Organizations with frequent staff changes face significant challenges when managing their user accounts. The constant cycle of onboarding and offboarding Microsoft 365 users requires attentive administration. In such environments, the ability to get Entra users gives admins a comprehensive view of users’ account status, license allocation, and more.
This visibility enables them to implement standardized naming conventions, supports better user organization and license management. In this guide, we’ll show you how to get all Entra users —helping you streamline and automate the user lifecycle in Microsoft 365.
How to Get All Entra Users?
To download a list of all users in Microsoft 365, you can use the following approaches.
1. Export All Entra Users from Microsoft 365 Admin Center
You can view and export all users in Microsoft 365 admin center by following the steps below.
- Login to the Microsoft 365 admin center.
- Navigate to Active users section under Users and click on the ellipsis next to the search bar.
- Select Export users and click Continue on the confirmation prompt.
Alternatively, you can export all users from Entra admin center using bulk user list download operation shown in the image below.
2. Export Users in Microsoft 365 Using PowerShell
You can retrieve Microsoft 365 users using different PowerShell cmdlets like Get-MsolUser and Get-AzureADUser. However, Microsoft is retiring the MSOL and AzureAD modules in favor of modern alternative Microsoft Graph PowerShell. To get all Entra users using MS Graph module, run the cmdlet below.
|
1 |
Get-MgUser –All |
Before using the above cmdlet, you must have installed Microsoft Graph PowerShell SDK and then run the Connect-MgGraph cmdlet to establish connection with your Microsoft 365.
Although these tasks can be performed through cmdlets or the admin centers, managing them across multiple user types or filters becomes time-consuming and inconsistent. To ease your work, we have created a PowerShell script that will export 30+ Entra user reports based on various filters.
Download Script: GetEntraUsersDetails.ps1
Script Highlights:
- The script automatically verifies and installs the Microsoft Graph PowerShell SDK module (if not installed already) upon your confirmation.
- Exports all users from Microsoft Entra.
- Allows exporting users that match the selected filters.
- Guest users
- Sign-in enabled users
- Sign-in blocked users
- License assigned users
- Users without any license
- Users without a manager
- Identifies recently created users in Microsoft Entra (e.g., within the last n days).
- Exports the report result to CSV.
- The script can be executed with an MFA enabled account too.
- It can be executed with Certificate-based Authentication (CBA) too.
- The script is schedular-friendly.
Export Microsoft 365 Users Report – Sample Output:
The exported ‘Entra users report’ looks like the screenshot below.
The script exports users along with the following most required attributes:
User principal name, Display name, User type, Sign-in status, License, Department, Job title, Country, Manager, Password last change date, Last sign-in date, Last non-interactive sign-in date, Creation time.
Microsoft 365 Users Report – Script Execution Methods
- Download the script.
- Start the Windows PowerShell.
- Select any of the methods provided to execute the script.
Method 1: Execute the script with MFA or non-MFA account
|
1 |
./GetEntraUsersDetails.ps1 |
Executing this script generates a comprehensive report of all Entra users in your Microsoft 365 tenant.
Method 2: Execute the script using certificate-based authentication.
Before you can connect Microsoft Graph PowerShell with certificate authentication, you’ll need to register the app in Entra ID. Based on your flexibility, you can obtain one from a certificate authority (CA) or create a self-signed certificate.
|
1 |
./GetEntraUsersDetails.ps1 -TenantId <TenantId> -ClientId <ClientId> -CertificateThumbprint <CertificateThumbprint> |
You can also schedule this script using Task Scheduler or Azure Automation to periodically export Entra users report.
Get All Entra Users Report – More Use Cases
The script provides granular Entra ID users report with flexible filtering options. Let’s look at the scenarios where this script proves especially useful.
- Find recently added users in Entra ID
- List guest users in Microsoft 365
- Get sign-in allowed Entra ID users
- Track down sign-in blocked users
- Identify license assigned users
- Obtain unlicensed Entra ID users
- Discover unmanaged users in Microsoft 365
- Generate more granular Entra ID users report
1. Find Recently Added Users in Entra ID
Regularly reviewing newly added users helps ensure that only authorized accounts are being created, and it aids in onboarding validation. To identify recently added users, execute the script with the -RecentlyCreatedUsers parameter along with the number of days.
|
1 |
./GetEntraIDUsersReport.ps1 -RecentlyCreatedUsers 30 |
This format exports a list of users who have been created in the last 30 days, helping you audit user creation activity. It’s useful for verifying the legitimacy of newly added users, especially in environments where delegated admins create accounts. If you notice any unusual user additions, you can check who created the users to confirm that it was added by an authorized admin.
2. List Guest users in Microsoft 365
Keeping track of guest users in your Microsoft 365 tenant is essential for security and access management. If you want to retrieve details of the guest users in Entra ID, run the script with the –GuestUsersOnly parameter as shown below.
|
1 |
./GetEntraIDUsersReport.ps1 -GuestUsersOnly |
The above execution will return the detailed M365 guest users report. This helps you monitor external user presence and cleanup of inactive guest users in your tenant.
Note: It’s important to monitor guest users’ membership to ensure they only have access to what’s necessary, reducing security risks.
3. Get Sign-in Allowed Entra ID Users
User accounts are generally disabled as a part of offboarding process. To ensure only current users have access to sign in, use the –EnabledUsersOnly parameter to export a report of sign-in enabled users in Microsoft 365.
|
1 |
./GetEntraIDUsersReport.ps1 -EnabledUsersOnly |
The output will provide essential details of sign-in allowed users in Microsoft 365 and help you track active users in your environment.
4. Track Down Sign-in Blocked Users
Identifying sign-in blocked users helps admins spot inactive, offboarded, or restricted user accounts. This improves security posture, optimizes license usage, and streamlines user management. To generate this report, run the script with the –DisabledUsersOnly parameter.
|
1 |
./GetEntraIDUsersReport.ps1 -DisabledUsersOnly |
This format will return all sign-in disabled users in your Microsoft Entra ID, helps you clean up old, unused accounts that may no longer be needed.
5. Identify Licensed Users
Since licenses grant access to Microsoft 365 services, knowing which users have licenses helps you monitor usage, avoid license wastage, and ensure everyone has the right services assigned. To get a clear view of users who consume Microsoft 365 licenses, run the script with the –LicensedUsersOnly parameter.
|
1 |
./GetEntraIDUsersReport.ps1 -LicensedUsersOnly |
This will provide a detailed M365 license assignment report, helping you ensure that license allocations are align with users’ needs.
6. Check Unlicensed Entra ID Users
Unlicensed users may indicate inactive or misconfigured user accounts. Use the -UnlicensedUsersOnly parameter to find users without any Microsoft 365 license.
|
1 |
./GetEntraIDUsersReport.ps1 -UnlicensedUsersOnly |
The report will show you the non-billable user accounts and helps you determine whether to deactivate them or assign a license.
7. Discover Unmanaged Users in Microsoft 365
In large organizations with several tiers of management, it’s essential for each employee to have a clearly defined position in the organization chart to maintain accountability. When Entra ID users lack manager, they can be overlooked, potentially resulting in compliance gaps and administrative oversights.
Therefore, run this script with the –UnmanagedUsers parameter to find the users without a manager in your Microsoft 365.
|
1 |
./GetEntraIDUsersReport.ps1 -UnmanagedUsers |
This format will return all unmanaged Microsoft 365 users, helping fill gaps in the organizational hierarchy by assigning a manager where needed and restoring clarity to reporting structures.
8. Generate More Granular Entra ID Users Report
In addition to the above use cases, you can also apply multiple filters. Here are some examples.
- View license assigned to the sign-in blocked users and reclaim & reuse them for new or active users.
1./GetEntraIDUsersReport.ps1 -LicensedUsersOnly -DisabledUsersOnly - Find recently added guest users in Microsoft 365 to stay informed and in control of who’s coming into your digital space.
1./GetEntraIDUsersReport.ps1 -GuestUsersOnly –RecentlyCreatedUsers 7 - Identify guest users without a manager to reduce the risk of unmanaged access to resources in Microsoft 365.
1./GetEntraIDUsersReport.ps1 -GuestUsersOnly –UnmanagedUsers
We hope this blog helps you streamline your Entra ID user management and gain better visibility into users across your Microsoft 365 environment. Run the script today to identify inactive, unlicensed, or unmanaged accounts, and take control of your users. If you have any questions or need further guidance, feel free to drop them in the comments!
