How to find empty groups in Microsoft Entra ID

Empty groups in Microsoft Entra ID (formerly Azure Active Directory) can arise due to accidental creations or by doing a group cleanup. These groups create clutter and confusion in your environment if left unmanaged.

Microsoft Entra ID currently does not offer any method to find empty groups, which leads administrators to resort to PowerShell scripts. However, M365 Manager Plus, a holistic M365 administration and security solution, enables users to find those empty groups script-free in just a few clicks.

The table below compares how you can find empty groups using PowerShell and M365 Manager Plus.

PowerShell

Steps to find empty Microsoft Entra ID groups using PowerShell:

Execute the following script in PowerShell by importing the Microsoft Graph module.

    # Import the Microsoft Graph module
    Import-Module Microsoft.Graph
    # Authenticate with Microsoft Graph
    Connect-MgGraph -Scopes "Group.Read.All"
    # Get all groups
    $allGroups = Get-MgGroup -All
    # Find and display empty groups
    $emptyGroups = $allGroups | Where-Object { IsGroupEmpty($_.Id) }
    $emptyGroups | Select-Object DisplayName, Id

Copied

Click to copy entire script

M365 Manager Plus

Steps to find empty Microsoft Entra ID groups in M365 Manager Plus:

Navigate to Reports > Azure Active Directory > Group Reports.
Under Member Based Reports, click Empty Groups.
Select your tenant from the drop-down option and click Generate Now.

What to do after you find empty groups

After getting the list of empty groups, it makes sense to delete them so you can declutter your environment.

In Microsoft Entra ID, you'll need to navigate to Identity > Groups > All groups and search for each inactive group individually to delete them.

On the contrary, M365 Manager Plus enables you to automate the entire process of finding inactive users and deleting them in bulk, helping you save time and repetitive effort.

Follow the steps below to automate empty group cleanup in M365 Manager Plus:

Navigate to Automation > Create New Automation.
Select Delete Groups as the task.
Select Empty Groups as the report from which the objects will be imported from.
Select the frequency at which the automation must be run.
Click Save.

Limitations of using PowerShell and Microsoft Entra ID to clear empty groups

Only users with PowerShell knowledge can execute the command.
PowerShell scripts take time and affect your productivity.
Microsoft Entra ID doesn't allow you to delete multiple inactive groups in bulk.
The user requires at least the Group Administrator role to perform delete operations.

Benefits of using M365 Manager Plus

Delete multiple empty groups in bulk and eliminate repetitive actions.
Manage groups, users, mailboxes, sites, and contacts effortlessly without PowerShell scripting.
Gain a thorough understanding of your environment in Microsoft Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, and other Microsoft 365 services with detailed reports from a single console.
Delegate granular permissions to technicians without elevating their Microsoft 365 privileges, and create custom roles with any combination of reporting, management, and auditing tasks.
Monitor the health and performance of Microsoft 365 features and endpoints around the clock.

Effortlessly schedule and export reports on your Microsoft 365 environment.

Try now for free