Managing Microsoft 365 Using PowerShell
Managing the powerful productivity and collaboration suite Microsoft 365 can be a daunting task, especially for organizations with thousands of users, licenses for those users, and hundreds of groups used to manage the users.
PowerShell is a command-line tool that can simplify and automate the management of Microsoft 365 and save time and resources. It’s important for Microsoft 365 administrators to have the ability to automate, bulk manage, and configure these users, licenses, and groups. To benefit, you need a thorough understanding of how PowerShell integrates with Microsoft 365 and how you can use PowerShell to manage users, licenses, and groups, and generate reports and PowerShell scripts to perform some of the more common M365 administrative tasks, like adding users in bulk or changing properties of users or groups.
Using PowerShell to accomplish this task involves not only managing access to Microsoft 365, but also the different services available in Microsoft 365 including:
- SharePoint
- Exchange
- Security and Compliance Center
- Microsoft Teams
- Skype for Business
- Delegated Access Permissions (DAP)
In this article, I’ll focus on management of users, licenses, and groups, and review the reporting capabilities available when using PowerShell.
PowerShell for Microsoft 365 has several cmdlets for managing all aspects of Microsoft 365, including performing the following tasks:
- Display information that can’t be seen from within the Microsoft 365 admin center
- Configure features and settings only configurable using PowerShell
- Perform bulk operations
- Filter data
- Print or save data
Note: You need to be a member of the global administrator role in Microsoft 365 to connect and manage Microsoft 365. If managing a specific component, like groups, users, or licenses, you can be a member of that specific admin role without being a member of the global admin role.
PowerShell Modules Used to Manage Microsoft 365
Before you can begin managing Microsoft 365 users, groups, and licenses using PowerShell, you must install one or both of the following PowerShell modules:
- Azure Active Directory PowerShell for Graph (cmdlets include AzureAD in their name)
- Microsoft Azure Active Directory Module for Windows PowerShell (cmdlets include Msol in their name)
Note: These two modules can reside on the same computer and, in some scenarios, you need both versions installed.
Microsoft 365 PowerShell module system requirements
- Operating system (64-bit only)
- Windows 10, Windows 8.1, Windows 8, or Windows 7 SP1
- Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1
- PowerShell
- Azure AD PowerShell for Graph requires PowerShell 5.1
- Microsoft Azure AD Module for Windows PowerShell 5.1 up to 6 (7 is not supported)
Let’s get started. To connect to Microsoft 365 with the Azure AD PowerShell for Graph module:
- Open Windows PowerShell Command Prompt in Admin mode.
- Enter and run Install-Module -Name AzureAD
- When you see the message asking about untrusted repository, respond Yes or Yes to All.
- Enter and run Import-Module AzureAD.
- Connect to AzureAD using Connect-AzureAD.
- When prompted, provide credentials to complete the connection process, as shown in Figure 1.
If you want to connect to Microsoft 365 with the Azure AD Module for Windows PowerShell:
- Locate and download Microsoft Online Services Sign-in Assistant.
- Open Windows PowerShell Command Prompt in Admin mode.
- Enter and run Install-Module MSOnline.
- If prompted for NuGet provider type Y and press Enter.
- If prompted to install the module from PSGallery, type Y and press Enter.
- Connect to AzureAD using Connect-MsolService.
- When prompted, provide credentials to complete the connection process, as shown in Figure 2.
Understanding Microsoft 365 cmdlets
There’s a plethora of Microsoft 365 PowerShell cmdlets, so I’m not going to discuss all of them. I’ll explore the most common cmdlets used to manage users and groups. The general cmdlets for managing these components involve using five primary commands that use a verb-noun pattern with some examples, following this overview.
- Add-xxx: Adds a user to a M365 component.
- Get-xxx: Retrieve and display information about a Microsoft 365 component.
- New-xxx: Create a new Microsoft 365 component.
- Set-xxx: Modify or change settings on a Microsoft 365 component.
- Remove-xxx: Delete a Microsoft 365 component.
Common AzureAD Graph cmdlets
Get-AzureADGroup, New-AzureADGroup, Set-AzureADGroup, Remove-AzureADGroup
Get-AzureADUser, New-AzureADUser, Remove-AzureADUser, Set-AzureADUser
Get-AzureADDevice, New-AzureADDevice, Set-AzureADDevice, Remove-AzureADDevice
Get-AzureADApplication, New-AzureADApplication, Remove-AzureADApplication
Common Microsoft Online cmdlets
Get-MsolUser, New-MsolGroup, Set-MsolGroup, Remove-MsolGroup
Get-MsolUser, New-MsolUser, Remove-MsolUser, Set-MsolUser
Get-MsolGroupMember, Add-MsolGroupMember, Remove-MsolGroupMember
Get-MsolRoleMember, Add-MsolRoleMember, Remove-MsolRoleMember
Obtaining Help on Available Microsoft 365 PowerShell cmdlets
There are way too many M365 PowerShell cmdlets for anyone to remember all of them, but you can get help on all the PowerShell cmdlets by using the following command:
Get-Command -Module MsOnline
Use the following command to display a list of Microsoft 365 PowerShell cmdlets that begin with a verb, like Add:
Get-Command -Module MsOnline Add -*
Use the following command to display the details of a specific Microsoft 365 PowerShell cmdlet:
Get-Help New-MsolUser -Detail
Use the following command to see examples of a specific Microsoft 365 PowerShell cmdlet:
Get-Help New-MsolUser -Examples
Managing M365 Users in Bulk
If you have the need to add users in bulk, you can create a .csv file containing the necessary fields, separated by a comma for each user, and use PowerShell to perform a bulk import. For instance, if you wanted to add several new users, you can create a .csv file called NewUsers.csv using a format similar to this (code line broken in this and other snippets to facilitate publishing):
UserPrincipalName,DisplayName,Department,LicenseAssignment,
UsageLocation
In subsequent lines, provide the values for each new user you want to add:
[email protected],”Brian
Alderman”,”Marketing”,”MicrotechPoint:ENTERPRISEPACK”,”US”
To add the new users, open Windows PowerShell in Administrator mode and execute the following command:
Import-Csv C:\users\Brian\Desktop\NewUsers.csv | ForEach-Object {New -
MsolUser -UserPrincipalName $_.UserPrincipalName -DisplayName
$_.DisplayName -Department $_.Department -LicenseAssignment
$_.LicenseAssignment -UsageLocation $_.UsageLocation}
Note: The only three required fields are UserPrincipalName, DisplayName, and UsageLocation. All others are optional, including licensing the new users as you create them. To obtain information about what licenses are available to assign to your users, you can issue the following PowerShell cmdlet:
Get-MsolAccountSku
Using Microsoft 365 PowerShell cmdlets
The PowerShell screen shown in Figure 3 contains the commands used to create and manage a new Microsoft 365 user by using the following steps:
- Create a new user called Don using this information:
- UserPrincipalName [email protected]
- DisplayName “Don Alderman”
- After retrieving the available licenses, assign Don an EXCHANGESTANDARD license.
- Set Don’s UsageLocation at “US”.
2. After creating the user, add a Department of Marketing to Don’s account.
3. After modifying Don’s department, generate a report of all users by using the Get-MsolUser cmdlet.
Figure 3 shows all of the Microsoft 365 users, the new user’s principal name (Don), display name, and that Don has a standard Exchange license.
There are too many Microsoft 365 PowerShell cmdlets to discuss in this brief article, but you can review and learn about them here: the MSOnline website or on the AzureAD website.