Azure Entra IDMicrosoft Entra ID (formerly Azure Active Directory) version 2 cmdlets for group management
Microsoft Entra ID (formerly Azure Active Directory) version 2 cmdlets for group management
Administrators can manage Microsoft Entra ID groups with PowerShell cmdlets. To perform these actions, you need to download the Microsoft Graph PowerShell module and connect to your PowerShell session in the directory you want to manage before you start managing groups using Microsoft Graph Group PowerShell cmdlets.
The table below compares group management in Microsoft Entra ID using PowerShell cmdlets and M365 Manager Plus.
Microsoft Entra ID
- Retrieving groups
To retrieve existing groups from your directory, use the Get-MgGroups cmdlet.
To retrieve all groups in the connected directory, use the cmdlet without any parameters.
You can also search for a specific group using the -filter parameter, which takes an ODATA filter clause and returns all groups that match that filter.
PS C:\Windows\system32> Get-MgGroup -Filter "DisplayName eq 'Intune Administrators'"
Copied - Creating groups
Use the New-MgGroup cmdlet to create a new group in your connected directory.
$param = @{ description="My Demo Group" displayName="DemoGroup" mailEnabled=$false securityEnabled=$true mailNickname="Demo" } New-MgGroup @paramCopied - Updating groups
Use the Update-MgGroup cmdlet to update an existing group.
PS C:\Windows\system32> Update-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b -Description "Demo Group Updated"
Copied - Deleting groups
Use the Remove-MgGroup cmdlet to delete groups from the connected directory.
PS C:\Windows\system32> Remove-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b
Copied - Managing group membership
Use the Add-MgGroupMember cmdlet to add new members to a group.
PS C:\Windows\system32> New-MgGroupMember -GroupId f76cbbb8-0581-4e01-a0d4-133d3ce9197f -DirectoryObjectId a88762b7-ce17-40e9-b417-0add1848eb68
CopiedUse the Get-MgGroupMember cmdlet to get the existing members of a group.
PS C:\Windows\system32> Get-MgGroupMember -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4
CopiedUse the Remove-MgGroupMember to remove a member that was added to as group.
PS C:\Windows\system32> Remove-MgGroupMemberByRef -DirectoryObjectId 053a6a7e-4a75-48bc-8324-d70f50ec0d91 -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4
CopiedUse the Select-MgGroupIdsUserIsMemberOf cmdlet to verify the group memberships of a user.
PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
Copied - Managing owners of groups
Use the New-MgGroupOwner cmdlet to add owners to a group.
PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
CopiedUse the Get-MgGroupOwner cmdlet to retrieve the owners of a group.
PS C:\Windows\system32> Get-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497
CopiedUse the Remove-MgGroupOwnerByRef cmdlet to remove an owner from a group.
PS C:\Windows\system32> Remove-MgGroupOwnerByRef -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
Copied - Disabling group creation
You can restrict non-administrative users from creating security groups within your directory for security purposes. Microsoft Online Directory Services (MSODS) allows non-admin users to create groups by default
Install-Module Microsoft.Graph.Beta.Identity.DirectoryManagement Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement $params = @{ TemplateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" Values = @( @{ Name = "EnableGroupCreation" Value = "false" } ) } Connect-MgGraph -Scopes "Directory.ReadWrite.All" New-MgBetaDirectorySetting -BodyParameter $paramsCopied
M365 Manager Plus
- Steps to retrieve a group in M365 Manager Plus
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Reports tab > Azure Active Directory > Group Reports > All Groups.
- You can view all the groups in your organization, the group type, the group ID, and more.
- Use the search option to filter out the report
- Steps to create a group in M365 Manager Plus
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Management tab > Azure Active Directory > Group Management > Single Group Creation > Microsoft365 Group Creation .
- Select the required Microsoft 365 tenant and the template you prefer.
- Add other information that is needed, such as the group name, members, and owner.
- Click onApplyto create a new group.
- You can also create groups in bulk using the Bulk Group Creation management tasks.
- Steps to modify groups in bulk in M365 Manager Plus
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Management tab > Azure Active Directory > Group Management > Bulk Group Modification.
- You can choose to modify the group custom attributes, add or remove owners, and more.
- There are more than 10 tasks that you can choose from.
- Steps to delete groups in bulk in M365 Manager Plus
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Management tab > Azure Active Directory > Group Management > Bulk Group Modification > Delete Groups .
- Select the groups you want to delete. You can also import a CSV file of the group(s). Click on Find.
- Click on Apply to delete the selected groups.
- Steps to update group membership in M365 Manager Plus:
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Management tab > Azure Active Directory > Group Member Management > Add/Remove Group Membership using CSV.
- Select the Microsoft 365 Tenant and upload a CSV file with the required groups and members.
- Click on Apply to add or remove the members.
- You can also choose the Modify Microsoft 365 Group Members task.
- You can add and remove users to groups in this task.
- Steps to update owners of groups in bulk in M365 Manager Plus:
- Sign in to M365 Manager Plus as Administrator.
- Navigate to the Management tab > Azure Active Directory > Bulk Group Modification .
- You can choose to add or remove owners from Microsoft 365 groups, distribution groups, dynamic distribution groups, security groups, and mail enabled security groups.
- Select the owner(s) you want to add or remove, choose the add or remove function, the Microsoft 365 tenant and the respective group.
- Click on Apply to perform the action.
Reserved aliases
When a group is created, specific endpoints enable end users to designate a mailNickname or alias for the group's email address. Groups with the following privileged email aliases can be created by only by a Microsoft Entra Global Administrator.
- abuse
- admin
- administrator
- hostmaster
- majordomo
- postmaster
- root
- secure
- security
- ssl-admin
- webmaster
Limitations of using Entra ID admin center
- Administrators should have the required role to access individual native admin centers and execute tasks in them.
- Microsoft 365 does not allow bulk group management.
Benefits of using M365 Manager Plus for Entra ID group management
- Easily manage your organization's Microsoft 365 licenses in bulk or individually from a single console.
- Generate pre-built, intuitive reports and keep an eye on the license usage.
- Assign tasks to any technician without needing to grant them elevated native privileges.
- Manage users, mailboxes, groups, and contacts in bulk.
- Keep an eye on various Microsoft 365 services such as Exchange Online, Azure Active Directory, SharePoint Online, and OneDrive for Business with pre-configured reports.
- Automate report generation and various repetitive management tasks to save time and effort.
- Keep a check on your Microsoft 365 services' health and performance with 24/7 monitoring.
- Track all the activities happening in your organization with detailed audit reports.
- Delegate custom roles to help desk technicians and reduce the administrator's workload.
Perform effortless license management.
Streamline your Microsoft 365 governance and administration with M365 Manager Plus
Get Your Free TrialRelated Resources
-
Entra ID administration
- How to create custom roles in Microsoft Entra ID
- How to setup SSO in Microsoft Entra ID
- How to configure Conditional Access in Microsoft Entra ID
- What is Microsoft Entra ID?
- What are Microsoft Entra ID administrative units
- How to configure external authentication methods in Microsoft Entra ID
- How to set up self-service group management in Entra ID
- How to takeover unmanaged directory as administrator
- How to change authentication type of subdomain
- What is self-service signup in Entra ID
- Delete a tenant in Microsoft Entra ID
- Manage custom domain names in Microsoft Entra ID
- Multi-tenant organization interaction
-
Entra ID auditing and reporting
-
Entra ID bulk user management
-
Entra ID dynamic groups
-
Entra ID group management
- How to enforce naming policy on Microsoft 365 groups in Entra ID
- How to clean up resources related to all user groups
- How to create basic groups and add members in Entra ID
- Group management cmdlets
- How to add group to another group in Entra ID
- How to delete a group in Entra ID
- How to remove a group from another group in Entra ID
- Check import status
- Edit group settings in Entra ID
- Migrate users with individual licenses to groups
- Restore deleted groups in Microsoft Entra ID
- Set expiration for Microsoft 365 groups in Entra ID
-
Entra ID group membership
- How to utilize Microsoft Entra groups in Entra ID
- How to add group members in Entra ID
- How to add group owners in Microsoft Entra ID
- How to add or remove group member automatically in Entra ID
- How to create group of guest users using native admin center
- How to manage groups and group memberships in Entra ID
- How to remove guests from all user groups in Entra ID
- How to utilize groups and administrator roles in Entra ID
- Add or remove a group from another group in Entra ID
- Bulk group members addition in Entra ID
- Bulk remove group members from Entra ID groups
- How to remove members/owners of a group in Entra ID
-
Entra ID group reports
-
Entra ID license management
- How to automate inactive license management for Entra ID users
- How to change license assignments for user in Entra ID
- How to assign licenses to groups in Entra ID
- How to leverage group-based licensing for optimizing license management in Entra ID
- License assignment troubleshooting
- Assign licenses in Microsoft Entra ID
- Azure AD license membership modification
- Remove licenses in Microsoft Entra ID
- View license plans and details in Microsoft Entra ID
-
Entra ID User management
- How to manage permissions using access reviews in Microsoft Entra ID
- How to restrict guest access permissions in Entra ID
- How to clean up unmanaged Microsoft Entra accounts
- How to assign custom security attributes to users in Entra ID
- How to clean up stale accounts using access reviews
- How to share accounts with Entra ID
- How to update custom security attributes to users in Entra ID
- Add guest users
- Add users to Azure AD
- Assign user roles with Entra ID
- Close user account in an unmanaged Microsoft Entra organization
- How to revoke user access in Microsoft Entra ID using PowerShell
- Microsoft 365 delete users
- Remove custom security attribute assignments from users
-
Entra ID user reports
- How to monitor risky sign-ins in Microsoft Entra ID
- License usage reports in Microsoft Entra ID
- How to get the last logon date of users in Microsoft Entra ID
- How to view Microsoft 365 login attempts using PowerShell and Microsoft Entra ID
- How to report the MFA status for users in Microsoft Entra ID
- How to monitor recently created users in Entra ID
- Track password changes by admins in Microsoft Entra ID
- How to monitor user role changes in Entra ID
- How to track self-service password resets in Microsoft Entra ID
- How to create custom sign-in reports in Entra ID
- How to find deleted users in Entra ID
- How to verify deleted users in Entra ID
- Filter users based on custom security attributes
- Download Microsoft 365 user list
-
Entra ID workbooks
- How to create custom Microsoft Entra ID workbooks
- What are Microsoft Entra ID workbooks
- How to handle privilege escalation in Microsoft Entra ID
- How to monitor risky sign-ins using Microsoft Entra ID workbooks
- How to monitor your Microsoft 365 MFA setup using Entra ID workbooks
- How to audit for app permission threats with Microsoft Entra workbooks
- Conditional Access Gap Analyzer workbook in Microsoft Entra ID
-
Exchange Online administration
- How to change deleted items retention for Exchange Online mailboxes
- How to change the branding of clutter notifications in Exchange Online
- How to configure message delivery restrictions for Exchange Online mailboxes
- How to configure moderated recipients in Exchange Online
- How to create user mailboxes in Exchange Online
- How to enable and disable MAPI for a mailbox in Exchange Online
- How to enable or disable Outlook on the web for a mailbox in Exchange Online
- How to manage mail contacts in Exchange Online
- How to manage permissions for recipients in Exchange Online
- How to manage resource mailbox in Exchange Online
- How to save sent items in a delegators mailbox in Exchange Online
- How to create and edit shared mailboxes in Exchange Online
- How to add or remove email address for a mailbox in Exchange Online
- How to configure email forwarding for a mailbox in Exchange Online
- How to convert a mailbox in Exchange Online
- How to delete or restore user mailboxes in Exchange Online
- How to manage user mailboxes in Exchange Online
-
Exchange Online groups
- Create and manage groups in Exchange admin center in Exchange Online
- How to create and manage distribution list groups in Exchange Online
- How to create and manage dynamic distribution list groups in Exchange Online
- How to create distribution group naming policy in Exchange Online
- How to manage guest access to Microsoft 365 groups in Exchange Online
- How to manage role groups in Exchange Online
- How to override the distribution group naming policy in Exchange Online
- How to view members of a distribution group in Exchange Online
-
Microsoft Teams
-
Public Folders
- Create public folder calendar in Exchange Online
- How to restore deleted public folder in Exchange Online
- How to setup public folders in new organization
- Migrate public folders to Microsoft 365 groups in Exchange Online
- Recover deleted public folder mailbox in Exchange Online
- How to mail-enable and mail-disable public folders in Exchange Online