Read. Keep your help files up to. I have written a comprehensive guide on using this cmdlet here: How To Use Get-MgUser with Microsoft Graph PowerShell; Using this script To use the script, I recommend hovering your cursor over the script below and using the copy function at the top right. You can build customized solutions or scripts that could validate your skills as a toolmaker. Fetching signInActivity property requires an Azure AD Premium P1/P2 license and the AuditLog. The script returns all the users assigned to an app. Get-MgUser not returning Initials #1500. Users. 0 cmdlet typically returns the skeleton properties so the query can run faster. When you use Connect-MgGraph, you can choose to target other environments. I recently started a new job and I’m trying my darndest. For information on hash tables, run Get-Help about_Hash_Tables. Get-MgUser; I recently started to dig into the Microsoft Graph PowerShell module initially to do some Azure AD stuff, but ultimately to unlock the full potential of the Graph API using PowerShell 7 (PowerShell Core). permissions To identify which permissions are assigned to the current session you can use the get-mgcontext cmdlet, e. powershell; graph; azure-active-directory; microsoft-graph-api; microsoft-graph-mail; Share. This only outputs a few properties of each user. So an admin has no way to know if the user logged in last time 31 days ago or 250 days ago. List AD Users by Department with GUI Tool. I'm trying reduce the results when making a Graph call by only calling those users with a specific userPrincipalName sub-domain. ToString("s"))Z" The PowerShell output shows a list of all the Azure AD users created in the last year. Step 1. In addition, for the get-mguser command, I suggest you can use the Format-List command to get all the relevant parameters to see if there is an external email address. Read properties and relationships of the user object. Read. All True Read directory data. SignIns # A UPN can also be used as -UserId. Thanks! Originally posted by @Janooski in #1171 (comment)@Glenn Evans Thank you for your post! I ran into the same issue when trying to run (Get-MgUser -userId 'userID'). ”. Get-MgUser -Filter * -Property * | ForEach-Object { $_. com -Property Id, displayName, assignedLicenses | Select -ExpandProperty AssignedLicenses DisabledPlans SkuId ----- ----- {} 4016f256-b063-4864-816e-d818aad600c9 Assigning Compound LicensesI'd like to get a display Name for these objects; I can obviously do this by running the appropriate 'Get' cmdlet for the type of directory object (i. Microsoft. Use Filters to Target Mailboxes and Azure AD Accounts. In this example, I had a scenario, where we (a charity) received an under utilization email from Microsoft, that 47% of the tenant was utilized and that for a charity subscription I needed to improve to 85% or unassign licenses - fair enough, this is a free offering, not going to argue this. GetMgUser_List. Id DisplayName Mail UserPrincipalName UserType -- ----- ---- ----- ----- I understand that this is how the API operates, but I think it would be extremely useful to be able select properties to add to the default as well as the existing function of exclusivity. All permission. Get-MgUser specific department. But I'm able to get other user attributes. All Select-MgProfile -Name beta Get-MgUser -UserId [email protected] | Select -Property EmployeeType Update-MgUser -UserId [email protected]-EmployeeType FTE Share. 2. Read. You can get the Azure AD user accounts that work at a specific department in your organization. [DirectoryObjectId <String>]: The unique identifier of directoryObject. Description. Microsoft. JSON, CSV, XML, etc. Stage 1: Extract Licensing Data for the Tenant. OData defines the any and all operators to evaluate matches on multi-valued properties, that is, either collection of primitive values such as String types or collection of entities. This command returns the details of the specified directory object. com, where fabrikam. This API is supported in the following national cloud deployments. Manual Download. Get-MgUser –All. All and User. To update the User Principal Name back: Connect-MgGraph -Scopes User. Get-MgBetaUserById. Users Get-MgUser -Property "id,displayName,mail,identities" -Filter "endsWith(userPrincipalName,'" -ConsistencyLevel eventual For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation. Get-MgUser -Filter "department eq 'Marketing'" Then add in startswith to find marketing users who have a display name starting with ‘A’: Get-MgUser -Filter "(department eq 'Marketing') and (startswith(DisplayName,'A'))" Finally, we add another filter to exclude the user account with the email address “[email protected] permission on your behalf. Just a simple device login. PowerShell scripts often begin by finding a set of Azure AD user accounts or Exchange mailboxes to process. It should be noted that a user’s sign-in frequency is highly dependent on what Azure protected applications they are accessing and how they are accessing them. MSOnline to Microsoft Graph PowerShell. Optionally, you can expand the manager's chain up to the root node. scopes If you run a interactive session you have to specify the scopes, e. Before Microsoft Graph supports this property, we need to either get the mailbox last logon time using the Get-MailboxStatistics cmdlet or we need to crawl the Azure AD sign-in logs or the Unified audit logs in the Security and Compliance Center. graph. Get-Mguser I know I might need to use Get-Mguser cmdlets but not sure how can I return only the soft-deleted user. As a bonus, re-run the Get-MgContext` command and view the additional scope (hint: you may need to expand the `Scopes` property to. Depending on what you’re querying, it is also a good idea to use the -Property. Graph. ), REST APIs, and object models. That cmdlet would retrieve an [email protected] the Graph Explorer site I can get this data for all users when logged in with the same account and granting the same permissions. Get the specified profilePhoto or its metadata (profilePhoto properties). This can be the account’s user principal name or object identifier. Get-MgUser); From what I can tell the type of directory object can't be gleaned via PowerShell with out 'trial-and-error'. ReadWrite. Directory. 10. # THE PYTHON SDK IS IN PREVIEW. But just the fact that you can't even see the last login date of a. In the updated screenshot below, I have highlighted the permission scopes we require to run the Get-MgUser, and Get-MgUserMemberOf commands based on the descriptions column. Graph. Graph and Deleted Users. So you have to filter at shell level. Select-MgProfile beta (Get-MgUser -UserId [email protected] have found that while the AccountEnabled attribute is available and returns valid data directly from the v1. com#EXT#@fabrikam. This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise. 0. Fetching signInActivity property requires an Azure AD Premium P1/P2 license and the AuditLog. Users) | Microsoft Learn Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Get-MgUser -Filter ` "endsWith(mail,'microsoft. PasswordPolicies. This example shows how to use the Get-MgUserDelta Cmdlet. g. "get-mailboxstatistics | select LastLogonTime" is today, because "(Get-MgUser -UserId <guid> -Select SignInActivity). Get-MgUser_Get1: Access is denied. Copy the object (principal) Id to a notepad. Run the below PowerShell command. Namespace: microsoft. Azure Managed Identity is a feature of Azure Active Directory (AAD) that allows Azure resources to authenticate to other Azure. This API is available in the following national cloud deployments. Here is a version I finally got working, pieces borrowed from various other posts/sources, mostly Andrew Water's other post here: Azure AD - Delete Users after XYZ since last sign in date This one will kick out the display name and creation date in addition since guest accounts UPNs aren't always the most readable. Select-MgProfile -Name "beta". 1 comment Show comments for this answer Report a concern. For information on hash tables, run Get-Help about_Hash_Tables. Graph. msftbot bot added the no-recent-activity label Oct 10, 2022. Copy and paste the below code into your text editor. This attribute can either be the UserPrincipalName of the user or the actual user id: Get-MgUser -UserId [email protected] Get-User cmdlet returns no mail-related properties for mailboxes or mail users. com”. Sort by: Most helpful. To create the parameters described below, construct a hash table containing the appropriate properties. Filter a collection of primitive types (Lambda operators) Lambda operators or Lambda expressions are used to separate the Lambdas parameter list from its body. @ThePoShWolf - I've found you actually can use SignInActivity when doing the filter/query. Graph. Some common uses for this function are to: This API is available in the following national cloud deployments. peters@activedirectorypro. Graph. Get-MgBetaUserById. Graph. Using device code flow: PowerShell. If the answer is helpful, please click " Accept Answer " and kindly upvote it. Retrieve the properties and relationships of a contact object. Check the information against the input data. All permission. The first task is to connect using the Microsoft Graph PowerShell SDK, which requires you to set the scopes (permissions) required to manage any specific. This post is from 9. To Set Password Never Expire for All. Read. There is also no need at all to query all users first: (get-mguser -UserId [email protected] would return the azureobjectID for the user being gotten. To review, open the file in an editor that reveals hidden Unicode characters. Connect-MgGraph -TenantId "828e1143-88e3-492b-bf82-24c4a47ada63". So why the script failed with the above error? then I used MS Graph module: Get-MgUser -UserId "MyUser @mathieu. Toggle the status from “Off” to “On”. I've added Directory. We use Microsoft Graph Explorer for this, which provides a quick way to identify guest users and their status in a M365 tenant. Microsoft Graph PowerShell documentation. I’ll stay here, until next time. Update-MgUser -UserId "[email protected] line:1 char:1 + Get-MgUser + ~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AggregateException + FullyQualifiedErrorId : System. In the context of the Microsoft Graph API, this means that Microsoft may change, break, redirect or even remove functionality without notifications in advance. : (get-mgcontext). Models. Get-MsolUser or Get-AzureADUser cmdlet is used to get the Office 365 user details using PowerShell. We’re going to assume you have already created an Automation account in your subscription. Examples Example 1: Code snippet Import-Module Microsoft. PowerShell. Read. Do note that you have to request each property you plan to use, including those used for filtering. To learn about permissions for this resource, see the permissions reference. You can also use the Microsoft Graph users by name scenario described in the previous section. In this example, I’ll use the AD Pro Toolkit to get all users and their departments. Lets say a user has logged on the last time 31 days ago, in the Azure Sign In Activity we wouldn't see anything. There are no errors thrown and. Hey Guys I am trying to export a list of all users, with all their extension attributes and further properties, including the manager. INPUTOBJECT <IUsersIdentity>: Identity Parameter [AttachmentBaseId <String>]: The unique identifier of attachmentBaseInstallation Options. Enter your Office 365 credentials when prompted. ReadWrite. About the author. As of now we have to specify property to run search or filter against of when running Get-MgUser or Get-MgGroup. Get-MgUser This command outputs a listing of users in your Microsoft 365 organization. All and Directory. allThe resulting ID from the Trim are known good values as I can query them independently by supplying them like Get-MGUser -UserID <ValueInUserIDPropOfHash> – Carter. This example. The users and contacts that report to the user. Using Get-Help is another way of knowing what the cmdlet can do, the supported parameters, and each parameter value type. Note: The beta version of the Graph API is unsupported. All. Example 1: Retrieve contact objects in the directory. For each user, it will output the LicenseSKU with the service plan in it. ReadWrite. Retrieve a specific Azure AD user sign-in event for your tenant. Users Get-MgUser -Filter "accountEnabled ne true" -CountVariable CountVar -ConsistencyLevel eventual Read the SDK. After run: Select-MgProfile -Name "beta",. Return all IDs for the groups, administrative units, and directory roles that a user, group, service principal, organizational contact, device, or directory object is a member of. Hello @Shashi Shailaj , here an update and answer to my first question. Mail # A UPN can also be used as -UserId. If in doubt, check the documentation! Obfuscation. Get-MgUser from a specific department Connecting to the Graph SDK. For sure you should be building your CSV manually, you can create objects and the pass them through the pipeline to Export-Csv to parse them for you. Run the below PowerShell command. Actions module, you need to pass an empty arround to -RemoveLicenses, otherwise you will get an error: Set-MgUserLicense_AssignExpanded: One or more parameters of the function import 'assignLicense' are missing from the. Type: SwitchParameter: Position: Named: Default value: None: Required: False: Accept pipeline input: False: Accept wildcard characters:これまでユーザー情報の取得にし使用していた Get-MsolUser や Get-AzureADUser コマンドは、 Get-MgUser コマンドに置き換えられます。ここでは様々なシナリオでユーザーを取得する方法についてご紹介します。 テナントの全ユーザーを取得し. 1 person found this answer helpful. Shown. Group-based licensing in Microsoft Entra ID, part of Microsoft Entra, is available through the Azure portal. Using the Microsoft. I don't know where I'm. 1 answer. For instance, to find all the accounts assigned a specific SKU, you can use a command like: For instance, to find all the accounts assigned a. Getting all users and their last login via graph API. Report the date for each user (Figure 1 shows an extract). Inputs. Bear in mind that Microsoft Graph and AAD use the Id attribute rather like AD uses the SamAccountName. Get list of AzureAD users by licence type 1 minute read March 2021. For information on hash tables, run Get-Help about_Hash_Tables. In our example, we want to delete the user account Megan. @kudlatiger To stay within the question, you can filter the graph result by display name to get the activity for a single user. The Get-MgUser cmdlet is a good way to select a set of Azure AD accounts for processing. Get the list of Booking calendars from this Microsoft Graph API. com. All (Application) – Get user details. Graph Explorer: Get-MgUser:Import-Module Microsoft. any help or suggestion would be really appreciated. See examples of how to filter, search, and select properties from the users with PowerShell. INPUTOBJECT <IUsersIdentity>: Identity Parameter. com”. PowerShell. Get the properties and relationships of a device object. Example 1: Code snippet. PowerShell. Run Install-Module with -AllowClobber and -Force parameters if you run into command name conflicts when upgrading to older versions of the module. Photos can be any dimension if they are stored in Azure Active Directory. This function. "get-mailboxstatistics | select LastLogonTime" is today, because "(Get-MgUser -UserId <guid> -Select SignInActivity). Install-Module Microsoft. Returns the user or organizational contact assigned as the user's manager. Microsoft Graph PowerShell module is published on PowerShell Gallery. LastPasswordChangeTimestamp. Import-Module Microsoft. Microsoft 365 admins can update the properties of a user using the ‘Update-MgUser’ cmdlet as demonstrated below. When you run Connect-MgGraph to connect to the Graph, it’s wise to specify the identifier of the tenant to which you want to connect. The Get-MgUser that comes with the Microsoft. Update-MgUser -UserId <user ID> -PasswordPolicies DisablePasswordExpiration. SignInActivity. com" -UsageLocation US If you use the Get-MgUser cmdlet without using the -All parameter, only the first 100 accounts are returned. There is a good guide to using that here: Office 365 for IT Pros – 23 Mar 22 Delete and Recover Azure AD User Accounts with PowerShell. To view the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox or Get-MailUser). To check, run the Get-MgUser cmdlet to examine the AssignedLicenses property for the account. Graph. Getting all users and their last login via graph API Ask Question Asked 1 year, 8 months ago Modified 5 months ago Viewed 19k times Part of Microsoft Azure. PSObject. com' | Select-Object DisplayName, UserPrincipalName, AssignedLicenses, AssignedPlans, LicenseAssignmentStates, LicenseDetails Returns empty attributes. Get-MgUser -All -Property…Example #1 – Microsoft Graph PowerShell using Azure Automation account runbooks with Managed identity:. To do this: Run the Set-Label cmdlet to find all labels. Check if the account has “Expired” in custom attribute 14. Read". AggregateException,Microsoft. I am trying to make a powershell script that get's the user last sign in for the last 30 days but I am unable to due it only gets last sign in for the last 24 hours. If I run get-mguser -userid | fl many of the field are blank, even though I know they contain information. Graph. com -Property extension_<tenant>_info). INPUTOBJECT <IGroupsIdentity> : Identity Parameter [AttachmentId <String>] : The unique identifier of attachmentThe current replacement I have found Get-MGUser does not appear to make this information available. Install-Module Microsoft. Get-Mguser I know I might need to use Get-Mguser cmdlets but not sure how can I return only the soft-deleted user. Graph. Browse to Identity > Users > All users. Result: Get-MgUser : The term 'Get-MgUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Unfortunately, the results of running Get-MgGroupMember are simply a list of user Id’s, which is not meaningful to us humans,. Mail # A. Conclusion. Import-Module Microsoft. They are always empty, even if you explicitly specify them using the -Property parameter. Accounts need an initial password, so let’s create one to use for our new account. The chat session ID must be used between these parties specified in the chat body. The slowest part of you script would be the individual Get-MgUser for each user in the CSV that would create one request for every user which isn't need because you can get all the information you after from the first request. (do note that if you want other properties in the output, you also have to specify them, i. Read-only. I need to know exactly if there are any users who haven't used M365 for 30 days or 180 days. The second is the New-MgUser cmdlet from the Microsoft Graph PowerShell SDK. Ensure the System assigned tab is selected. Step 2. For information on hash tables, run Get-Help about_Hash_Tables. But it is also possible to get Graph to only return user objects matching specific criteria for the above properties. Get the properties and relationships of a group object. Connect and share knowledge within a single location that is structured and easy to search. This property contains the LastSignInDateTime property that stores the last recorded login time of. g. IComponents103UmuuRequestbodiesAssignlicenserequestbodyContentApplicationJsonSchema. SignInActivity" is null. Get-Help Get-MgUser -Detailed Finding available commands. If I run the above over and over I get one of 2 results back that show diferent results. This function is transitive. 1. com MailNickname : BobKTAILSPIN. com). com'" Check the output to make sure the user you invited is listed, with a user principal name (UPN) in the format emailaddress#EXT#@domain. JSON, CSV, XML, etc. Request. Sanity check - see what the value of the custom attribute currently is for all users and a single user // all users - these do not work: Get-MgUser | Format-List. To soft-delete an Azure AD user account, use the Remove-MgUser cmdlet with Microsoft Graph PowerShell. First, explicitly request the Department property: Get-MgUser -UserId 821d8474-bc34-4671-9a4f-7573601e6285 -Property Department | select Department. Import-Module Microsoft. Get-MgUser is the preferred command to use to find information about your users through a command line interface. You can get the user id by running (Get-MgUser -userID [email protected]. To create the report including all users and their licenses, follow the below steps: 1. Update-MgUser -UserId <UserID>-UsageLocation 'US'-CompanyName 'Contoso'-City 'Denmark'-Department 'Development' The above cmdlet only changes a few of the properties. 1 when there are more than ~250 pages to be fetched. Users Get-MgUser -Filter "startswith(givenName, 'J')" Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance. Specifies a count of the total number of items in a collection. Assigning licenses to user accounts. e. Updating the SDK. Maybe rename the. PowerShell scripts often begin by finding a set of Azure AD user accounts or Exchange mailboxes to process. Examples Example 1: Get all users PS C:> Get-MsolUser. Models. Entra ID is a cloud-based identity and access management service that helps users to access the resources they need. All permission. Microsoft 365 generates a ton of data about user activity that’s surfaced in the reports section of the Microsoft 365, SharePoint Online, and Teams admin centers. Users Get-MgUser. PowerShell. If you want to find all disabled users in your Azure AD environment, use the command below: Get-MgUser -All -Filter 'accountEnabled eq false'. I have a shell for the function built out, but I am. But if you’re expecting the power of the Get-ADUser LdapFilter switch or the PowerShell expression language Filter switch, then you’re in for a sad surprise… The Get-MgUser filter uses OData v3, which is overly complex and lacks lots of functionality. Mail # A UPN can also be. Get-MgUser {DeviceManagementApps. When trying to filter "isInteractive" as false I get a empty report. > Get-MgUser -UserId "[email protected]. more details can be found in my tutorial How To Use Get-MgUser with Microsoft Graph PowerShell, although the tutorial goes into the Get-MgUser cmdlet, the same concepts apply to Get-MgGroup. Parameters-All. LastSignInDateTime but the value returned is not… In order to get he users with account enabled in microsoft graph check the following: Install-Module Microsoft. The first is the New-AzureADUser cmdlet from the Azure AD module. Since this utilizes Microsoft Graph and REST APIs in the backend, it can work extremely fast with PowerShell 7 and Foreach-Object -Parallel. 2023 and is referring to Graph. Member. Hello, I am trying to load the users Last sign-in date/times as these are displayed in Azure AD, for example: And trying to get this with microsofr. Try running the follow PowerShell: Get-MgUser -Property Id, DisplayName, UserPrincipalName, AccountEnabled | select Id, DisplayName, UserPrincipalName, AccountEnabled Step 3. Here's what I have so far: `PS C:\Users\Richa> Find-MgGraphCommand -command Get-MgUser | Select -First 1 -ExpandProperty Permissions Name IsAdmin Description FullDescription Directory. Identity. Please sign in to rate this answer. Parameters-All. To create the parameters described below, construct a hash table containing the appropriate properties. Retrieve. Improve this answer. Thank you for your time and patience throughout this issue. com has access to from the first license that's assigned to her account (the index number is 0). 5,000 1 1 gold badge 37 37 silver badges 39 39 bronze badges. In the context of the Microsoft Graph API, this means that Microsoft may change, break, redirect or even remove functionality without notifications. Get-MgUser -Filter "CreatedDateTime ge $((Get-Date). g: Get-MgUser -Search "Yuriy Samorodov" so it would work like Get-ADUser -LDAPFilter "(anr=Yuriy)" AB#7925In this article Syntax Revoke-Mg User Sign InSession -UserId <String> [-WhatIf] [-Confirm] [<CommonParameters>] Revoke-Mg User Sign InSession -InputObject <IUsersActionsIdentity> [-WhatIf] [-Confirm] [<CommonParameters>] Description. Read. This way, you know which user has a certain license capability and from what bundle it originates. ps1","path":"MsGraph/Add-UserToAzureApplication. Microsoft. Get the signed-in user. The. Graph. For information on hash tables, run Get-Help about_Hash_Tables. To get list of all users and their current password expiration policy activation status, run the below command: PowerShell. Get-MgContext | select -ExpandProperty scopes . In both cases, you must get consent similar to that below, and on accepting it, you will be connected to Graph Module. Users. INPUTOBJECT <IUsersIdentity>: Identity Parameter. Graph. Models. Get all the mailbox settings of the signed-in user's mailbox that include settings for automatic replies, date format, locale (language and country/region), time format, time zone, working hours, and user purpose. LastSignInDateTime but the value returned is not…In order to get he users with account enabled in microsoft graph check the following: Install-Module Microsoft. The Get-MgUser command comes with a filtering function just like, e. This is a place to get help with AHK, programming logic, syntax, design, to get feedback, or just to rubber duck. INPUTOBJECT <IUsersIdentity>: Identity Parameter [AttachmentBaseId <String>]. If you're trying to get the SignInActivity. Get-MgBetaUser. Get-MgUser > This cmdlet will retrieve users in your tenant. But it is also possible to get Graph to only return user objects matching specific criteria for the above properties. Users Get-MgUser -Property "id,displayName,onPremisesExtensionAttributes" Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance. By default, Connect-MgGraph targets the global. Get-MgUser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName, @{ N = "PasswordNeverExpires"; E = { $_. Users CMDLET, I can get user info from our directory with Get-MgUser command, but cannot -Select more than. The Microsoft Graph API now supports the resource property signInActivity in users end-point, this resource exposes the lastSignInDateTime property which shows the last time a user made a successful sign-in. User. 1 Answer Sorted by: Reset to default 0 Thanks all for your responses, as it seems the answer is you couldn't supply the Graph. This is not returned by default, one needs to use the select operator. Get-MgUserOwnedDevice -UserId $userId. 0. Read. It. IPaths18H5WxmUsersUserIdMicrosoftGraphGetmembergroupsPostRequestbodyContentApplicationJsonSchema. Get-MgUserPhoto: Get the specified profilePhoto or its metadata (profilePhoto properties). The slowest part of you script would be the individual Get-MgUser for each user in the CSV that would create one request for every user which isn't need because you can get all the information you after from the first request. Get-MGUserAuthenticationMethod -userid abbie. Whale In this article. Instead, you should use the Microsoft Graph. 2. We aim to deliver world-class solutions with our team of expert Consultants, Project Managers and Architects across Data & AI, Apps, Security and. onmicrosoft. peters@activedirectorypro. This command works because you allowed the application to use the `User. Focus on what really matters and build scripts to automate your work instead of worrying about throttling, retries, redirects, and authentication. 1. 0 of the Graph API. Faris Malaeb. Thanks for reaching out. You switched accounts on another tab or window. Example 2: Get enabled usersThese cmdlets include Get-MgUser, Get-MgGroup, and Get-MgTeam (beta only). Hello, I am trying to load the users Last sign-in date/times as these are displayed in Azure AD, for example: And trying to get this with microsofr. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs. Open the toolkit, Click on Export Users and click Run. Get-MgUser -Filter "department eq 'Marketing'" Then add in startswith to find marketing users who have a display name starting with ‘A’: Get-MgUser -Filter "(department eq 'Marketing') and (startswith(DisplayName,'A'))" Finally, we add another filter to exclude the user account with the email address “AllanD@M365x18562375. Scripts written in Azure AD PowerShell won't automatically work with Microsoft Graph PowerShell. 0. x:The Set-MgUserLicense cmdlet can be found in the Microsoft.