Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

Microsoft Entra ID (formerly Azure Active Directory) version 2 cmdlets for group management

Administrators can manage Microsoft Entra ID groups with PowerShell cmdlets. To perform these actions, you need to download the Microsoft Graph PowerShell module and connect to your PowerShell session in the directory you want to manage before you start managing groups using Microsoft Graph Group PowerShell cmdlets.

The table below compares group management in Microsoft Entra ID using PowerShell cmdlets and M365 Manager Plus.

Entra ID

M365 Manager Plus

1. Retrieving groups

To retrieve existing groups from your directory, use the Get-MgGroups cmdlet.

To retrieve all groups in the connected directory, use the cmdlet without any parameters.

        PS C:\Windows\system32> Get-MgGroup -All
 Copied

Click to copy entire script

You can also search for a specific group using the -filter parameter, which takes an ODATA filter clause and returns all groups that match that filter.

        PS C:\Windows\system32> Get-MgGroup -Filter "DisplayName eq 'Intune Administrators'"
 Copied

Click to copy entire script

1. Steps to retrieve a group in M365 Manager Plus

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Reports  tab > Azure Active Directory > Group Reports > All Groups.
  3. You can view all the groups in your organization, the group type, the group ID, and more.
  4. Use the search option to filter out the report

2. Creating groups

Use the New-MgGroup cmdlet to create a new group in your connected directory.

        $param = @{
        description="My Demo Group"
        displayName="DemoGroup"
        mailEnabled=$false
        securityEnabled=$true
        mailNickname="Demo"
        }
        New-MgGroup @param
 Copied

Click to copy entire script

2. Steps to create a group in M365 Manager Plus

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Management tab > Azure Active Directory > Group Management > Single Group Creation > Microsoft365 Group Creation .
  3. Select the required Microsoft 365 tenant and the template you prefer.
  4. Add other information that is needed, such as the group name, members, and owner.
  5. Click onApplyto create a new group.
  6. You can also create groups in bulk using the Bulk Group Creation management tasks.

3. Updating groups

Use the Update-MgGroup cmdlet to update an existing group.

            PS C:\Windows\system32> Update-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b -Description "Demo Group Updated"
 Copied

Click to copy entire script

3. Steps to modify groups in bulk in M365 Manager Plus

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Management tab > Azure Active Directory > Group Management > Bulk Group Modification.
  3. You can choose to modify the group custom attributes, add or remove owners, and more.
  4. There are more than 10 tasks that you can choose from.

4. Deleting groups

Use the Remove-MgGroup cmdlet to delete groups from the connected directory.

            PS C:\Windows\system32> Remove-MgGroup -GroupId 958d212c-14b0-43d0-a052-d0c2bb555b8b
 Copied

Click to copy entire script

4. Steps to delete groups in bulk in M365 Manager Plus

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Management tab > Azure Active Directory > Group Management > Bulk Group Modification > Delete Groups .
  3. Select the groups you want to delete. You can also import a CSV file of the group(s). Click on Find.
  4. Click on Apply to delete the selected groups.

5. Managing group membership

Use the Add-MgGroupMember cmdlet to add new members to a group.

            PS C:\Windows\system32> New-MgGroupMember -GroupId f76cbbb8-0581-4e01-a0d4-133d3ce9197f -DirectoryObjectId a88762b7-ce17-40e9-b417-0add1848eb68
 Copied

Click to copy entire script

Use the Get-MgGroupMember cmdlet to get the existing members of a group.

            PS C:\Windows\system32> Get-MgGroupMember -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4
 Copied

Click to copy entire script

Use the Remove-MgGroupMember to remove a member that was added to as group.

            PS C:\Windows\system32> Remove-MgGroupMemberByRef -DirectoryObjectId 053a6a7e-4a75-48bc-8324-d70f50ec0d91 -GroupId 2c52c779-8587-48c5-9d4a-c474f2a66cf4
 Copied

Click to copy entire script

Use the Select-MgGroupIdsUserIsMemberOf cmdlet to verify the group memberships of a user.

            PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
 Copied

Click to copy entire script

5. Steps to update group membership in M365 Manager Plus:

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Management tab > Azure Active Directory > Group Member Management > Add/Remove Group Membership using CSV.
  3. Select the Microsoft 365 Tenant and upload a CSV file with the required groups and members.
  4. Click on Apply to add or remove the members.
  5. You can also choose the Modify Microsoft 365 Group Members task.
  6. You can add and remove users to groups in this task.

6. Managing owners of groups

Use the New-MgGroupOwner cmdlet to add owners to a group.

            PS C:\Windows\system32> New-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
 Copied

Click to copy entire script

Use the Get-MgGroupOwner cmdlet to retrieve the owners of a group.

            PS C:\Windows\system32> Get-MgGroupOwner -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497
 Copied

Click to copy entire script

Use the Remove-MgGroupOwnerByRef cmdlet to remove an owner from a group.

            PS C:\Windows\system32> Remove-MgGroupOwnerByRef -GroupId 0e48dc96-3bff-4fe1-8939-4cd680163497 -DirectoryObjectId 92a0dad0-7c9e-472f-b2a3-0fe2c9a02867
 Copied

Click to copy entire script

6. Steps to update owners of groups in bulk in M365 Manager Plus:

  1. Sign in to M365 Manager Plus as Administrator.
  2. Navigate to the Management tab > Azure Active Directory > Bulk Group Modification .
  3. You can choose to add or remove owners from Microsoft 365 groups, distribution groups, dynamic distribution groups, security groups, and mail enabled security groups.
  4. Select the owner(s) you want to add or remove, choose the add or remove function, the Microsoft 365 tenant and the respective group.
  5. Click on Apply to perform the action.

7. Disabling group creation

You can restrict non-administrative users from creating security groups within your directory for security purposes. Microsoft Online Directory Services (MSODS) allows non-admin users to create groups by default

            Install-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
                            Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
                            $params = @{
                            TemplateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
                            Values = @(		
                                @{
                                    Name = "EnableGroupCreation"
                                    Value = "false"
                                }		
                            )
                            }
                            Connect-MgGraph -Scopes "Directory.ReadWrite.All"
                            New-MgBetaDirectorySetting -BodyParameter $params
 Copied

Click to copy entire script

  

Reserved aliases

When a group is created, specific endpoints enable end users to designate a mailNickname or alias for the group's email address. Groups with the following privileged email aliases can be created by only by a Microsoft Entra Global Administrator.

  • abuse
  • admin
  • administrator
  • hostmaster
  • majordomo
  • postmaster
  • root
  • secure
  • security
  • ssl-admin
  • webmaster

Limitations of using Entra ID admin center

  • Administrators should have the required role to access individual native admin centers and execute tasks in them.
  • Microsoft 365 does not allow bulk group management.

Benefits of using M365 Manager Plus for Entra ID group management

  • Easily manage your organization's Microsoft 365 licenses in bulk or individually from a single console.
  • Generate pre-built, intuitive reports and keep an eye on the license usage.
  • Assign tasks to any technician without needing to grant them elevated native privileges.
  • Manage users, mailboxes, groups, and contacts in bulk.
  • Keep an eye on various Microsoft 365 services such as Exchange Online, Azure Active Directory, SharePoint Online, and OneDrive for Business with pre-configured reports.
  • Automate report generation and various repetitive management tasks to save time and effort.
  • Keep a check on your Microsoft 365 services' health and performance with 24/7 monitoring.
  • Track all the activities happening in your organization with detailed audit reports.
  • Delegate custom roles to help desk technicians and reduce the administrator's workload.

Perform effortless license management.

Try now for free

  • Streamline your Microsoft 365 governance and administration with M365 Manager Plus
  • Get Your Free Trial

Related Resources

A holistic Microsoft 365 administration and security solution
HighlightsReportingAuditingManagementMonitoringRelated products
 
x