This repo contains sample code that demonstrates programmatic access to Azure AD Access Reviews. Sample code includes reading and managing Access Reviews, as well as working on decisions and results of Access Reviews.
Running the script I noticed that guest users that belong to either managed or consumer domains and are part of static groups (either 365 or Security), appear in the HTML report, when it is supposed they should not, since the report shows External users that have no static group membership or application assignments in your tenant.