Managing user accounts in Microsoft 365 is crucial for ensuring that only authorized users can access your organization's resources. In this article, we will explore how to use Graph PowerShell to check for sign-in enabled users in Microsoft 365. We will provide a script, explain how it works, suggest enhancements, and discuss possible errors and their solutions.
Below is a Graph PowerShell script that retrieves all users where the AccountEnabled property is set to True (sign-in enabled).
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"
# Get all users where the account is enabled (sign-in allowed)
$enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true" -Property Id, DisplayName, UserPrincipalName
# Display the users
$enabledUsers | Select-Object Id, DisplayName, UserPrincipalName
Script Output
-All
parameter ensures that all matching users are fetched and the -Filter
parameter is used to filter the users based on the accountEnabled attribute.The script can be further enhanced to meet additional requirements. Here are a few suggestions:
# Export the users to a CSV file
$enabledUsers | Select-Object Id, DisplayName, UserPrincipalName | Export-Csv -Path "EnabledUsers.csv" -NoTypeInformation
$enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true" -Property Id, DisplayName, UserPrincipalName, Department, JobTitle, SignInActivity
$enabledUsers = Get-MgUser -All -Filter "accountEnabled eq true and department eq 'IT'" -Property Id, DisplayName, UserPrincipalName, Department, JobTitle
Error: Insufficient Permissions
Solution: Ensure you have the necessary permissions (User.Read.All) when connecting to Microsoft Graph. You might need to request these permissions from your administrator.
Connect-MgGraph -Scopes "User.Read.All"
Error: Cmdlet Not Recognized
Solution: Ensure you have installed the Microsoft Graph PowerShell module. If not, install it using the following command:
Install-Module -Name Microsoft.Graph -Scope CurrentUser
Error: Authentication Issues
Solution: Ensure you are authenticated correctly. You might need to re-authenticate by running the Connect-MgGraph command again.
Connect-MgGraph -Scopes "User.Read.All"
Using Graph PowerShell to manage and retrieve user information in Microsoft 365 can significantly streamline your administrative tasks. The provided script helps you check for sign-in enabled users, ensuring that only authorized users have access to your organization's resources. By enhancing the script, you can tailor it to meet specific needs and generate detailed reports. Always ensure you have the necessary permissions and the latest Microsoft Graph PowerShell module installed to avoid common errors.
© m365corner.com. All Rights Reserved. Design by HTML Codex