M365Corner
M365 PowerShell

Using Where-Object In Graph PowerShell

The Where-Object cmdlet in PowerShell is used for filtering data based on certain conditions. When you are working with Microsoft Graph PowerShell, you can use Where-Object to filter objects returned from Graph API queries based on their properties. This is particularly useful for narrowing down results to match specific criteria, especially when dealing with large sets of data from Microsoft Graph.


Basic Syntax

Here’s the basic syntax:  Get-Command | Where-Object {$_.CommandType -eq 'Cmdlet'}
Get-Command retrieves all commands, and Where-Object filters these commands to include only those whose CommandType property is 'Cmdlet'.


Find Users by Job Title

If you want to retrieve users who have a specific job title, such as "Software Developer", you can do the following: Get-MgUser -Filter "jobTitle eq 'Software Developer'"

Note: When possible, it's more efficient to use the -Filter parameter that some Microsoft Graph PowerShell cmdlets support, as it processes the filter on the server side rather than retrieving all objects and filtering them client-side with Where-Object.



Find All Unified Groups

To find active Microsoft Teams in your tenant, execute the following command: Get-MgGroup -All | Where-Object {$_.GroupTypes -contains "Unified" -and $_.MailEnabled-eq $true}

PowerShell script identifying active Microsoft Teams with Where-Object

This example fetches all groups and filters to find only those that are Unified Groups (which include Teams) and are mail-enabled.



Find Users by License

You should run the following command:  Get-MgUser -All -Select "DisplayName, AssignedLicenses" | Where-Object {$_.AssignedLicenses.SkuId -contains "c42b9cae-ea4f-4ab7-9717-81576235ccac"}. In this, replace "c42b9cae-ea4f-4ab7-9717-81576235ccac" with the actual SKU ID of the license you're looking for. This command fetches all users and filters them to find only those with an assigned license that matches the specified SKU ID.

PowerShell command filtering users by assigned license SKU ID

Note: Run Get-MgSubscribedSku -All to get all the license IDs available within your tenant.


Tips for Using Where-Object with Microsoft Graph PowerShell

  • Efficiency: Always use filtering parameters provided by cmdlets like -Filter when available, as it reduces the data transmitted over the network.
  • Syntax: Remember that the script block for Where-Object uses $_ to reference each object in the pipeline.
  • Properties: Ensure you know the properties of the objects you are dealing with. You might need to explore these using commands like Get-MgUser | Get-Member to understand what you can filter on.
  • When dealing with potentially large datasets, consider processing limits and the efficiency of your queries. Using the -All parameter can be resource-intensive and might slow down your script, especially in large environments. When possible, implement server-side filtering with -Filter.
  • For specific properties like AssignedLicenses or SignInActivity, make sure these properties are available in your specific Microsoft Graph environment, as availability can vary based on API version and your organizational settings.
  • Use Where-Object when the Graph API doesn't support a specific OData filter:Some properties (like nested or complex ones) may not be filterable directly via the -Filter parameter. In such cases, pull all data using -All and use Where-Object for local filtering.
  • Consider performance trade-offs when using Where-Object:Using Where-Object means fetching more data from Microsoft Graph and then filtering locally, which may impact performance and throttle limits. If a property supports OData filtering, prefer -Filter over Where-Object to reduce data volume.

Frequently Asked Questions (FAQs)

  • What is the Where-Object cmdlet used for in Graph PowerShell?
    The Where-Object cmdlet is used to filter objects based on specified conditions. It helps refine results when working with Microsoft Graph PowerShell by selecting only the items that meet certain criteria.
  • How is Where-Object different from the -Filter parameter?
    The -Filter parameter is processed server-side, making it more efficient as only relevant data is retrieved. Where-Object, on the other hand, filters results after fetching all the data, which can be slower but offers more flexibility.
  • Can I use multiple conditions with Where-Object?
    Yes, you can use multiple conditions by combining them with logical operators like -and or -or. 
    Get-MgUser | Where-Object { $_.Department -eq "IT" -and $_.JobTitle -eq "Admin" }
  • Can Where-Object be used with Graph PowerShell’s Get-MgUser cmdlet?
    Yes, it can be used to filter users based on attributes like department, job title, or last sign-in activity. 
    Get-MgUser -All | Where-Object { $_.UserPrincipalName -like "*@yourdomain.com" }
  • What’s the best practice: Where-Object or -Filter?
    If the -Filter parameter is available, use it for better performance, as it reduces the amount of data retrieved. If -Filter isn’t supported or needs more complex logic, then use Where-Object
  • Can I use Where-Object in combination with Select-Object for filtering and formatting? Yes, Where-Object can be combined with Select-Object to first filter the results based on a condition and then display only the desired properties. 
    Get-MgUser -All | Where-Object { $_.Department -eq "HR" } | Select-Object DisplayName, UserPrincipalName
  • Is Where-Object case-sensitive in comparisons? By default, Where-Object comparisons like -eq, -ne, -like, etc., are case-insensitive. If you need case-sensitive comparisons, you can use the -ceq, -cne, -clike operators. 
    Get-MgUser -All | Where-Object { $_.JobTitle -ceq "Manager" }
💡 Fallback to Where-Object When Graph Cmdlets Don’t Support Filtering

Not all Microsoft Graph PowerShell cmdlets support the -Filter parameter. In such cases, use Where-Object to filter results after retrieving them — especially when applying custom logic or conditions on unsupported properties.
⚠️ Using Where-Object on Large Datasets Can Impact Performance

Since Where-Object filters data after it's been fetched, it can be slower and consume more memory — especially when working with large user lists, messages, or groups.

Prefer Graph-native filtering options like -Filter, -Search, or -Property when performance is critical.

Using Where-Object effectively with Microsoft Graph can help you manage and automate tasks related to Office 365 and other Microsoft services, making it a powerful tool in your PowerShell scripting arsenal.

Read Microsoft PowerShell Where-Object documentation for more info.


Related Articles:

Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex