Introduction
This PowerShell script leverages the Microsoft Graph API to retrieve comprehensive information about a specific Microsoft 365 group. It gathers details about group membership, assigned licenses, device configurations, and applications. This script is particularly useful for administrators who need to audit or document group settings and configurations.
Use Case
This script can be used to:
- Audit Group Settings: Gather information about group membership, licenses, and applications for compliance or security reviews.
- Document Group Configurations: Create detailed reports on group settings and assigned resources.
- Troubleshoot Group Issues: Identify potential issues with group membership, licensing, or application access.
Script
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Group.Read.All","DeviceManagementManagedDevices.Read.All"
# Define the group name you want to query
$groupName = "<Group Name>"
# Retrieve the group using group name
$group = Get-MgGroup -Filter "displayName eq '$groupName'"
# Ensure group is found
if ($group -ne $null) {
Write-Host "Group Name: $($group.DisplayName)"
Write-Host "Group Description: $($group.Description)"
Write-Host "Group ID: $($group.Id)"
Write-Host "Group Type: $($group.GroupTypes)"
# List all users in the group
$groupMembers = Get-MgGroupMember -GroupId $group.Id
Write-Host "`nGroup Members:"
foreach ($member in $groupMembers) {
Write-Host $member.DisplayName
}
# Get device configurations applied to the group (directly list configurations)
Write-Host "`nDevice Configurations:"
$deviceConfigs = Get-MgDeviceManagementDeviceConfiguration
foreach ($config in $deviceConfigs) {
# Check if the group is assigned to this configuration
if ($config.AssignedTo -contains $group.Id) {
Write-Host "Configuration: $($config.DisplayName) - ID: $($config.Id)"
}
}
# List licenses assigned to the group's members
Write-Host "`nLicenses assigned to group members:"
foreach ($member in $groupMembers) {
$licenses = Get-MgUserLicenseDetail -UserId $member.Id
foreach ($license in $licenses) {
Write-Host "$($member.DisplayName) has license: $($license.SkuId)"
}
}
# Get apps assigned to the group
Write-Host "`nApplications Assigned to Group:"
$groupApplications = Get-MgGroupAppRoleAssignment -GroupId $group.Id
foreach ($app in $groupApplications) {
Write-Host "App: $($app.PrincipalDisplayName) - Role: $($app.AppRoleId)"
}
} else {
Write-Host "Group not found or invalid group name provided."
}
Explanation
- Connect to Microsoft Graph: The script first connects to Microsoft Graph using the
Connect-MgGraph
cmdlet, requesting necessary permissions. - Retrieve Group: It then retrieves the specified group using the
Get-MgGroup
cmdlet and filters by the group’s display name. - Group Details: If the group is found, it displays basic information about the group (name, description, ID, type).
- Group Members: It lists all members of the group.
- Device Configurations: It retrieves all device configurations and checks if the group is assigned to any of them.
- Licenses: It iterates through the group members and retrieves the licenses assigned to each member.
- Applications: It retrieves the applications assigned to the group.
Outro
This script provides a starting point for automating the analysis of Microsoft 365 groups. You can extend it to include other relevant information, such as group policies, SharePoint sites, or Teams settings.
Tags
PowerShell, Microsoft Graph, Microsoft 365, Office 365, Groups, Automation, Scripting, Azure Active Directory