Top 8 Graph PowerShell Scripts for M365 Management
Managing Microsoft 365 (M365) environments efficiently is crucial for IT administrators. Graph PowerShell scripts offer powerful automation capabilities to streamline your workflow, save time, and reduce human error. In this post, we will explore the top 10 Graph PowerShell scripts that every M365 admin should have in their toolkit.
Introduction to Graph PowerShell
What is Graph PowerShell?
Graph PowerShell is a module that provides cmdlets for managing M365 services using the Microsoft Graph API. It allows you to automate and streamline various administrative tasks, such as user and group management, license assignment, and reporting.
Benefits of using Graph PowerShell for M365 management
- Efficiency: Automate repetitive tasks to save time and effort.
- Consistency: Ensure consistent execution of administrative tasks.
- Scalability: Manage large-scale M365 environments with ease.
- Integration: Seamlessly integrate with other systems and workflows.
Script 1 – User Management
This script retrieves a list of all users in your M365 environment along with their last login time.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the User.Read.All permission.
- Retrives the user information (including the lastSignInDateTime property), formats the output and displays it on the console.
Example use case: Use this script to monitor user activity and identify inactive accounts for potential cleanup.
Script 2 – Adding Groups
This script creates multiple M365 groups by importing group details from CSV file. Your CSV file should atleast contain the GroupName header for the script to work.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the Group.ReadWrite.All permission.
- Uses Import-Csv cmdlet to import the group details from CSV file.
- Loops through the fetched details and creates a M365 group for every row in CSV file.
Example use case: Use this script to quickly set up new groups with the required properties.
Script 3 – Adding Members to Groups
This script imports a list of users from the CSV file and adds them to the Microsoft 365 group. Your CSV file should contain GroupId and the UserId headers and the corresponding values.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the Group.ReadWrite.All permission.
- Fetches the User IDs from the CSV file and adds them to the M365 Group using New-MgGroupMember cmdlet
Example use case: Use this script to quickly add members to Microsoft 365 groups.
Script 4 – License Assignment
This script loops through all the users in your Microsoft 365 tenant and assigns licenses to users who haven't been assigned the M365 license.
This script does the following:
- Connect-MgGraph: This cmdlet connects your PowerShell session to Microsoft Graph.
- -Scopes: Specifies the permissions that the script needs to operate. User.ReadWrite.All allows the script to read and modify all user profiles. Directory.ReadWrite.All provides access to read and modify directory data. These scopes are necessary for managing user licenses.
- Assign-License function takes two parameters: userId (the ID of the user) and licenseSkuId (the SKU ID of the license to assign).
- $licenseToAdd is a hashtable storing the SKU ID of the license to be added and an empty array for DisabledPlans (indicating no specific sub-features of the license are to be disabled).
- $licensesToModify is a hashtable that includes arrays for licenses to add and remove. Here, it’s set to add the license defined in $licenseToAdd and remove none.
- Convert to JSON: Converts the hashtable to a JSON format string, which is required for the Set-MgUserLicense cmdlet.
- Set-MgUserLicense: Cmdlet that assigns user license when -UserId and -BodyParameter (which contains license details) are passed to it.
- Write-Host: Prints a message to the console indicating that the license has been assigned.
- $licenseSkuId contains your Microsoft 365 license ID.
- $users contains all your M365 tenant users retrieved using Get-MgUser -All cmdlet.
- Next you loop through all the user to check their license status.
- A nested foreach loop checks for assignedLicenses property. If it contains the license SkuID, then the script prints out "User is already licensed" message. If not, the Assign-License function is called and the userId and licenseId are passed as parameters. Assign-License function uses Set-MgUserLicense cmdlet to assign the license to the unlicensed users.
Example use case: Automate license assignments to ensure users have the necessary tools for their roles.
Script 5 – External User Invitations
This script sends invitations to external users to join your M365 tenant.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the User.Invite.All permission.
- Stores the email ids of users to be invited in $externalUsers PowerShell variable.
- Loops through $externalUsers and executes New-MgInvitation cmdlet to send out M365 tenant invitations.
Example use case: Easily invite external partners or clients to collaborate within your M365 environment.
Script 6 – Teams Channel Creation
This script creates new channels in the specified Microsoft Team.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the Group.ReadWrite.All and Channel.Create permission.
- Stores the team id you provide in the $teamId PowerShell variable. Stores a list of channel names you provide in the $channels PowerShell variable.
- Loops through $channels and executes New-MgTeamChannel cmdlet to create the channels you specified in the team.
Example use case: Quickly set up new channels for project management or team collaboration.
Script 7 – Security Group Membership Audit
This script audits the membership of all security groups and exports the details to a CSV file.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the Group.Read.All and Channel.Create permission.
- Uses Get-MgGroup cmdlet and filters for security enabled groups and stores it in $groups PowerShell variable.
- Loops through the fetched security enabled groups and fetches members of these groups using Get-MgGroupMember cmdlet.
- The fetched results are stored in $report PowerShell variable and exported to CSV file.
Example use case: Audit and document the membership of security groups for compliance and security reviews..
Script 8 – Conditional Access Policy Reporting
This script generates a report of all conditional access policies in the organization.
This script,
- Installs the Microsoft Graph PowerShell module if not already installed
- Then connects to Microsoft Graph PowerShell module with the Policy.Read.All permission.
- Uses Get-MgIdentityConditionalAccessPolicy to fetch all the conditional access policies configured for your tenant.
- Selects DisplayName, State, Conditions and Grant Controls properties of the fetched policies and exports these details to CSV file.
Example use case: Generate reports to review and audit conditional access policies regularly.
Related Articles:
Connect to Microsoft 365 Using PowerShellHow to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell