Office 365 / MSGraph management of users and licenses

  • Home
  • Office 365 / MSGraph management of users and licenses
  • August 21, 2024
  • 0 Comments

Recently for work I’ve had to manage a large number of Office 365 users and create a new ‘intake’ of accounts, which is done yearly. Since the last time I was doing it, it seems that the MSGraph module has been updated and preferred over the MSOnline method.

I’ve collected and saved a few useful scripts (after finding out the correct method of doing it!) so that I can refer to them next year.

Fetching a list of all available licenses on your tenant

Import-Module Microsoft.Graph.Authentication
Connect-Graph -Scopes User.ReadWrite.All, Organization.Read.All

$allSKUs = Get-MgSubscribedSku -Property SkuPartNumber, ServicePlans 
$allSKUs | ForEach-Object {
    Write-Host "Service Plan:" $_.SkuPartNumber
    $_.ServicePlans | ForEach-Object {$_}
}

This will give you a list of service plans and SKU numbers needed to assign the SKU’s to end-users.

Setting licenses to a list of users by CSV

$e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'STANDARDWOFFPACK_IW_STUDENT'
$disabledPlans = $e5Sku.ServicePlans | `
    Where ServicePlanName -in ("SWAY", "YAMMER_EDU") | `
    Select -ExpandProperty ServicePlanId

$addLicenses = @(
    @{
        SkuId = $e5Sku.SkuId
        DisabledPlans = $disabledPlans
    }
)

Import-CSV "C:\Accounts.csv" | ForEach {
    Update-MgUser -UserId $_.EmailAddress -UsageLocation GB
    Set-MgUserLicense -UserId $_.EmailAddress -AddLicenses $addLicenses -RemoveLicenses @()
}

Now this will set a license on all users listed in Accounts.csv with EmailAddress as a heading. It will also update the users UsageLocation as this is required before creating a mailbox for that user. Additionally I have disabled the SWAR and YAMMER applications from the license, as these are not used in our organization.

Forcing set passwords and prompting to change on first logon

Import-CSV "C:\Accounts.csv" | ForEach {
    $secPassword = ConvertTo-SecureString $_.EmailPassword -AsPlainText -Force
    Update-MgUser -UserId $_.EmailAddress -PasswordProfile @{ ForceChangePasswordNextSignIn = $true; Password = $_.EmailPassword }
    Write-Output "."
}
Write-Output "Done"

This should be a simple one to understand, we have Accounts.csv with two columns consisting of EmailAddress and EmailPassword these are then passed to the Update-MgUser CmdLet with a flag of ForceChangePasswordNextSignIn.

Adding the list of users to a distribution group

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

Import-CSV "C:\Accounts.csv" | ForEach {
    Add-DistributionGroupMember -Identity "[email protected]" -Member $_.EmailAddress
    Write-Output "."
}
Write-Output "Done"

Yes, I know. This isn’t MSGraph but It was still useful after adding around 300 new users and needing them to be in groups, it makes use of the MSOnline Add-DistributionGroupMember and our current CSV file containing EmailAddress.

That’s all I found was needed to get accounts up and running and using the new MSGraph PowerShell. I hope that’s helped you as much as it did me.