Vulnerabilities are introduced when a Google Group contains many or one external member. If these members are no longer in communication with your organization, or they are ex-partners, you should audit such groups and investigate whether these members should still be present.
Follow these instructions to identify, audit and take action on external members.
Go to Groups Audit, Group members Tab (top menu bar selection) then click on the apply custom filter button.
When the menu option appears, apply the following search rule, Member doesn’t contain domain email. For example, Member doesn’t contain generalaudittool.com
External members are displayed adjacent to group email address.
Export the data to a Google Spreadsheet.