Microsoft Graph PowerShell: Effortless User Management in Microsoft 365

Microsoft Graph PowerShell: Effortless User Management in Microsoft 365

As the user base in a Microsoft 365 tenant continues to grow, the need for streamlined management processes becomes increasingly vital. To tackle this challenge, Microsoft 365 admins employ a combination of tools, including the Microsoft 365 admin center, Azure AD PowerShell, Graph PowerShell, and more. While the admin centers provide fundamental operations to manage Microsoft 365 users, PowerShell empowers M365 admins to execute bulk operations with minimal time investment.

In this informative blog, we will delve into the management of M365 users using Microsoft Graph PowerShell. Without further delay, let’s get started.

Why Microsoft Graph PowerShell SDK?

You might be curious about our preference for the Graph PowerShell SDK over other modules like Azure AD. Here’s why: The Graph PowerShell SDK serves as a robust interface for Microsoft Graph APIs, making the complete API suite accessible within PowerShell. This SDK provides a rich set of cmdlets that empower Microsoft 365 administrators to efficiently manage and automate bulk operations within Entra ID, formerly known as Azure AD.

Another important factor to consider is Microsoft’s deprecation of fundamental PowerShell modules such as MS Online and Azure AD. To stay ahead and align with Microsoft’s future direction, adopting the Graph PowerShell module is the wiser choice.

Manage Microsoft 365 Users Using MS Graph PowerShell

Discover the following major Graph PowerShell operations that help to manage Microsoft 365 users efficiently.

  1. Create a new user
  2. Create bulk users in Office 365
  3. Get a list of all users in Microsoft 365
  4. Update user properties
  5. Add a user to a group
  6. Add bulk users to a group
  7. Remove users from a group
  8. Remove multiple users from a group
  9. Assign managers for Microsoft 365 users
  10. Assign licenses to users
  11. Removing licenses from user accounts
  12. Delete a user from Microsoft 365

Before you begin working with these Microsoft Graph cmdlets, ensure that you have connected to the Microsoft Graph PowerShell module with the following scopes.

    • Directory.ReadWrite.All
    • Group.ReadWrite.All
    • GroupMember.ReadWrite.All
    • User.ReadWrite.All

1. Create a New User Using Microsoft Graph PowerShell

To create a new user in the Microsoft Graph PowerShell module, you can use the New-MgUser’ cmdlet.

$Password = @{Password = "<Password>"} 
New-MgUser -DisplayName "<DisplayName>" -AccountEnabled -UserPrincipalName "<User’sUPN>" -PasswordProfile $Password -MailNickname "<MailNickName>" 

Create Users Using MS Graph PowerShell

The above cmdlet creates a new user while making sure the user is required to change their password when they first sign in.

To not force the user to change the password during their first sign-in, use the below command.

$Password = @{ 
    Password = "<Password>" 
    ForceChangePasswordNextSignIn = $false 
New-MgUser -DisplayName "<DisplayName>" -AccountEnabled -UserPrincipalName "<User’sUPN>" -PasswordProfile $Password -MailNickname "<MailNickName>" 

Create Users Using MS Graph PowerShell without Forcing to Change Password on First Sign-in

After creating users, you can manage passwords using PowerShell to enable actions such as password changes, forcing users to reset passwords, configuring password expiration, and more.

2. Create Bulk Users in Office 365 Using Graph PowerShell

To bulk-create users using the Microsoft Graph PowerShell module, first create a CSV file with the headers DisplayName, UPN, MailNickName, and Password as per the image below.

Bulk user creation using MS Graph PowerShell - Csv file format

After creating the CSV file, create a PowerShell script that runs the ‘New-Mguser’ cmdlet for each user as described here.

Import-Csv <FileLocation> | Foreach {  
    $Password = @{Password = $_.Password} 
    New-MgUser -DisplayName $_.DisplayName -AccountEnabled -UserPrincipalName $_.UPN -PasswordProfile $Password -MailNickname $_.MailNickName 

Bulk user creation using Microsoft Graph PowerShell

3. Get a List of All Users in Microsoft 365 Using Graph PowerShell

As a M365 admin, you can retrieve all the users in your tenant using the ‘Get-MgUser’ cmdlet.

Get-MgUser –All

Get all Microsoft 365 Users Using Graph PowerShell -Manage Microsoft 365 Users

You can also identify M365 inactive users based on their successful sign-ins. It helps to pinpointing stale accounts, allowing you to remove licenses and achieve cost reduction

4. Update User Properties Using Microsoft Graph PowerShell

Microsoft 365 admins can update the properties of a user using the ‘Update-MgUser’ cmdlet as demonstrated below.

Update-MgUser -UserId <UserID> -UsageLocation 'US' -CompanyName 'Contoso' -City 'Denmark'

The above example only changes a few of the properties. The cmdlet can support more attributes, such as, AgeGroup, Birthday, DisplayName, EmployeeID, OfficeLocation, PostalCode, PreferredLanguage, and Department.

5. Add a User to a Group Using Graph PowerShell

To add a user to an Azure AD group, you must know the object ID of the group. To get the object ID of the existing group, execute the following cmdlet.

Get-MgGroup –All 

Get a list of all groups using MS Graph PowerShell - Manage Microsoft 365 Users

To add users to a new group, first create a group with Microsoft Graph PowerShell based on your requirements. After that, note the object ID of the group.

Execute the below cmdlet to add new users to a Microsoft group.

New-MgGroupMember -GroupId <GroupObjectID> -DirectoryObjectId <UserID> 

6. Add Bulk Users to a Group Using Graph PowerShell

To bulk add users to a group in Microsoft 365 using PowerShell, just create a CSV file with the user’s “ID” and then execute the forthcoming cmdlet.

Bulk add users to a group using MS Graph PowerShell - CSV file format

Import-Csv <FileLocation> | Foreach {New-MgGroupMember -GroupId <GroupObjectID> -DirectoryObjectId $_.UserID}

7. Remove a User from a Group in Microsoft 365 Using Graph PowerShell

The below Microsoft Graph cmdlet helps the admin to remove a user from a group in Microsoft 365.

Remove-MgGroupMemberByRef -GroupId <GroupObjectID> -DirectoryObjectId <UserID> 

Note: Admins can’t remove a user from groups with dynamic memberships.

8. Remove Multiple Users from a Group Using Microsoft Graph PowerShell

To remove multiple users from an Azure AD group, first create a CSV file with a list of User’s IDs. Thereafter, execute the ‘Remove-MgGroupMemberByRef’ cmdlet in the ‘for’ loop.

Import-Csv <FileLocation> | Foreach {Remove-MgGroupMemberByRef -GroupId <GroupObjectID> -DirectoryObjectId $_.UserID} 

9. Assign Managers for Microsoft 365 Users Using Graph PowerShell

To update or assign a manager for users in Microsoft 365, administrators can use the cmdlet ‘Set-MgUserManagerByRef’.

$Manager = @{ 
Set-MgUserManagerByRef -UserId '<UserIDOrUPN>' -BodyParameter $Manager 

10. Assign Licenses to Users Using Microsoft Graph PowerShell

Before assigning licenses to users, it is essential to know the ‘SkuId’ of the specific license to be assigned. To know the ‘SkuId’ of the license, execute the cmdlet below.

Get-MgSubscribedSku –All

Thereafter, to assign licenses to Microsoft 365 users, you can use the ‘Set-MgUserLicense’ cmdlet as demonstrated below.

Set-MgUserLicense -UserId <UserIDOrUPN> -AddLicenses @{SkuId= <SKUID>} -RemoveLicenses @() 

Assign License to a user using MS Graph PowerShell

You can also use the Set-MgUserLicense cmdlet to assign licenses to bulk users. Additionally you can use Microsoft365DSC tool to assign licenses for bulk users.

Note: In order to assign a license to a Microsoft 365 user, you must have previously designated a usage location for them.

11. Removing Licenses from User Accounts Using MS Graph PowerShell

To remove licenses from Microsoft 365 users, use the same ‘Set-MgUserLicense’ cmdlet as described below.

Set-MgUserLicense -UserId <UserIDOrUPN> -AddLicenses @() -RemoveLicenses @(<SKUID>) 

Remove license from a user using MS Graph PowerShell

Furthermore, you can refer the manage Microsoft 365 licenses script to list, bulk assign, and bulk remove M365 licenses.

12. Delete a User from Microsoft 365 Using Graph PowerShell

Finally, to remove a Microsoft 365 user using PowerShell, you can utilize the ‘Remove-MgUser’ cmdlet.

Remove-MgUser -UserId <UserIDOrUPN> -confirm 

Executing this cmdlet asks for a confirmation to delete the user. To delete users without any confirmation, you can remove the parameter ‘Confirm’.

Soft-deleted users can be conveniently restored using the Entra ID portal or Microsoft Graph PowerShell. To restore a deleted user in Microsoft 365 using Graph PowerShell, execute the Restore-MgDirectoryDeletedItem cmdlet.

To remove a former employee, simply deleting the user is not recommended as it leads to the risk of losing critical data associated with the account. To do this safely, admins can automate Microsoft 365 user offboarding with PowerShell. Upon successful offboarding, administrators must ensure that departing employees no longer have access to company resources. In order to do that, you can make use of this convenient script to track Microsoft 365 offboarded user activities.

Empower Microsoft 365 User Management with AdminDroid’s Insights

Ready to elevate your Microsoft 365 management game to new heights? Our journey through Microsoft 365 user management has been informative, but it’s time to step up your admin skills. AdminDroid, the all-in-one reporting and auditing solution, is here to transform your experience.

AdminDroid Microsoft 365 user reporting provides a wide spectrum of insight into your organization’s users. The user reporting categorizes various user-related reports, making it easy to identify and analyze every user’s detail with just a single click. The user reports covered by AdminDroid consists of:

  • Microsoft 365 sign-in disabled/enabled users
  • Microsoft user creations/deletions
  • Users’ group memberships
  • Azure AD synced users
  • Microsoft 365 users with errors
  • Microsoft 365 external users
  • External users’ group memberships
  • M365 users without mangers

Recently Created M365 Users Report _ AdminDroid Office 365 Reporter

AdminDroid Microsoft 365 user auditing is the watchful guardian that helps Microsoft 365 administrators stay ahead of evolving user dynamics. With the user auditing feature, admins can strengthen security by maintaining a vigilant watch over any alterations in user profiles, passwords, and administrative roles.

Moreover, the user dashboard gallery serves as the central hub, offering administrators a holistic view of critical user information at a glance. It furnishes admins with essential metrics, including the sign-in denied users, administrative users, users without managers, and those with weak passwords. These metrics provide valuable insights that empower informed decision-making.

User Dashboard _ AdminDroid Office 365 Reporter

Why choose AdminDroid for Microsoft 365 reporting?

AdminDroid stands out and it is preferred for a multitude of reasons:

  • AdminDroid Azure AD management tool provides lifetime free access to 130+ reports.
  • Rich in reports and customization with advanced AI graphics.
  • Includes reports for all M365 services like Teams, SharePoint, Exchange, and more.
  • Offers an impressive collection of 1800+ reports and 30+ dashboards.
  • Experience the premium edition free for 15 days.
  • Effortless Microsoft alerting, compliance auditing, and delegation to reporting!

Curious? Download AdminDroid today and effortlessly monitor your Microsoft 365 environment!

We hope that this blog has provided you with efficient operations from bulk user creation to deletion through Graph PowerShell. Embrace this powerful tool to ensure your organization remains agile and future-ready in the ever-evolving digital landscape. Feel free to leave your thoughts in the comments section.

Microsoft Graph PowerShell: Effortless User Management in Microsoft 365

by Thiraviam time to read: 7 min