M365 PowerShell

New-MgGroup: How to Create Microsoft 365 Groups with Graph PowerShell

This guide covers how to use the New-MgGroup cmdlet in Microsoft Graph PowerShell to create Microsoft 365 groups. Learn to set properties like display name, mail nickname, and group type with examples for single and bulk creation

The New-MgGroup cmdlet in Microsoft Graph PowerShell is a powerful tool for creating Microsoft 365 Groups. This article will guide you through the prerequisites, syntax, usage examples, cmdlet tips and possible errors and solutions.

Prerequisites

Install the Microsoft Graph PowerShell module by running Install-Module Microsoft.Graph -Scope CurrentUser.
Connect to Microsoft Graph with the necessary permissions:
```
Connect-MgGraph -Scopes "Group.ReadWrite.All"
```

Syntax

The basic syntax of the New-MgGroup cmdlet is as follows:

New-MgGroup -DisplayName <String> -MailNickname <String> -GroupTypes <String[]> -MailEnabled <Boolean> -SecurityEnabled <Boolean>

Usage Examples

Example 1: Create a Security Group

New-MgGroup -DisplayName "Security Group 1" -MailNickname "SecGroup1" -SecurityEnabled -MailEnabled:$false

PowerShell command demonstrating how to create a security group named 'Security Group 1' with the mail nickname 'SecGroup1' using the New-MgGroup cmdlet.

Example 2: Create an Office 365 Group (Unified Group)

New-MgGroup -DisplayName "Office 365 Group 1" -MailNickname "O365Group1" -GroupTypes "Unified" -MailEnabled:$true

PowerShell command illustrating the creation of an Office 365 Group named 'Office 365 Group 1' with the mail nickname 'O365Group1' using the New-MgGroup cmdlet.

Example 3: Creating Multiple Office 365 Groups by Reading Data from a CSV File

You can create multiple Office 365 groups at once by reading group details from a CSV file. Here’s how you can do it:

CSV File Example:


    DisplayName,MailNickname,Description
    HR Team 1000,HRTeam1000,Group for HR 1000 department
    Sales Team 1000,SalesTeam1000,Group for Sales 1000 department
    IT Team 1000,ITTeam1000,Group for IT 1000 department

PowerShell Script:


    $groups = Import-Csv -Path "C:\Path\To\Groups.csv"

    foreach ($group in $groups) {
        $groupParams = @{
        DisplayName     = $group.DisplayName
        MailNickname    = $group.MailNickname
        Description     = $group.Description
        GroupTypes      = @("Unified")
        MailEnabled     = $true
        SecurityEnabled = $false
    }
        New-MgGroup -BodyParameter $groupParams
    }

Use Cases

Creating Groups for Departmental Collaboration:

Scenario: Each department within an organization requires its own dedicated Office 365 group to manage communications, file sharing, and collaboration.
Implementation: Use New-MgGroup to create groups for each department, ensuring they have the necessary resources like a shared mailbox, SharePoint site, and Planner.
Benefit: Streamlines the process of setting up structured collaboration environments for departments, improving communication and resource management.

Setting Up Project-Based Groups:

Scenario: For each new project, a dedicated Office 365 group is needed to facilitate collaboration among team members.
Implementation: Use New-MgGroup to create project-specific groups that can include internal members and external partners, with controlled access to files and communications.
Benefit: Enhances project management by providing a centralized space for all project-related activities, ensuring that only authorized users have access.

Automating Group Creation for New Teams::

Scenario: When new teams or departments are formed, creating their Office 365 groups manually can be time-consuming.
Implementation: Automate the creation of these groups using New-MgGroup, driven by a script that reads team details from a CSV file or database.
Benefit: Saves time and ensures that new teams have immediate access to necessary collaboration tools without manual intervention.

Cmdlet Tips

MailNickname: The MailNickname must be unique within your organization. Ensure you check for duplicates before running the cmdlet.
GroupTypes: For creating Office 365 Groups set -GroupTypes to "Unified". For security groups, you can omit this parameter or set it to @().
SecurityEnabled: Set to $true for security groups and $false for Office 365 Groups.
MailEnabled: Set to $true for Office 365 Groups and $false for security groups.

Possible Errors and Solutions

Error	Cause	Solution
Duplicate MailNickname Error:	Another object with the same value for property mailNickname already exists.	Ensure the MailNickname you are using is unique. You can check existing groups with the following command: Get-MgGroup -Filter "mailNickname eq 'MailNicknameToCheck'"
Authorization_RequestDenied	Insufficient privileges to complete the operation.	Ensure you have the required permissions by running: Connect-MgGraph -Scopes "Group.ReadWrite.All"
Duplicate Group Name	Attempting to create a group with a name that already exists within the tenant can result in an error.	Group names must be unique within the Microsoft 365 environment. Before creating a group, check for existing group names: `if (Get-MgGroup -Filter "DisplayName eq 'GroupName'" -All) { Write-Error "A group with the name 'GroupName' already exists." } else { New-MgGroup -DisplayName "GroupName" -MailNickname "GroupName" }`
Invalid GroupTypes Error:	Ensure you set the GroupTypes parameter correctly.	Use "Unified" for Office 365 Groups and omit or set it to @() for security groups.

Frequently Asked Questions

What is New-MgGroup used for?
New-MgGroup is a Microsoft Graph PowerShell cmdlet used to create Microsoft 365 groups. It allows specifying properties like display name, mail nickname, group type, and membership settings.

How can I create a new Microsoft 365 group?
Use the following script to create a group:

$Body = @{
    displayName = "New Group Name"
    mailNickname = "NewGroup"
    groupTypes = @("Unified")
    mailEnabled = $true
    securityEnabled = $false
}
New-MgGroup -BodyParameter $Body

Can I create multiple groups using a CSV file?
Yes, prepare a CSV file with the following format:

DisplayName,MailNickname,MailEnabled,SecurityEnabled
Group 1,Group1,$true,$false
Group 2,Group2,$true,$false

Use this script to process the CSV and create groups:

$Groups = Import-Csv -Path "C:\Path\To\File.csv"
    foreach ($Group in $Groups) {
        $Body = @{
            displayName = $Group.DisplayName
            mailNickname = $Group.MailNickname
            mailEnabled = [bool]::Parse($Group.MailEnabled)
            securityEnabled = [bool]::Parse($Group.SecurityEnabled)
            groupTypes = @("Unified")
        }
        New-MgGroup -BodyParameter $Body
    }

What permissions are required to create Microsoft 365 groups?
You need the Group.ReadWrite.All permission in Microsoft Graph PowerShell. Ensure the appropriate delegated or application permissions are granted.

How can I add owners to a Microsoft 365 group during its creation?
While the New-MgGroup cmdlet does not directly support adding owners during group creation, you can assign owners afterward using the New-MgGroupOwner cmdlet. Here's how

$groupParams = @{
    DisplayName     = "Project Team"
    MailNickname    = "projectteam"
    GroupTypes      = @("Unified")
    MailEnabled     = $true
    SecurityEnabled = $false
}
$group = New-MgGroup -BodyParameter $groupParams

# Add an owner to the group
New-MgGroupOwner -GroupId $group.Id -DirectoryObjectId "<OwnerObjectId>"

Can I create a dynamic membership group using New-MgGroup?
Yes, you can create a dynamic membership group by specifying a membership rule during the group's creation. Here's an example:

$groupParams = @{
    DisplayName                      = "Dynamic Group"
    MailNickname                     = "dynamicgroup"
    GroupTypes                       = @("Unified", "DynamicMembership")
    MailEnabled                      = $true
    SecurityEnabled                  = $false
    MembershipRule                   = '(user.department -eq "Sales")'
    MembershipRuleProcessingState    = "On"
}
New-MgGroup -BodyParameter $groupParams

What are the differences between security groups and Microsoft 365 groups created with New-MgGroup?
When creating groups with New-MgGroup, setting the GroupTypes parameter to @("Unified") creates a Microsoft 365 group, which includes collaboration features like shared mailboxes and SharePoint sites. Omitting the GroupTypes parameter or setting it to an empty array creates a security group, primarily used for assigning permissions to resources.

By understanding these aspects of the New-MgGroup cmdlet, administrators can effectively create and manage groups within their Microsoft 365 environments, tailoring them to meet organizational needs.

Adding Group Using Microsoft 365 Admin Center

Login into Microsoft 365 Admin Center
Select Groups >> Active Teams & Groups page. Click Add a Microsoft 365 group button.

Enter basic group details like Group Name and Group Description

Click "Assign Owners" >> Select the Group Owner >> Click "Add" button.

Click "Add Members" >> Select the Group Members >> Click "Add" button.

Specify group email address and group visibility (public or private) and click Next button.

Review the group details and click Create Group button.

⚠️ You Must Provide Both mailNickname and displayName

When creating a new group using New-MgGroup, both displayName and mailNickname are required.

If either of these properties is missing, the command will fail with a 400 Bad Request error.

💡 Control Group Behavior with mailEnabled and securityEnabled

The behavior and purpose of the group depends on how you set these two properties:

mailEnabled = $true and securityEnabled = $false → Microsoft 365 Group
mailEnabled = $false and securityEnabled = $true → Security Group
mailEnabled = $true and securityEnabled = $true → Mail Enabled Security Group

Set these values correctly to ensure you're provisioning the intended group type.

🔐 Security vs. Microsoft 365 Groups – Know the Difference

While both can be created using New-MgGroup, only Microsoft 365 Groups (with groupTypes set to "Unified") come with collaboration features like a shared mailbox, calendar, Planner, and Teams integration.

In contrast, Security Groups are primarily used for access management and permissions control within Azure AD and Microsoft 365 services.

Conclusion

The New-MgGroup cmdlet is a versatile and essential tool for managing Microsoft 365 Groups. By understanding its prerequisites, syntax, and usage you can efficiently create and manage groups within your organization. Remember to handle common errors and use cmdlet tips to streamline your group management tasks.

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell