Using Get-MgGroup in Powershell: All You Need To Know

Using Get-MgGroup in Powershell: All You Need To Know

If you are looking to learn how to use the PowerShell cmdlet Get-MgGroup within the Microsoft Graph PowerShell SDK, you have arrived at the right place.

This tool is perfect for IT administrators who want to manage Microsoft 365 groups more effectively and developers looking to automate group-related tasks. Today, we’ll cover how to set up your PowerShell environment to use Get-MgGroup with various parameters and offer tips on managing the output.

What is The Get-MgGroup Cmdlet in PowerShell?

Get-MgGroup is a PowerShell cmdlet provided by the Microsoft Graph PowerShell SDK, which allows users to interact with and manage Microsoft 365 services via Microsoft Graph API. Specifically, Get-MgGroup is used to retrieve information about groups in Microsoft 365, such as Office 365 groups, security groups, and distribution groups.

This cmdlet is particularly useful for administrators who need to manage group settings, memberships, and access permissions programmatically, helping them automate and streamline their administrative workflows within Microsoft 365 environments.

The syntax of Get-MgGroup is as follows:


[-ExpandProperty <String[]>]

[-Property <String[]>]

[-Filter <String>]

[-Search <String>]

[-Skip <Int32>]

[-Sort <String[]>]

[-Top <Int32>]

[-ConsistencyLevel <String>]

[-ResponseHeadersVariable <String>]

[-Headers <IDictionary>]

[-PageSize <Int32>]


[-CountVariable <String>]

[-ProgressAction <ActionPreference>]


Here is the meaning of each parameter in the syntax:

  • ExpandProperty: Includes additional properties not normally returned in the basic results by expanding related entities.
  • Property: Selects specific properties to be returned in the response, optimizing the data load.
  • Filter: The Get-MgGroup filter parameter uses OData filter expressions to return only the results that meet the specified conditions.
  • Search: Executes a search query on the server side to filter results based on text content.
  • Skip: Bypasses a specified number of results, useful for paging through data.
    Sort: Orders the returned results based on specified property values and directions.
  • Top: Limits the number of results returned to a specified maximum, ideal for controlling output size.
  • ConsistencyLevel: Sets the required consistency for the transaction, ensuring data accuracy and integrity.
  • ResponseHeadersVariable: Captures response headers into a variable for further processing or analysis.
  • Headers: Sends custom HTTP headers with the request, often used for configurations like response preferences.
  • PageSize: Defines the number of items per page in the response, useful for pagination.
    All: Retrieves all results across multiple pages, ignoring paging limits like Top or PageSize.
  • CountVariable: Stores the number of results into a variable, useful for summaries or conditional logic.
  • ProgressAction: Controls how the cmdlet displays progress, such as through a progress bar.

What Can You Use Get-MgGroup For?

This command, as part of the Microsoft Graph PowerShell SDK, is versatile for managing and interacting with groups within Microsoft 365. Here are some practical use cases for this cmdlet:

  1. Listing All Groups in the Organization: Use Get-MgGroup to retrieve a list of all groups within a Microsoft 365 organization, including Office 365 groups, distribution lists, and security groups. This can be helpful for administrators to get an overview of all the groups, manage them, or audit the existing group structures.
  2. Finding Specific Groups Using Get-MgGroup Filter Options: With the -Filter parameter, you can search for groups that meet specific criteria. For instance, finding all groups with a specific word in their name or those created before a certain date.
    Managing Group Membership: By using the -ExpandProperty parameter to expand the members or owners properties, it’s possible to view or audit the membership of specific groups. This allows for effective management of who has access to what within the organization, ensuring that only the right individuals have the necessary permissions.
  3. Automating Group Management Tasks: Automate routine group management tasks such as updating group properties, cleaning up unused groups, or syncing group data with other systems. By using Get-MgGroup in scripts, you can automate these tasks to run at scheduled intervals, reducing manual workload and improving efficiency.

Prerequisites to Run The Get-MgGroup Command

Before you can effectively run Get-MgGroup to manage and interact with Microsoft 365 groups using the Microsoft Graph PowerShell SDK, there are several prerequisites and considerations related to permissions you should consider:

  • Microsoft 365 Environment Access: First, you need access to a Microsoft 365 environment, as personal Microsoft accounts do not support the Microsoft Graph capabilities required for group management.
  • Appropriate Permissions: Depending on how you intend to use Get-MgGroup, the permissions required can vary. Delegated Permissions are used when actions are performed on behalf of a user. To simply read group membership details, you would need GroupMember.Read.All. For more comprehensive group management tasks, such as modifying groups or accessing broader directory data, higher permissions like Group.ReadWrite.All and Directory.Read.All, are necessary. On the other hand, Application Permissions are used when a script or service acts without a logged-in user context.
  • Microsoft Graph PowerShell SDK Installation: You need to have the Microsoft Graph PowerShell SDK installed on your system. This SDK provides the Get-MgGroup cmdlet, among many others, that facilitates interaction with Microsoft 365 services via the Microsoft Graph API.

How to Use Get-MgGroup in PowerShell

To use Get-MgGroup, we'll follow three quick steps.

Step 1: Authenticate and Set Up Your PowerShell Session

Before you can use Get-MgGroup to interact with Microsoft 365 groups, you first need to authenticate to Microsoft Graph. This ensures that your session has the appropriate permissions to perform the operations required.

To do this, open PowerShell as an administrator, and run the following command:


-Scopes "User.Read.All", "Group.ReadWrite.All"

Step 2: Use Get-MgGroup with Appropriate Parameters

Depending on your specific need (such as listing all groups, or retrieving detailed properties of a specific group), use the Get-MgGroup cmdlet with parameters that match your query.

For instance, take a look at this example:

Connect-MgGraph -Scopes 'Group.Read.All'
Get-MgGroup | Format-List Id, DisplayName, Description, GroupTypes

Id : 3c92173e-2c3f-46b5-9b5e-c6b3c76fa2b4
DisplayName : Research and Development
Description : A group dedicated to pioneering and advancing our technology platforms.
GroupTypes : {Unified}

Id : f3ee48e2-c1bf-4417-8a88-abc3e5d3dd4e
DisplayName : Human Resources
Description : Focus on employee engagement and organizational culture enhancements.
GroupTypes : {Unified}

This example connects to Microsoft Graph with specified permissions, retrieves details about all groups in the Microsoft 365 environment, and formats the output to list each group's ID, display name, description, and types.

Step 3: Interpret and Handle the Output

Once you have executed the Get-MgGroup cmdlet, the next step is to handle and potentially manipulate the output for your requirements. For instance, you can view the output directly in the PowerShell console by simply running the command or filtering the results based on your needs.

Wrapping Up: 3 Quick Steps to Use Get-MgGroup in PowerShell

As you can see, mastering the Get-MgGroup cmdlet from the Microsoft Graph PowerShell SDK greatly enhances your ability to manage Microsoft 365 groups. By customizing your commands with specific parameters, you can easily access detailed information, organize and filter group data, and automate regular administrative tasks directly from your PowerShell prompt.