M365 Glossary

Get-MgUserSponsor

What is Get-MgUserSponsor?

Get-MgUserSponsor is a Microsoft Graph PowerShell cmdlet used to retrieve the sponsor(s) assigned to a user in Microsoft Entra ID (Azure AD).

A Sponsor is typically assigned to Guest users (B2B users) and represents the internal employee responsible for that guest’s access and lifecycle within the tenant.

This cmdlet retrieves the directory object(s) configured as sponsors for a specific user.

In most real-world scenarios, this cmdlet is used for:

Guest user governance
Access reviews
Lifecycle management
Security audits

🚀 Community Edition Released!

Try the M365Corner Microsoft 365 Reporting Tool — your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.

📥 Get it on GitHub ℹ️ Know More

Why Use Get-MgUserSponsor?

Guest user sprawl is a real governance challenge in many organizations.

Sponsors help answer critical questions:

Who invited this guest user?
Who is responsible for this external account?
Who should approve access reviews?
Who should be contacted if the guest becomes inactive?

Using Get-MgUserSponsor, administrators can:

Audit guest ownership
Identify orphaned guest accounts (no sponsor)
Generate compliance reports
Support periodic access reviews
Strengthen external collaboration governance

For security-conscious environments, sponsor visibility is essential.

Prerequisites

Before using Get-MgUserSponsor, ensure:

Microsoft Graph PowerShell SDK is installed
You are connected to Graph
Required API permissions are granted

Install Microsoft Graph (if needed)

Install-Module Microsoft.Graph -Scope CurrentUser

Connect to Microsoft Graph

Connect-MgGraph -Scopes "User.Read.All","Directory.Read.All"

Required API Permissions

To use Get-MgUserSponsor, the following permissions are required:

Delegated Permissions

User.Read.All
Directory.Read.All

Application Permissions (For automation)

User.Read.All
Directory.Read.All

⚠️ Admin consent is required for Directory-level permissions.

How to Use Get-MgUserSponsor?

Syntax

Get-MgUserSponsor -UserId <String>

Parameter Explanation

Parameter	Description
-UserId	The User Principal Name (UPN) or Object ID of the user

You can pass:

UserPrincipalName (guestuser@domain.com)
ObjectId (GUID)

Get-MgUserSponsor -UserId <String>

Basic usage:

Get-MgUserSponsor -UserId "guestuser@domain.com"

This returns the sponsor directory object(s).
To get full details (Display Name, UPN), you must query the sponsor using Get-MgUser.

Get-MgUserSponsor Examples

Example 1: Listing User Sponsor for a Single Guest User

Get-MgUserSponsor -UserId "guestuser@domain.com"

Explanation

Retrieves sponsor object(s) assigned to the specified guest user.
Returns sponsor ID(s).
To retrieve full sponsor details, use:

                                            
$sponsor = Get-MgUserSponsor -UserId "guestuser@domain.com"
Get-MgUser -UserId $sponsor.Id

This helps identify:

Sponsor Display Name
Sponsor UPN
Sponsor Object ID

Example 2: Bulk List Sponsors for All Guest Users (Export + Console Output)

This script:

Retrieves all Guest users
Fetches their sponsor(s)
Builds a structured report
Exports to CSV
Displays live progress in console

Write-Host "Fetching all Guest Users..." -ForegroundColor Cyan

# Step 1: Get all Guest users
$GuestUsers = Get-MgUser -Filter "userType eq 'Guest'" -All

# Store results
$SponsorReport = @()

# Step 2: Loop through each guest user
foreach ($guest in $GuestUsers) {

    Write-Host "Processing Guest: $($guest.DisplayName)" -ForegroundColor Yellow

    try {
        # Step 3: Get sponsor ID(s)
        $sponsors = Get-MgUserSponsor -UserId $guest.Id

        foreach ($sponsor in $sponsors) {

            # Step 4: Fetch sponsor details
            $sponsorDetails = Get-MgUser -UserId $sponsor.Id

            # Step 5: Add record to report
            $SponsorReport += [PSCustomObject]@{
                GuestDisplayName     = $guest.DisplayName
                GuestUPN             = $guest.UserPrincipalName
                SponsorDisplayName   = $sponsorDetails.DisplayName
                SponsorUPN           = $sponsorDetails.UserPrincipalName
            }

            # Output to console
            Write-Host " Sponsor Found: $($sponsorDetails.DisplayName)" -ForegroundColor Green
        }
    }
    catch {
        Write-Warning "No sponsor found for guest: $($guest.UserPrincipalName)"
    }
}

# Step 6: Export report
$SponsorReport | Export-Csv "GuestSponsorReport.csv" -NoTypeInformation

Write-Host "`nGuest Sponsor Report Exported Successfully!" -ForegroundColor Cyan
Write-Host "File: GuestSponsorReport.csv"

What This Script Does

✔ Fetches all Guest users
✔ Retrieves assigned sponsor(s)
✔ Builds a structured audit report
✔ Exports to CSV
✔ Displays real-time processing output

Sample Output (CSV) will contain the following headers and values

GuestDisplayName	GuestUPN	SponsorDisplayName	SponsorUPN

Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.