Are you among the many admins preparing for the retirement of AzureAD and MSOnline PowerShell modules? Transitioning to MS Graph PowerShell can be daunting, especially when searching for equivalent cmdlets. But fret not! I’ve curated a collection of essential PowerShell scripts tailored to manage your Microsoft 365 environment, all powered by MS Graph.
Explore a variety of MS Graph PowerShell scripts conveniently categorized for your needs:
Note: Discover 125+ PowerShell scripts in our Microsoft 365 PowerShell scripts GitHub repository.
License Management Scripts
Gain visibility into license usage and allocation to manage licensing across your Microsoft 365 environment efficiently.
1. Get Microsoft 365 Users and their Assigned Licenses
This report provides details of user license assignments within your Microsoft 365 environment. It offers insights into the allocation of licenses to user accounts, aiding in understanding license distribution and usage.
Download Script: O365UserLicenseReport
For detailed script execution steps, check out:
Export Microsoft 365 users license report
Sample Output:
Detailed M365 user license assignment report:
M365 user license summary report:
2. Find Microsoft 365 License Usage and Expiry Date
This PowerShell script exports 6 license usage and expiry reports categorized by subscription type (trial, free, purchased) and expiry date.
These reports empower admins to proactively manage licenses by identifying subscription expiry dates and addressing renewals ahead of time.
Download Script: LicenseExpiryDateReport
To maximize the script’s capabilities, check out:
Export Microsoft 365 subscription expiry date report
Sample Output:
3.Assign or Remove Microsoft 365 Licenses using PowerShell
This PowerShell script can perform 10+ license management operations, including assigning and removing licenses for single and bulk users, as well as generating license reports.
Download Script: ManageM365Licenses
Unlock the script’s complete potential by referring to:
M365 license management and reporting tool
Sample Output:
Microsoft 365 Users and Groups Reports:
This section provides a wide range of reports on users, groups, and membership details addressing various administrative requirements.
4. Find Inactive Users in Microsoft 365
This script identifies users who haven’t logged in within a specified timeframe, aiding admins in efficiently managing inactive user accounts. By specifying the number of inactive days, you can find users inactive for a defined period, such as those inactive for 90 days. Additionally, with built-in filtering parameters, you can export 10+ inactive user reports to a CSV file.
By identifying and removing inactive users, admins can optimize resource allocation and reduce unnecessary costs.
Download Script: GetM365InactiveUserReport
To unleash the script’s complete capabilities, check out:
Export inactive user report
Sample Output:
Note: The sign-in data includes both successful and failed login attempts.
5. Find M365 Users’ Last Successful Sign-in Time
In addition to the last login time (which includes failed login attempts too), you can now identify inactive users based on their last successful sign-in time. However, this feature was introduced in December 2023, so you can’t track successful sign-in data before then. Currently, as of March 2024, you can monitor inactive users for up to 90 days based on their last successful sign-in date and time.
Download Script: M365UsersLastSuccessfulSigninReport.ps1
For detailed script execution breakdowns, refer to:
Export M365 users’ last successful login time report
Sample Output:
6. Get Reports on Entra ID Managers and their Direct Reports
This script provides 6 comprehensive reports on Microsoft 365 managers and their direct reports. It exports information such as users and their managers, users without managers, managers and their direct reports, and more.
These reports offer valuable visibility into team compositions and reporting structures thereby facilitating effective management and collaboration.
Download Script: GetM365ManagerAndDirectReports.ps1
To know the full capabilities of this script, check out:
Export M365 managers and direct reports
Sample Output:
Microsoft 365 Managers Report:
Microsoft 365 Users and their Managers Report:
7. Get All Microsoft 365 Groups and Their Members Report
With this PowerShell script, admins can generate 12+ group membership reports based on group types (such as distribution groups, security groups, mail enabled security groups, etc.) and group size (such as empty groups, groups with ‘n’ members, etc.). Also, the script generates 2 output files, one with summary info and another with detailed membership info.
Having visibility into group membership helps admins maintain security, compliance, and efficient collaboration within the organization.
Download Script: M365GroupReport
To fully leverage this script’s capabilities, refer to:
Export Microsoft 365 group reports.
Sample Output:
Detailed M365 group membership report
M365 group membership- summary report
8. View Microsoft 365 Groups A User is Member Of
This PowerShell script exports Microsoft 365 users’ group membership details. By utilizing built-in filtering parameters, you can generate 12+ user membership reports, such as guest users’ membership, disabled users’ membership, and users not in any groups, among others.
By knowing which groups a user belongs to, admins can ensure users have the appropriate permissions to access the necessary files, folders, and applications.
Download Script: UserMembershipReport.ps1
To explore the full capabilities of the script, refer to:
Export Microsoft 365 users’ group membership reports
Sample Output:
Microsoft 365 Security Reports:
This section provides comprehensive insights into various aspects of security within Microsoft services. It enables administrators to identify potential vulnerabilities, monitor access and activity, and enhance security.
9. Find Microsoft 365 Users’ Password Last Change and Expiry Date
This PowerShell script generates 6 different password reports, including expired password users, soon-to-expire password users, users with passwords set to never expire, users who recently changed their password, and more.
Tracking these reports allows admins to enforce password policies effectively and prompt users to update their passwords when necessary.
Download Script: PasswordExpiryReport.ps1
To access advanced features of this script, refer to:
Export M365 users’ password expiry date reports
Sample Output:
10. Identify Microsoft 365 Admins and Their Roles
This PowerShell script facilitates the creation of 4+ admin reports, such as the admins and their roles report and role-based admins report.
Identifying all administrators is essential for monitoring their activities and ensuring that only authorized personnel have access to sensitive data and resources.
Download Script: AdminReport.ps1
To maximize the script’s capabilities, check out:
Export Microsoft 365 admin roles report
Sample Output:
Microsoft 365 admins and their roles report:
Role-based admin report:
11. Get SSPR Status Report for Microsoft 365 Users
This PowerShell script exports 10+ SSPR status reports to identify users’ self-service password reset capability based on SSPR status, license status, etc.
By analyzing the SSPR status report, admins can ensure a smooth and secure password reset experience for users.
Download Script: GetSSPRstatusReport.ps1
To explore more use cases of this script, refer to:
Export SSPR status reports
Sample Output:
12. Get MFA Status Report
This PowerShell exports 7 MFA status reports based on users’ MFA authentication reports. It includes, MFA enabled users, MFA disabled users, MFA status of sign-in allowed users, etc.
By tracking the MFA status of users, admins can identify any accounts that do not have multi-factor authentication enabled, thereby reducing the risk of unauthorized access and potential security breaches.
Script Download: GetMFAStatusReport.ps1
To harness the complete power of this script, check out:
Get MFA status report using MS Graph
Sample Output:
13. Export CA Policies in Microsoft 365
This MS Graph PowerShell script generates 6 essential Conditional Access policy reports with the 33 most required attributes and exports into a CSV file. It helps to identify CA policies based on their status, creation date, and last modified date.
By analyzing CA policy reports, admins can gain visibility into the configuration and enforcement of CA policies, including who they apply to, their conditions, and their impact on user access.
Download Script: ExportCApolicies.ps1
To unlock the full potential of this script, check out:
Export CA policies report to CSV file
Sample Output:
14. Identify Guest Users and Their Group Membership Details
This script helps to find Microsoft 365 guest users in your organization and their group membership details. By using advanced filtering params, you can easily identify stale guest accounts and recently created guest accounts.
By having a report on guest user memberships, admins can ensure that only authorized users are placed in intended groups. Additionally, they can identify inactive or unnecessary guest accounts and revoke access as needed.
Download Script: GuestUserReport.ps1
For detailed script execution steps, check out:
Export guest users and their membership report
Sample Output:
15. Get Entra ID Device Report
This PowerShell script exports 5+ Entra ID device reports including all devices, managed devices, and inactive devices.
With these reports, admins can gain insights into the security status of organization devices and identify any devices that may not comply with security policies or pose potential security risks.
Script Download: GetAzureADDevicesReport.ps1
To maximize the effectiveness of this script, explore:
Export all devices in Microsoft 365
Sample Output:
I hope you find these MS Graph PowerShell scripts incredibly useful for managing your Microsoft 365 environment efficiently.
While PowerShell offers powerful capabilities for managing Microsoft 365, it can sometimes present challenges, especially for those unfamiliar with scripting or command-line interfaces. However, there’s a solution that simplifies Microsoft 365 management without the need for extensive scripting: AdminDroid.
Your Microsoft 365 Toolkit: AdminDroid – Free, Simple, and Effective!
AdminDroid is renowned among admins for its user-friendly UI and rich functionalities, enabling effortless Microsoft 365 management.
With AdminDroid’s Free Microsoft 365 admin tool, you get access to 120+ free reports and 10+ smart dashboards covering users, groups, licenses, and more; Track activities like user logins, password changes, group membership changes, and license modifications seamlessly.
Free capabilities include,
- Automatic scheduling: Schedule reports to run at specified times and have them sent directly to your email.
- Report export: Easily export reports in multiple formats such as CSV, PDF, and XLS.
- Rich filters: Apply filters to focus on specific information within your reports and save them for future use.
- Easy customization: Customize reports by rearranging columns, adjusting sizes, and adding or removing elements with ease.
Try out AdminDroid’s Free Microsoft 365 reporting tool and experience firsthand how it simplifies your reporting needs.
But that’s not all! Take full control with AdminDroid’s comprehensive suite of over 1800 pre-built reports and 30+ insightful dashboards covering various Microsoft 365 services such as Exchange Online, SharePoint, Microsoft Teams, OneDrive, and more. Explore advanced functionalities like alerting, delegation, and multi-tenant capabilities to enhance your Microsoft 365 management.
Download AdminDroid Microsoft 365 administration tool today and unlock new capabilities.
As you prepare for the transition to MS Graph, remember, it’s all about simplifying your administrative tasks and embracing new possibilities. Let’s make this migration smooth sailing together!
