Updated 2 months ago

15 Most Useful MS Graph PowerShell Scripts for Microsoft 365 IT Pros

by Kavya

7 min read

No Comments
Table of Contents

Are you among the many admins preparing for the retirement of AzureAD and MSOnline PowerShell modules? Transitioning to MS Graph PowerShell can be daunting, especially when searching for equivalent cmdlets. But fret not! I’ve curated a collection of essential PowerShell scripts tailored to manage your Microsoft 365 environment, all powered by MS Graph.

Explore a variety of MS Graph PowerShell scripts conveniently categorized for your needs:

License Management Scripts

Gain visibility into license usage and allocation to manage licensing across your Microsoft 365 environment efficiently.

1. Get Microsoft 365 Users and their Assigned Licenses

This report provides details of user license assignments within your Microsoft 365 environment. It offers insights into the allocation of licenses to user accounts, aiding in understanding license distribution and usage.

Download Script: O365UserLicenseReport

For detailed script execution steps, check out:
Export Microsoft 365 users license report

Sample Output:
Detailed M365 user license assignment report:
Microsoft 365 user assigned license report

M365 user license summary report:

2. Find Microsoft 365 License Usage and Expiry Date

This PowerShell script exports 6 license usage and expiry reports categorized by subscription type (trial, free, purchased) and expiry date.

These reports empower admins to proactively manage licenses by identifying subscription expiry dates and addressing renewals ahead of time.

Download Script: LicenseExpiryDateReport

To maximize the script’s capabilities, check out:
Export Microsoft 365 subscription expiry date report

Sample Output:
Microsoft 365 license expiry Date report

3.Assign or Remove Microsoft 365 Licenses using PowerShell

This PowerShell script can perform 10+ license management operations, including assigning and removing licenses for single and bulk users, as well as generating license reports.

Download Script: ManageM365Licenses

Unlock the script’s complete potential by referring to:
M365 license management and reporting tool

Sample Output:
Microsoft 365 license management tool

Microsoft 365 Users and Groups Reports:

This section provides a wide range of reports on users, groups, and membership details addressing various administrative requirements.

4. Find Inactive Users in Microsoft 365

This script identifies users who haven’t logged in within a specified timeframe, aiding admins in efficiently managing inactive user accounts. By specifying the number of inactive days, you can find users inactive for a defined period, such as those inactive for 90 days. Additionally, with built-in filtering parameters, you can export 10+ inactive user reports to a CSV file.

By identifying and removing inactive users, admins can optimize resource allocation and reduce unnecessary costs.

Download Script: GetM365InactiveUserReport

To unleash the script’s complete capabilities, check out:
Export inactive user report

Sample Output:
Microsoft 365 inactive user report using MS Graph

Note: The sign-in data includes both successful and failed login attempts.

5. Find M365 Users’ Last Successful Sign-in Time

In addition to the last login time (which includes failed login attempts too), you can now identify inactive users based on their last successful sign-in time. However, this feature was introduced in December 2023, so you can’t track successful sign-in data before then. Currently, as of March 2024, you can monitor inactive users for up to 90 days based on their last successful sign-in date and time.

For detailed script execution breakdowns, refer to:
Export M365 users’ last successful login time report

Sample Output:
M365 users last successful signin date report

6. Get Reports on Entra ID Managers and their Direct Reports

This script provides 6 comprehensive reports on Microsoft 365 managers and their direct reports. It exports information such as users and their managers, users without managers, managers and their direct reports, and more.

These reports offer valuable visibility into team compositions and reporting structures thereby facilitating effective management and collaboration.

To know the full capabilities of this script, check out:
Export M365 managers and direct reports

Sample Output:
Microsoft 365 Managers Report:
Export all managers and their direct reports M365

Microsoft 365 Users and their Managers Report:
Export all users and their managers in M365

7. Get All Microsoft 365 Groups and Their Members Report

With this PowerShell script, admins can generate 12+ group membership reports based on group types (such as distribution groups, security groups, mail enabled security groups, etc.) and group size (such as empty groups, groups with ‘n’ members, etc.). Also, the script generates 2 output files, one with summary info and another with detailed membership info.

Having visibility into group membership helps admins maintain security, compliance, and efficient collaboration within the organization.

Download Script: M365GroupReport

To fully leverage this script’s capabilities, refer to:
Export Microsoft 365 group reports.

Sample Output:
Detailed M365 group membership report

M365 group membership- summary report

8. View Microsoft 365 Groups A User is Member Of

This PowerShell script exports Microsoft 365 users’ group membership details. By utilizing built-in filtering parameters, you can generate 12+ user membership reports, such as guest users’ membership, disabled users’ membership, and users not in any groups, among others.

By knowing which groups a user belongs to, admins can ensure users have the appropriate permissions to access the necessary files, folders, and applications.

Download Script: UserMembershipReport.ps1

To explore the full capabilities of the script, refer to:
Export Microsoft 365 users’ group membership reports

Sample Output:

Microsoft 365 Security Reports:

This section provides comprehensive insights into various aspects of security within Microsoft services. It enables administrators to identify potential vulnerabilities, monitor access and activity, and enhance security.

9. Find Microsoft 365 Users’ Password Last Change and Expiry Date

This PowerShell script generates 6 different password reports, including expired password users, soon-to-expire password users, users with passwords set to never expire, users who recently changed their password, and more.

Tracking these reports allows admins to enforce password policies effectively and prompt users to update their passwords when necessary.

Download Script: PasswordExpiryReport.ps1

To access advanced features of this script, refer to:
Export M365 users’ password expiry date reports

Sample Output:

10. Identify Microsoft 365 Admins and Their Roles

This PowerShell script facilitates the creation of 4+ admin reports, such as the admins and their roles report and role-based admins report.

Identifying all administrators is essential for monitoring their activities and ensuring that only authorized personnel have access to sensitive data and resources.

Download Script: AdminReport.ps1

To maximize the script’s capabilities, check out:
Export Microsoft 365 admin roles report

Sample Output:

Microsoft 365 admins and their roles report:
Microsoft 365 admin report

Role-based admin report:
Microsoft 365 admin roles and assigned users

11. Get SSPR Status Report for Microsoft 365 Users

This PowerShell script exports 10+ SSPR status reports to identify users’ self-service password reset capability based on SSPR status, license status, etc.

By analyzing the SSPR status report, admins can ensure a smooth and secure password reset experience for users.

Download Script: GetSSPRstatusReport.ps1

To explore more use cases of this script, refer to:
Export SSPR status reports

Sample Output:
Export self-service password reset status reports

12. Get MFA Status Report

This PowerShell exports 7 MFA status reports based on users’ MFA authentication reports. It includes, MFA enabled users, MFA disabled users, MFA status of sign-in allowed users, etc.

By tracking the MFA status of users, admins can identify any accounts that do not have multi-factor authentication enabled, thereby reducing the risk of unauthorized access and potential security breaches.

Script Download: GetMFAStatusReport.ps1

To harness the complete power of this script, check out:
Get MFA status report using MS Graph

Sample Output:
Get-MFA-status-MS graph PowerShell

13. Export CA Policies in Microsoft 365

This MS Graph PowerShell script generates 6 essential Conditional Access policy reports with the 33 most required attributes and exports into a CSV file. It helps to identify CA policies based on their status, creation date, and last modified date.

By analyzing CA policy reports, admins can gain visibility into the configuration and enforcement of CA policies, including who they apply to, their conditions, and their impact on user access.

Download Script: ExportCApolicies.ps1

To unlock the full potential of this script, check out:
Export CA policies report to CSV file

Sample Output:
Export Conditional Access policy reports using PowerShell

14. Identify Guest Users and Their Group Membership Details

This script helps to find Microsoft 365 guest users in your organization and their group membership details. By using advanced filtering params, you can easily identify stale guest accounts and recently created guest accounts.

By having a report on guest user memberships, admins can ensure that only authorized users are placed in intended groups. Additionally, they can identify inactive or unnecessary guest accounts and revoke access as needed.

Download Script: GuestUserReport.ps1

For detailed script execution steps, check out:
Export guest users and their membership report

Sample Output:
Microsoft 365-Guest-user-report

15. Get Entra ID Device Report

This PowerShell script exports 5+ Entra ID device reports including all devices, managed devices, and inactive devices.

With these reports, admins can gain insights into the security status of organization devices and identify any devices that may not comply with security policies or pose potential security risks.

Script Download: GetAzureADDevicesReport.ps1

To maximize the effectiveness of this script, explore:
Export all devices in Microsoft 365

Sample Output:
Export devices in M365

I hope you find these MS Graph PowerShell scripts incredibly useful for managing your Microsoft 365 environment efficiently.

While PowerShell offers powerful capabilities for managing Microsoft 365, it can sometimes present challenges, especially for those unfamiliar with scripting or command-line interfaces. However, there’s a solution that simplifies Microsoft 365 management without the need for extensive scripting: AdminDroid.

Your Microsoft 365 Toolkit: AdminDroid – Free, Simple, and Effective!

AdminDroid is renowned among admins for its user-friendly UI and rich functionalities, enabling effortless Microsoft 365 management.

With AdminDroid’s Free Microsoft 365 admin tool, you get access to 120+ free reports and 10+ smart dashboards covering users, groups, licenses, and more; Track activities like user logins, password changes, group membership changes, and license modifications seamlessly.

Free capabilities include,

  • Automatic scheduling: Schedule reports to run at specified times and have them sent directly to your email.
  • Report export: Easily export reports in multiple formats such as CSV, PDF, and XLS.
  • Rich filters: Apply filters to focus on specific information within your reports and save them for future use.
  • Easy customization: Customize reports by rearranging columns, adjusting sizes, and adding or removing elements with ease.

Office 365 license report

Office 365 user dashboard by AdminDroid

Try out AdminDroid’s Free Microsoft 365 reporting tool and experience firsthand how it simplifies your reporting needs.

But that’s not all! Take full control with AdminDroid’s comprehensive suite of over 1800 pre-built reports and 30+ insightful dashboards covering various Microsoft 365 services such as Exchange Online, SharePoint, Microsoft Teams, OneDrive, and more. Explore advanced functionalities like alerting, delegation, and multi-tenant capabilities to enhance your Microsoft 365 management.

Download AdminDroid Microsoft 365 administration tool today and unlock new capabilities.

As you prepare for the transition to MS Graph, remember, it’s all about simplifying your administrative tasks and embracing new possibilities. Let’s make this migration smooth sailing together!

Share article