Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.
🚀 Launch ToolkitManaging users effectively is at the heart of Microsoft 365 administration. Whether you’re handling license compliance, monitoring inactive accounts, or distinguishing guests from members, the Get-MgUser cmdlet in Microsoft Graph PowerShell is your go-to tool.
In this guide, we’ll walk through 10 practical reports you can generate using Get-MgUser. Each example includes ready-to-run PowerShell snippets so you can adapt them to your environment quickly.
Start with the simplest report: listing all users with their ID, display name, and UPN.
Get-MgUser -All -Property Id, DisplayName, UserPrincipalName |
Select-Object Id, DisplayName, UserPrincipalName |
Export-Csv "AllUsers.csv" -NoTypeInformation
✅ Use Case: Keep a master directory export of all users for reference or audits.
You can leverage the SignInActivity property to identify accounts that haven’t signed in recently.
Get-MgUser -All -Property DisplayName, UserPrincipalName, SignInActivity |
Where-Object { $_.SignInActivity.LastSignInDateTime -lt (Get-Date).AddDays(-90) } |
Select-Object DisplayName, UserPrincipalName, @{Name="LastSignIn";Expression={$_.SignInActivity.LastSignInDateTime}} |
Export-Csv "InactiveUsers.csv" -NoTypeInformation
✅ Use Case: Flag accounts inactive for 90+ days for review or deprovisioning.
Quickly separate licensed users from those without licenses.
# Retrieve all users and their assigned licenses
$allUsers = Get-MgUser -All -Property "Id,DisplayName,UserPrincipalName,AssignedLicenses"
# Filter licensed and unlicensed users
$licensedUsers = $allUsers | Where-Object { $_.AssignedLicenses.Count -gt 0 }
$unlicensedUsers = $allUsers | Where-Object { $_.AssignedLicenses.Count -eq 0 }
# Export licensed users
$licensedUsers | Select-Object DisplayName, UserPrincipalName, ID | Export-Csv "LicensedUsers.csv" -NoTypeInformation
# Export Unlicensed Users
$unlicensedUsers | Select-Object DisplayName, UserPrincipalName, ID | Export-Csv "UnlicensedUsers.csv" -NoTypeInformation
✅ Use Case: Ensure all active employees have the correct Microsoft 365 licenses.
Filter out external accounts by UserType.
Get-MgUser -All -Filter "UserType eq 'Guest'" -ConsistencyLevel eventual |
Select-Object DisplayName, UserPrincipalName |
Export-Csv "GuestUsers.csv" -NoTypeInformation
✅ Use Case: Audit external access and review if guest accounts should still exist.
Track accounts that are disabled but still present in the tenant.
Get-MgUser -All -Filter "accountEnabled eq false" -ConsistencyLevel eventual |
Select-Object DisplayName, UserPrincipalName |
Export-Csv "DisabledAccounts.csv" -NoTypeInformation
✅ Use Case: Cleanup or repurpose inactive user accounts.
Generate a report filtered by department.
Get-MgUser -All -Filter "Department eq 'Sales'" -ConsistencyLevel eventual |
Select-Object DisplayName, UserPrincipalName, Department |
Export-Csv "SalesDepartmentUsers.csv" -NoTypeInformation
✅ Use Case: Department-level reporting for HR or management.
Expand the Manager property to include reporting relationships.
Get-MgUser -All -ExpandProperty Manager -Property DisplayName, UserPrincipalName, Manager |
Select-Object DisplayName, UserPrincipalName, @{Name="Manager";Expression={$_.Manager.AdditionalProperties.displayName}} |
Export-Csv "UsersWithManagers.csv" -NoTypeInformation
✅ Use Case: Build organizational charts or review reporting structures.
While MFA settings aren’t directly exposed in Get-MgUser, you can check strong authentication methods through directory properties.
Get-MgUser -All -Property DisplayName, UserPrincipalName, StrongAuthenticationMethods |
Select-Object DisplayName, UserPrincipalName, StrongAuthenticationMethods |
Export-Csv "MFAStatus.csv" -NoTypeInformation
✅ Use Case: Identify users missing MFA methods for security enforcement.
Fetch email aliases and proxy addresses for migration or troubleshooting.
Get-MgUser -All -Property DisplayName, UserPrincipalName, ProxyAddresses |
Select-Object DisplayName, UserPrincipalName, ProxyAddresses |
Export-Csv "ProxyAddresses.csv" -NoTypeInformation
✅ Use Case: Useful for email migrations or resolving SMTP conflicts.
You can build tailored reports by combining multiple properties.
Get-MgUser -All -Property DisplayName, UserPrincipalName, Department, JobTitle, AccountEnabled | Select-Object DisplayName, UserPrincipalName, Department, JobTitle, AccountEnabled |
\Export-Csv "CustomUserReport.csv" -NoTypeInformation
✅ Use Case: Create role-specific reports for IT, HR, or compliance teams.
| Error | Cause | Solution |
|---|---|---|
| Property not found | Missing -Property parameter | Explicitly include required properties with -Property |
| Unsupported filter clause | Missing -ConsistencyLevel eventual | Add -ConsistencyLevel eventual when using filters |
| Insufficient privileges | Admin role doesn’t have required Graph API permissions | Assign roles like User Administrator or Reports Reader |
The Get-MgUser cmdlet isn’t just about fetching user details—it’s a powerful reporting tool that helps administrators stay on top of licensing, security, and compliance tasks. By adapting these 10 practical reports, you can streamline user management and automate critical checks in your Microsoft 365 environment.
Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.
Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.
© Your Site Name. All Rights Reserved. Design by HTML Codex