key dimensions your team needs for day-to-day decisions and client reporting.
Who should use this: Security teams, compliance officers, and MSP owners managing risk
How often: Weekly for security posture, monthly for compliance reporting, on-demand for audits
full audit of external guest accounts, their access levels, and activity status.
EVALUATE
ROW(
"Total", COUNTROWS(BI_Microsoft_GuestUsers),
"Stale Access", CALCULATE(COUNTROWS(BI_Microsoft_GuestUsers), BI_Microsoft_GuestUsers[category] = "Stale Access"),
"Active Guest", CALCULATE(COUNTROWS(BI_Microsoft_GuestUsers), BI_Microsoft_GuestUsers[category] = "Active Guest")
)Breakdown of guest users focusing on stale access across tenants.
| Tenant | Stale Access | Active Guest | Overprivileged | Status | Last Updated |
|---|---|---|---|---|---|
| Contoso Ltd | 94.2% | 88.1% | 91.3% | Good | 2 hours ago |
| Fabrikam Inc | 91.8% | 85.4% | 87.6% | Good | 3 hours ago |
| Woodgrove Bank | 87.3% | 79.2% | 82.1% | Warning | 1 hour ago |
| Tailspin Toys | 82.1% | 74.8% | 78.4% | Warning | 4 hours ago |
| Adventure Works | 78.6% | 71.3% | 74.9% | Critical | 2 hours ago |
| Litware Inc | 96.1% | 92.7% | 94.5% | Good | 1 hour ago |
Adventure Works shows the lowest stale access coverage at 78.6%, falling below the recommended 80% threshold. Combined with Tailspin Toys at 82.1%, these two tenants represent the most significant guest users gaps in the portfolio and should be prioritized for remediation.
EVALUATE
SUMMARIZECOLUMNS(
BI_Microsoft_GuestUsers[tenant_name],
"Stale Access", CALCULATE(COUNTROWS(BI_Microsoft_GuestUsers), BI_Microsoft_GuestUsers[policy_type] = "Stale Access"),
"Active Guest", CALCULATE(COUNTROWS(BI_Microsoft_GuestUsers), BI_Microsoft_GuestUsers[policy_type] = "Active Guest")
)
ORDER BY [Stale Access] DESCHow overprivileged has evolved over the past 90 days.
| Month | Total Tenants | Stale Access Coverage | Active Guest Coverage | Overprivileged Coverage |
|---|---|---|---|---|
| January 2026 | 138 | 84.1% | 69.6% | 60.9% |
| February 2026 | 140 | 85.7% | 71.4% | 62.8% |
| March 2026 | 142 | 87.3% | 72.5% | 64.1% |
Overprivileged coverage improved from 60.9% to 64.1% over three months, a positive but modest improvement. At this rate it will take another 8 months to reach the 80% target. To accelerate, consider implementing overprivileged policies as part of the standard onboarding template for new tenants.
EVALUATE
SUMMARIZECOLUMNS(
BI_Microsoft_GuestUsers[snapshot_month],
"TenantCount", DISTINCTCOUNT(BI_Microsoft_GuestUsers[tenant_id]),
"Stale AccessCoverage", DIVIDE(CALCULATE(COUNTROWS(BI_Microsoft_GuestUsers), BI_Microsoft_GuestUsers[stale_access_enabled] = TRUE()), COUNTROWS(BI_Microsoft_GuestUsers))
)
ORDER BY BI_Microsoft_GuestUsers[snapshot_month] ASCThe risk matrix shows that most entities fall in the low-risk category, but the high-risk group demands immediate attention. The moderate-risk group shows a declining trend that could escalate without intervention.
| Category | Items | Primary | Secondary | Status |
|---|---|---|---|---|
| Category A | 234 | 94.2% | 14 | Healthy |
| Category B | 187 | 89.3% | 20 | Review |
| Category C | 156 | 91.7% | 13 | Healthy |
| Category D | 98 | 86.7% | 13 | Review |
| Category E | 67 | 82.1% | 12 | At Risk |
| Category F | 45 | 95.6% | 2 | Healthy |
The detailed breakdown shows clear performance differences. The bottom two categories require targeted action to improve overall portfolio health.
Overall portfolio health is strong at 92.4%, but the 87.3% coverage rate suggests that roughly 1 in 8 entities is not fully monitored. The 23 open action items represent a manageable backlog if addressed within 2 weeks.
The gap between top and bottom performers is wider than expected. The bottom 20% scores more than 25 percentage points below the portfolio average, indicating structural issues that require targeted intervention.
Entities in the moderate risk category show a declining trend over the past quarter. Without intervention, 3-4 of these entities may shift to the high-risk category within 60 days.
The top 30% of the portfolio maintains stable performance above target, indicating current best practices are effective and can serve as a model for the rest.
1. Conduct a targeted review of all high-risk entities within 2 weeks. Document the root cause for each entity and create a remediation plan with clear deadlines and accountable owners.
2. Implement automated monitoring for the moderate-risk group. Set thresholds that trigger an alert when performance drops 5 percentage points below target, enabling early intervention before entities slip into high risk.
3. Schedule this report monthly as part of the QBR process. Use the trend data to verify that improvement initiatives are delivering measurable results across multiple quarters.
Stale Access is a security control in Microsoft 365 that helps protect tenant resources. It should be enabled for all users in production tenants.
Guest users data syncs daily from the Microsoft Graph API. Changes typically appear within 24 hours.
Best practice is 100% coverage for stale access. At minimum, 95% coverage should be the target for all managed tenants.
Start with the lowest-coverage tenants and apply baseline guest users policies. Use security defaults as a starting point for tenants without conditional access.
Connect Proxuma Power BI to your PSA, RMM, and M365 environment, use an MCP-compatible AI to ask questions, and generate custom reports - in minutes, not days.
See more reports Get started