Retrieve newly created users, groups or Apps and more using MG Graph

Something slightly different but still useful for some of us. The commands shown below are pretty straight forward to retrieve some information using PowerShell. The cmdlets below could be useful if you want to build an automated reporting e-mail/teams message for daily reports for example. The examples below could be used as a starting point.

I have not found time (yet) to build an automated reporting tool/script but the cmdlets i would be using are pretty useful so i might share these already. That’s basically everything in this blog.. 🙂

Want to know more about MG Graph? Read the official Get Started documentation here: Get started with the Microsoft Graph PowerShell SDK | Microsoft Learn

Requirements

Install the PowerShell module using the following cmdlet.

Install-Module Microsoft.Graph -Scope AllUsers

Retrieve newly created Entra ID users

The cmdlet/script below shows newly created users since the last day. This could be modified to whatever days you like. Simply modify the Get-Date).AddDays(-1) value to something else.

#Generate output of newly created users where .AddDays(-1) counts as the days from now.

# Authenticate to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

# Query for newly created users
$newUsers = Get-MgUser -Filter "CreatedDateTime ge $((Get-Date).AddDays(-1).ToString("s"))Z"
Write-Output $newUsers

Retrieve newly created Entra ID groups

The cmdlet/script below shows newly created groups since the last day. This could be modified to whatever days you like. Simply modify the Get-Date).AddDays(-1) value to something else.

#Generate output of newly created groups where .AddDays(-1) counts as the days from now.

# Authenticate to Microsoft Graph
Connect-MgGraph -Scopes "Group.Read.All"

# Query for newly created groups
$newGroups = Get-MgGroup | Where-Object { $_.CreatedDateTime -ge $((Get-Date).AddDays(-1)) }
Write-Output $newGroups

Retrieve newly created App Registration or Enterprise App

The cmdlet/script below shows newly created App registrations or Enterprise Apps since the last day. This could be modified to whatever days you like. Simply modify the Get-Date).AddDays(-1) value to something else.

#Generate output of newly created App Registrations where .AddDays(-1) counts as the days from now.

# Authenticate to Microsoft Graph
Connect-MgGraph -Scopes "Application.Read.All"

# Query for newly created users
$Apps = Get-MgApplication -All | Where-Object { $_.CreatedDateTime -ge $((Get-Date).AddDays(-1)) }
Write-Output $Apps

Retrieve all Dynamic groups in Entra ID

The cmdlet/script below shows all available Dynamic groups which are available in Entra ID.

#Generate output of all Dynamic Groups groups

# Authenticate to Microsoft Graph
Connect-MgGraph -Scopes "Group.Read.All"

# Query for newly created users
$DynamicGroups = Get-MgGroup -All | Where-Object {$_.GroupTypes -eq "DynamicMembership"}
Write-Output $DynamicGroups

Retrieve all Stale devices

Generate output of devices where no user logon activity is found. .AddDays(-30) counts as the days from now. Output is filtered to shown only Company owned devices. Personal devices are filtered out.

#Generate output of devices where no user logon activity is found. .AddDays(-30) counts as the days from now.
#Output is filtered to shown only Company owned devices. Personal devices are filtered out.

# Authenticate to Microsoft Graph
Connect-MgGraph

# Query for possible stale devices
$StaleDevice = Get-MgDevice | Where-Object { $_.ApproximateLastSignInDateTime -gt $((Get-Date).AddDays(-30)) -and $_.DeviceOwnership -eq "Company"}
Write-Output $StaleDevice | FL Displayname, ApproximateLastSignInDateTime, EnrollmentProfileName, ID, DeviceID

If you would like to see all devices including personal ones this is the one you need.

#Generate output of devices where no user logoc activity is found. .AddDays(-30) counts as the days from now.

# Authenticate to Microsoft Graph
Connect-MgGraph

# Query for possible stale devices
$StaleDevice = Get-MgDevice | Where-Object { $_.ApproximateLastSignInDateTime -gt $((Get-Date).AddDays(-30)) }
Write-Output $StaleDevice | FL Displayname, ApproximateLastSignInDateTime, EnrollmentProfileName, ID, DeviceID

Please not that there’s nothing more than useful MG Graph examples in this blogpost. In the future i might use these to receive daily/weekly reports via Teams or E-mail.

Leave a Reply

Your email address will not be published. Required fields are marked *

14 − 13 =