Direct Inward Dialing: +1 408 916 9890
Administrators can manage Microsoft Entra ID groups with PowerShell cmdlets. To perform these actions, you need to download the Microsoft Graph PowerShell module and connect to your PowerShell session in the directory you want to manage before you start managing groups using Microsoft Graph Group PowerShell cmdlets.
The table below compares group management in Microsoft Entra ID using PowerShell cmdlets and M365 Manager Plus.
Entra ID |
M365 Manager Plus |
---|---|
1. Retrieving groupsTo retrieve existing groups from your directory, use the Get-MgGroups cmdlet. To retrieve all groups in the connected directory, use the cmdlet without any parameters. You can also search for a specific group using the -filter parameter, which takes an ODATA filter clause and returns all groups that match that filter. PS C:\Windows\system32> Get-MgGroup -Filter "DisplayName eq 'Intune Administrators'" Copied
|
1. Steps to retrieve a group in M365 Manager Plus
|
2. Creating groupsUse the New-MgGroup cmdlet to create a new group in your connected directory. $param = @{ description="My Demo Group" displayName="DemoGroup" mailEnabled=$false securityEnabled=$true mailNickname="Demo" } New-MgGroup @param Copied
|
2. Steps to create a group in M365 Manager Plus
|
3. Updating groupsUse the Update-MgGroup cmdlet to update an existing group. PS C:\Windows\system32> Update-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b -Description "Demo Group Updated" Copied
|
3. Steps to modify groups in bulk in M365 Manager Plus
|
4. Deleting groupsUse the Remove-MgGroup cmdlet to delete groups from the connected directory. PS C:\Windows\system32> Remove-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b Copied
|
4. Steps to delete groups in bulk in M365 Manager Plus
|
5. Managing group membershipUse the Add-MgGroupMember cmdlet to add new members to a group. PS C:\Windows\system32> New-MgGroupMember -GroupId f76cbbb8-0581-4e01-a0d4-133d3ce9197f -DirectoryObjectId a88762b7-ce17-40e9-b417-0add1848eb68 Copied
Use the Get-MgGroupMember cmdlet to get the existing members of a group. PS C:\Windows\system32> Get-MgGroupMember -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4 Copied
Use the Remove-MgGroupMember to remove a member that was added to as group. PS C:\Windows\system32> Remove-MgGroupMemberByRef -DirectoryObjectId 053a6a7e-4a75-48bc-8324-d70f50ec0d91 -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4 Copied
Use the Select-MgGroupIdsUserIsMemberOf cmdlet to verify the group memberships of a user. PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867 Copied
|
5. Steps to update group membership in M365 Manager Plus:
|
6. Managing owners of groupsUse the New-MgGroupOwner cmdlet to add owners to a group. PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867 Copied
Use the Get-MgGroupOwner cmdlet to retrieve the owners of a group. PS C:\Windows\system32> Get-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 Copied
Use the Remove-MgGroupOwnerByRef cmdlet to remove an owner from a group. PS C:\Windows\system32> Remove-MgGroupOwnerByRef -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867 Copied
|
6. Steps to update owners of groups in bulk in M365 Manager Plus:
|
7. Disabling group creationYou can restrict non-administrative users from creating security groups within your directory for security purposes. Microsoft Online Directory Services (MSODS) allows non-admin users to create groups by default Install-Module Microsoft.Graph.Beta.Identity.DirectoryManagement Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement $params = @{ TemplateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" Values = @( @{ Name = "EnableGroupCreation" Value = "false" } ) } Connect-MgGraph -Scopes "Directory.ReadWrite.All" New-MgBetaDirectorySetting -BodyParameter $params Copied
|
When a group is created, specific endpoints enable end users to designate a mailNickname or alias for the group's email address. Groups with the following privileged email aliases can be created by only by a Microsoft Entra Global Administrator.
Perform effortless license management.