Checking for Sign-In Enabled M365 Users Using Graph PowerShell

Managing user accounts in Microsoft 365 is crucial for ensuring that only authorized users can access your organization's resources. In this article, we will explore how to use Graph PowerShell to check for sign-in enabled users in Microsoft 365. We will provide a script, explain how it works, suggest enhancements, and discuss possible errors and their solutions.


Script for Checking Sign-In Enabled M365 Users

Below is a Graph PowerShell script that retrieves all users where the AccountEnabled property is set to True (sign-in enabled).

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

# Get all users where the account is enabled (sign-in allowed)
$enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true" -Property Id, DisplayName, UserPrincipalName

# Display the users
$enabledUsers | Select-Object Id, DisplayName, UserPrincipalName

Script Output



How the Script Works

  1. Connect to Microsoft Graph: This command establishes a connection to Microsoft Graph with the required permissions (User.Read.All in this case). Ensure you have the appropriate permissions to run this command.
  2. Get-MgUser: This command retrieves all users from Microsoft 365 where the AccountEnabled property is True. The -All parameter ensures that all matching users are fetched and the -Filter parameter is used to filter the users based on the accountEnabled attribute.
  3. Select-Object: This command formats the output to display only the Id, DisplayName, and UserPrincipalName properties of the users.

Enhancing the Script

The script can be further enhanced to meet additional requirements. Here are a few suggestions:

  • Exporting Results to a CSV File: To export the results to a CSV file, you can add the Export-Csv cmdlet.
  • # Export the users to a CSV file
    $enabledUsers | Select-Object Id, DisplayName, UserPrincipalName | Export-Csv -Path "EnabledUsers.csv" -NoTypeInformation
  • Including Additional Properties: You may want to include more user properties in the output, such as Department, JobTitle, or SignInActivity.
  • $enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true" -Property Id, DisplayName, UserPrincipalName, Department, JobTitle, SignInActivity
  • Filtering by Additional Criteria: You can add more filters to narrow down the results. For example, filtering users by department or job title.
  • $enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true and department eq 'IT'" -Property Id, DisplayName, UserPrincipalName, Department, JobTitle

Possible Errors and Solutions

Error: Insufficient Permissions

Solution: Ensure you have the necessary permissions (User.Read.All) when connecting to Microsoft Graph. You might need to request these permissions from your administrator.

Connect-MgGraph -Scopes "User.Read.All"

Error: Cmdlet Not Recognized

Solution: Ensure you have installed the Microsoft Graph PowerShell module. If not, install it using the following command:

Install-Module -Name Microsoft.Graph -Scope CurrentUser

Error: Authentication Issues

Solution: Ensure you are authenticated correctly. You might need to re-authenticate by running the Connect-MgGraph command again.

Connect-MgGraph -Scopes "User.Read.All"

Conclusion

Using Graph PowerShell to manage and retrieve user information in Microsoft 365 can significantly streamline your administrative tasks. The provided script helps you check for sign-in enabled users, ensuring that only authorized users have access to your organization's resources. By enhancing the script, you can tailor it to meet specific needs and generate detailed reports. Always ensure you have the necessary permissions and the latest Microsoft Graph PowerShell module installed to avoid common errors.


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex