🔧 New: User Management Graph PowerShell Toolkit
Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.
🚀 Launch ToolkitGenerate a Teams Messaging Policy Report Using Graph PowerShell
Microsoft Teams administrators often need to verify if team members have the ability to edit or delete their messages. Doing this manually through the Teams Admin Center or by individually querying each team through Graph PowerShell can be frustrating and time-consuming—especially in tenants with a large number of teams.
This Graph PowerShell script provides a centralized report by looping through all Teams in your tenant and fetching their message settings. It eliminates the admin pain point of reviewing these settings one team at a time and delivers the results in a clean, readable format.
The Script
Connect-MgGraph -Scopes "TeamSettings.Read.All"
# Get all Teams (Unified Groups with Teams provisioned)
$teams = Get-MgGroup -Filter "resourceProvisioningOptions/Any(x:x eq 'Team')" -All
foreach ($team in $teams) {
try {
$teamSettings = Get-MgTeam -TeamId $team.Id
$teamName = $team.DisplayName
$editSetting = $teamSettings.MessagingSettings.AllowUserEditMessages
$deleteSetting = $teamSettings.MessagingSettings.AllowUserDeleteMessages
Write-Output "Team: $teamName"
Write-Output " Allow User Edit Messages: $editSetting"
Write-Output " Allow User Delete Messages: $deleteSetting"
Write-Output ""
}
catch {
Write-Warning "Failed to retrieve settings for team: $($team.DisplayName)"
}
}
💡 Note: Ensure you are connected to Microsoft Graph with the appropriate scope: TeamSettings.Read.All
How the Script Works
- Step 1: Establishes a Graph PowerShell session with Connect-MgGraph, scoped to read Teams settings.
- Step 2: Uses Get-MgGroup to retrieve all groups that are Microsoft Teams-enabled.
- Step 3: Loops through each of those teams.
- Step 4: Queries each team's settings using Get-MgTeam -TeamId
. - Step 5: Extracts and displays:
- Whether users can edit messages.
- Whether users can delete their own messages.
- Step 6: If any query fails (e.g., due to insufficient permissions or corrupted team info), it logs a warning.
Further Enhancements
You can take this script further by:
- Exporting the report to a CSV file for documentation or audits.
- Adding team description and group owner details.
- Extending the report to include channel and member settings for full visibility.
- Creating a scheduled task to run this weekly or monthly for compliance tracking.
Possible Errors & Solutions
| Error | Cause | Solution |
| Failed to retrieve settings for team: | Missing permissions or API failure | Ensure the app has TeamSettings.Read.All or higher, and you’re using the latest Graph PowerShell SDK |
| Get-MgTeam : Insufficient privileges | Lack of permission consent | Consent to Graph API permissions at the tenant level |
| Empty Output for Some Teams | Settings not provisioned or legacy teams | Cross-check if those teams are fully provisioned and active |
Conclusion
This Graph PowerShell script helps admins quickly audit messaging permissions across all Microsoft Teams in a tenant. Instead of jumping from one team to another in the Teams Admin Center, this script provides a consolidated view—making governance easier, faster, and more reliable.
Let this become a part of your regular audit routine or use it as a foundation for building more powerful Teams compliance reports.