Sample Microsoft 365 and Office 365 PowerShell Scripts
Finding PowerShell scripts to help automate common Microsoft 365 processes can be hard work. As part of the development of the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks or to support the creation of blog posts, we write a lot of PowerShell scripts. The code is intended to demonstrate how things work or how to accomplish tasks. Some years ago, we started to put the scripts in our GitHub repository. Feel free to download and use the scripts with the caveats that:
- These are not production-ready scripts. You’ll need to do some work to prepare the code for use in your environment. For instance, the scripts include basic error handling. We also don’t tend to write code in functions because we’re trying to show how to get work done without attempting to educate everyone to be professional programmers.
- Always distrust PowerShell code downloaded from the internet. Never run anything in production until you’ve tested the code.
- We write the code when we are investigating a topic. Sometimes we go back and revisit code if we need to, such as someone prompting us with a question. We do not always use the latest and greatest technique in scripts to perform certain tasks, such as the fastest way to find individual groups. We keep programming recommendations updated in the Automating Microsoft 365 with PowerShell eBook.
Now that you understand the rules of the game, here are details of some of the scripts in the repository (feel free to improve our code). We’ve noted where you can find more information about the concepts illustrated in a script in an Office 365 for IT Pros article. Many of the scripts are referenced in the Automating Microsoft 365 with PowerShell eBook.
The Scripts
Each PowerShell script in the Office 365 for IT Pros GitHub repository is listed below with a summary of its purpose. The script names are hyperlinked to the GitHub source code for reference:
| Script | Purpose |
| Add-ContactsToMailboxes.PS1 | Bulk-adds specified contact entries to all users’ mailbox contact lists. |
| Add-OwnerstoApps.PS1 | Ensures every Azure AD application has assigned owner(s) by adding owners to orphaned apps. |
| AddTeamstoGroupsExpirationPolicy.ps1 | Includes all Teams (Microsoft 365 Groups) in the tenant’s group expiration policy to enforce lifecycle management. |
| Analyze-ExternalCalendarMeetings.PS1 | Analyses users’ calendars to find meetings involving external participants (to gauge external collaboration). |
| Analyze-MTHistoricalLogs.PS1 | Analyses historical Message Trace logs for email traffic patterns or issues. |
| Analyze-MailTraffic.PS1, Analyze-MailTrafficUsers.PS1, Analyze-MailTrafficWithGraph.PS1, MailTrafficStatistics.PS1 | Analyse Exchange Online email traffic (e.g., count of messages sent/received per user or domain, with newer versions using Graph API for data). |
| Analyze-TeamsExternalChats.PS1 | Analyses Teams chat data to identify conversations with external (federated) users. |
| Analyze-TeamsMeetings.PS1 | Analyses Teams meeting usage (e.g., number of meetings, participants, durations) for usage insights. |
| AnalyzeSendAsAuditData.ps1 | Analyses “Send As” email events in audit logs to identify who sent emails on behalf of other accounts. |
| AnalyzeSensitivityLabelUsage.PS1 | Analyses how sensitivity labels are used across emails and documents in the organisation (to track label adoption). |
| Apply-ExcludeAllHoldstoInactiveMailboxes.PS1 | Excludes inactive (former employee) Exchange mailboxes from all legal or retention holds, allowing them to be removed. |
| Apply-SensitivityLabels.PS1 | Applies a specified sensitivity label to a batch of emails or documents automatically. |
| ArchiveMicrosoft365Groups.PS1 | Changes designated Microsoft 365 Groups (and their Teams) to an archived state (read-only mode). |
| Assign-LicensesViaCSV.PS1, Assign-MultipleLicenses.PS1 | Bulk-assign Microsoft 365 licences to users (from a CSV input or assigning multiple licence SKUs at once per user). |
| AssignColorsSensitivityLabels.PS1 | Demonstrates assigning colour categories to sensitivity labels for easy visual identification. |
| AssignLocalLanguageStringsSensitivityLabels.PS1 | Adds or updates localised (multiple language) label names and descriptions for sensitivity labels. |
| AuditRecordAuditLabel.PS1 | Retrieves audit log records related to applying or changing retention/audit labels on emails (for compliance auditing). |
| AuditRecordsTeamsMeetings.PS1 | Extracts audit log events for Microsoft Teams meetings (to review meeting creations and activities). |
| AuditRecordsTeamsRecordingsUploads.PS1 | Retrieves audit events for Teams meeting recordings being uploaded (to track meeting recording usage). |
| AuditSPOOperationsByUser.PS1 | Retrieves SharePoint Online audit events performed by a specified user (to review their actions on sites and files). |
| Auto-ApplyRetentionLabels.PS1 | Demonstrates automatically applying retention labels to content based on criteria or events (to enforce data retention policies). |
| AzureAutomation-FindRemoveTeamsChats.PS1 | An Azure Automation runbook script to find and remove certain Teams chat messages (for compliance or cleanup tasks). |
| AzureAutomationAddMembersTeamChannels.PS1 | Azure Automation script to add members to Microsoft Teams channels (e.g., to automate channel membership tasks). |
| AzureAutomationGroupsExpirationReport.PS1 | Azure Automation runbook that generates and possibly emails a report of Microsoft 365 group expiration status. |
| Check-AuditRecordsMFA.PS1 | Checks Azure AD sign-in audit logs for multi-factor authentication events or anomalies. |
| Check-CopilotLicenseDetails.PS1 | Retrieves details of Microsoft 365 Copilot licence assignments and service plan enablement for users. |
| Check-SensitivityLabelsGroups.PS1 | Verifies whether Microsoft 365 Groups have sensitivity labels applied (ensuring group classification compliance). |
| Check-SharedMailboxQuotas.PS1 | Checks the storage usage of all shared mailboxes against their quotas, highlighting those near or over capacity. |
| Check-SharedMailboxes.PS1 | Audits the configuration of shared mailboxes (e.g., identifying all shared mailboxes and checking settings or anomalies such as improper permissions). |
| Check-SharedMailboxesForMDO.PS1 | Ensures shared mailboxes are properly covered by Microsoft Defender for Office 365 (MDO) policies (identifies shared mailboxes lacking threat protection coverage). |
| Check-SignInsUtilityAccounts.PS1 | Checks Azure AD sign-in logs for activity by utility/service accounts, to detect unexpected logins or usage. |
| CheckAuditEventsRunbook.PS1 | Azure Automation runbook to regularly check for specific audit log events and alert or respond if they occur. |
| CheckRetentionPolicyUpdates.PS1 | Checks if any retention policies have been recently changed, and reports those changes for compliance tracking. |
| CleanUpMailbox-Graph.PS1 | Cleans up old or unwanted email items from mailboxes using Microsoft Graph (automating deletion/archival of emails beyond certain dates or criteria). |
| ComplianceSearchPartiallyIndexedItems.ps1 | Runs a compliance content search to find partially indexed (unindexed) items in Exchange/SharePoint (ensuring eDiscovery can account for those items). |
| Convert-AccountToInternal.PS1 | Converts an external (guest) Azure AD user account into an internal member account. |
| Convert-TeamsBackgroundFilesV2.PS1 | Converts or resizes a set of images to be suitable as custom background images for Microsoft Teams meetings. |
| ConvertDDLM365Group.PS1 | Converts a Dynamic Distribution List (DDL) into a Microsoft 365 Group (for unified collaboration features). |
| ConvertDLtoO365Group.PS1 | Converts a traditional Exchange distribution list into a Microsoft 365 Group. |
| ConvertMailContactsGuests.PS1 | Converts Exchange mail contact objects into Azure AD guest user accounts (to better integrate external contacts as guests). |
| Copy-GroupsFromOneUsertoAnother.PS1 | Copies all group memberships from one user to another user (useful for onboarding or replacing employees). |
| Create-DDLBasedOnSMTPAddresses.PS1 | Creates a Dynamic Distribution List based on a set of email addresses or domains (to include members by email patterns). |
| Create-EntraIDDynamicAUs.PS1 | Creates new dynamic Administrative Units in Entra ID (Azure AD), each with membership rules. |
| Create-EntraIDDynamicGroups.PS1 | Creates new dynamic Azure AD groups with specified membership queries (rules-based group creation). |
| Create-NewConditionalAccessPolicy.PS1 | Programmatically creates a new Azure AD Conditional Access policy with given settings. |
| Create-NewsItemsFromRSSFeed.PS1 | Uses an RSS feed to generate news posts (e.g., creating items on a SharePoint news page) for automated news publishing. |
| CreateCSVFilesForSKUsAndServicePlans.PS1 | Exports all available Office 365 licence SKUs and their service plan components into CSV files for reference. |
| CreateNewAzureADAccount.PS1 | Automates the creation of a new Azure AD user account (setting attributes and initial licences). |
| DecryptProtectedSPODocuments-Graph.PS1, DecryptProtectedSPODocuments.PS1 | Decrypts rights-protected (IRM-protected) documents stored in SharePoint Online (one version using Microsoft Graph, one using older CSOM/PowerShell methods). |
| Disable-CopilotStudio.PS1 | Disables the Microsoft 365 Copilot Studio feature in the tenant (preventing its use by users). |
| Disable-EntraApp.PS1 | Disables an Azure AD application (client app) to block its ability to sign in or access resources. |
| Disable-JunkEmailOptions.PS1 | Turns off the Outlook “Junk Email” filter in mailboxes, so that only server-side spam filtering is applied (preventing client-side rule conflicts). |
| Disable-PowerShellAdmins.PS1 | Removes or disables accounts with high-privileged “PowerShell admin” access to reduce potential security risks. |
| Enable-AllExchangeAuditEvents.PS1 | Enables all possible mailbox auditing events in Exchange Online for comprehensive auditing of mailbox activities. |
| EnableMicrosoft365GroupCreationControl.PS1 | Updated the directory setting to restrict and manage who can create new Microsoft 365 Groups (implements a group creation control policy). |
| Export-WordtoPDF.PS1 | Batch converts Word documents (.docx) to PDF files. |
| FetchServiceMessagesGraph.ps1 | Retrieves Microsoft 365 Message Center posts (service communications) via the Graph API. |
| Find-AddMemberEvents.PS1 | Searches the audit log for events where new members were added to Microsoft 365 Groups/Teams (tracks who added whom to which group). |
| Find-AuditEventsForUser.PS1 | Searches the unified audit log for all actions related to a specific user (to audit that user’s activities). |
| Find-CandidateCopilotUsers.PS1 | Identifies users who might be good candidates for Microsoft 365 Copilot (e.g., based on usage patterns or licence availability). |
| Find-ConnectionsM365AdminCenter.PS1 | Looks for evidence of administrative logins/sessions in the Microsoft 365 Admin Center (in audit or sign-in logs). |
| Find-CopilotAuditRecords.PS1 | Searches audit logs for events related to Microsoft 365 Copilot usage. |
| Find-CopilotInteractions-Graph.PS1 | Uses the Graph API to find and retrieve records of user interactions with Microsoft 365 Copilot (e.g., conversations or prompts). |
| Find-DevicesFromSignInLog.PS1 | Extracts device information from Azure AD sign-in logs (to identify which devices were used by users). |
| Find-FilesWithDownGradedLabels.PS1 | Identifies documents where a user downgraded a sensitivity label (replacing a higher-classification label with a lower one). |
| Find-GraphPermissions..PS1 | Lists the Microsoft Graph API permissions (OAuth scopes) granted in the tenant and their details. |
| Find-GroupsNoOwnersOrMembers.PS1 | Finds Microsoft 365 groups or Teams that have no owners or no members (or otherwise incomplete membership configuration). |
| Find-InActiveDLs90.PS1, FindInactiveDLs.PS1 | Identifies distribution lists with no recent activity (e.g., unused distribution groups in the last 90 days). |
| Find-InactiveEmailUsers.PS1 | Finds user mailboxes that have had no email activity for a certain period (to pinpoint inactive mail users). |
| Find-InactiveGuestsWithAudit.ps1 | Identifies guest accounts that show no activity in audit logs over a specified timeframe (likely inactive guest users). |
| Find-JunkEmailDomains.PS1 | Scans users’ mailbox junk email (blocked sender) lists to compile a list of domains that are commonly blocked. |
| Find-LastAccessedDateDocuments.PS1 | Scans documents in SharePoint/OneDrive to find the last accessed date for each, helping identify stale or unused files. |
| Find-LoopAppUsers.PS1 | Finds which users are using the Microsoft Loop application (or have the Loop app enabled). |
| Find-TargetedCollectionFolders.PS1 | Identifies mailbox folders that are included in specific eDiscovery (Compliance) search actions (targeted collection cases). |
| Find-TeamsChannelsWithWebSites.PS1 | Finds Teams channels that have a website tab configured (listing channels with website tabs and their URLs). |
| Find-TeamsForUser.PS1 | Lists all Teams that a given user is a member of. |
| Find-UnderUsedCopilotLicenseswithAudit.PS1, Find-UnderusedCopilotLicenses.PS1 | Identifies Microsoft 365 Copilot licences that are assigned but not actively used (optionally using audit data for accuracy). |
| Find-UnusedProxyAddresses-10days.PS1, Find-UnusedProxyAddresses-90days.PS1 | Finds proxy (secondary email) addresses not used in email sending/receiving within the last 10 days or 90 days, respectively (for potential cleanup). |
| Find-UnusedServicePrincipals.PS1 | Identifies Azure AD service principal accounts (application identities) that have not been used recently, for potential cleanup. |
| FindAccountsWithForwarding.PS1 | Finds mailboxes or accounts that have email forwarding enabled (especially external forwarding) for security auditing. |
| FindAppConsentGrants.PS1 | Lists all OAuth app consent grants in the tenant (which third-party apps have user or admin consent and their permissions). |
| FindAzureADDirectConnectSignIns.PS1 | Searches sign-in logs for Azure AD Direct Connect authentication events (to identify usage of the Seamless SSO/Direct Connect feature). |
| FindBadGuestsFromBlockedDomains.PS1 | Finds guest user accounts whose email domains are on a blocked-domain list (unapproved external domains). |
| FindCrucialSendAndSearchRecords.PS1 | Searches audit logs for critical email send and mailbox search events (for forensic or compliance investigations). |
| FindDeletedEmailAuditRecords.PS1 | Retrieves audit log records of email deletion events (to see when and by whom emails were deleted). |
| Fix-ProxyEmailAddresses.PS1 | Fixes formatting or consistency issues in users’ proxy email addresses (SMTP aliases) in Azure AD/Exchange. |
| GenerateTeamsDirectory-Graph.Ps1, GenerateTeamsDirectory.ps1 | Generates an inventory of all Teams in the organisation (and their details), storing the directory in a SharePoint list (with versions using Graph API or classic methods). |
| Get-AuditRecordsTaggedSPOFiles.PS1 | Retrieves audit log records for SharePoint Online files that have been tagged or labelled (e.g., with sensitivity or retention labels). |
| Get-CopilotAuditRecords.PS1 | Collects audit records specifically related to Microsoft 365 Copilot activities. |
| Get-GraphPermission.PS1 | Looks up detailed information about a Microsoft Graph API permission (e.g., by permission name or ID). |
| Get-GraphUserStatistics.PS1 | Gathers usage statistics for users (e.g., activity counts, storage usage) via Microsoft Graph. |
| Get-IPGeolocation.ps1 | Looks up geographic location information for IP addresses (to interpret where login attempts or activities originated). |
| Get-LabelsAndCheckMicrosoft365Groups.PS1 | Lists available sensitivity labels and checks Microsoft 365 Groups to see if they have a label assigned (comparing group settings against label policies). |
| Get-MgAuditRecords.PS1 | Retrieves unified audit log records using the Microsoft Graph PowerShell SDK (alternative to using Search-UnifiedAuditLog). |
| Get-ServiceAlertsGraph.ps1 | Fetches Office 365 service alerts or Message Center posts via the Graph API. |
| Get-ServiceHealthInformation.PS1 | Retrieves current Office 365 service health status information (service uptime/incidents). |
| Get-TenantUserCount.PS1 | Counts the number of user accounts in the tenant (possibly broken down by type or licence status). |
| Get-UsersWithPhoneMFAMethod.PS1 | Lists all users who have registered a phone number as their MFA method. |
| GetAzureADAccessReviewDetailsGraph.PS1 | Retrieves details of Azure AD Access Reviews via Microsoft Graph (such as decisions and outcomes of access reviews). |
| GetBingImagesTeamsBackgrounds.PS1 | Downloads Bing daily images and prepares them to be used as Microsoft Teams background images. |
| GetGraphUserStatisticsReport.PS1 | Generates a report of user activity statistics using Microsoft Graph data (likely an expanded version of Get-GraphUserStatistics with formatted output). |
| GetHoldsOnMailbox.PS1 | Shows which eDiscovery or litigation holds are placed on a given mailbox (for compliance purposes). |
| GetLastActiveTimeMailboxes.PS1 | Reports the last activity time (last logon or item access) for each mailbox in the organisation. |
| GetPlansForUser-DeviceCode.PS1, GetPlansForUser.PS1 | Retrieves the Microsoft Planner “plans” associated with a user, with one version using device code authentication for non-admin use. |
| GetPowerAutomateFlows.PS1 | Lists all Power Automate (Flow) workflows in the tenant and their owners or statuses. |
| GetServicePrincipalSignIns-Graph.PS1 | Retrieves sign-in log data for service principals (applications) via Graph, to audit app logins. |
| GetTeamsReactions.PS1 | Collects data on the use of reactions (emoji reactions) in Teams messages across the tenant. |
| GetTenantFeatureUpdatesGraph.PS1 | Checks for any new Microsoft 365 features or updates enabled in the tenant via Graph (possibly to see preview features or feature flags). |
| GetUserSignInDataGraph.PS1, GetUserSignInDataGraphSDK.PS1 | Retrieves Azure AD user sign-in data (login history) via Microsoft Graph, with one version using direct API calls and another using the Graph SDK. |
| HideGroupsUsedByTeams.PS1 | Hides Microsoft 365 Groups that are associated with Teams from the Global Address List (to prevent clutter in Outlook address books). |
| LastLoggedOnByExternalUsers.ps1 | Reports the last login time of external (guest) users on various resources (like shared mailboxes or sites they have access to). |
| MFAReportMailboxes.ps1 | Reports which user mailboxes (or mailbox owners) have multi-factor authentication enabled or disabled. |
| Migrate-UserProfileCardSettings.PS1 | Migrates custom user profile card attributes/configurations from one Microsoft 365 tenant to another. |
| Monitor-TeamsMemberAdditions.PS1 | Monitors and logs whenever new members are added to Teams (for audit or notifications of team membership changes). |
| New-AccountTrackingAzureAutomation.PS1 | Azure Automation runbook script to track newly created user accounts (e.g., logging or notifying when new accounts are added to the tenant). |
| New-RetentionPolicySharedMaiboxes.PS1 | Creates a new Exchange Online retention policy specifically for shared mailboxes. |
| New-TeamsChannelMeeting.PS1 | Schedules a new meeting in a specified Microsoft Teams channel via PowerShell. |
| Populate-TeamsDirectorySPOList-Graph.PS1, Populate-TeamsDirectorySPOList-Pnp.PS1 | Populates a SharePoint list with an inventory of all Teams (including details like Team name, owners, etc.), using either Microsoft Graph or PnP PowerShell. |
| Populate-TeamsExternalAccess.PS1 | Gathers or records information about external (federation) access settings for Teams (e.g., which external domains are allowed or have activity with your Teams). |
| PopulateOrgContacts.PS1 | Creates or updates organisation-wide contact objects (shared contacts) in Exchange Online from a source (e.g., a list of external contacts). |
| PopulateTeamSharedChannel.PS1 | Adds members from other teams or organisations to a Microsoft Teams shared channel (to set up cross-team/channel membership). |
| PopulateTeamsHolidays.PS1 | Configures holiday settings in Teams (e.g., setting holiday schedules for Teams voice/auto-attendants or posting holiday calendar info). |
| Post-ItemsToHTTPWorkFlow.PS1 | Sends data or notifications to an HTTP endpoint (e.g., triggering a Power Automate flow or webhook with some content). |
| PostNewMicrosoft365RoadmapItems.ps1 | Checks the Microsoft 365 Roadmap for new items and posts announcements about newly added features (for example, via email or Teams). |
| Process-ExpiryGuestAccounts.PS1 | Processes guest accounts that have an expiration date by removing or renewing those that have expired. |
| Provision-OneDriveAccounts.PS1 | Provisions OneDrive for Business accounts for users who do not yet have a personal SharePoint site (pre-creating user OneDrive sites). |
| Purge-ComplianceSearchItems.PS1, PurgeMessagesWithContentSearch.PS1, PurgeMessagesWithSearchMailbox.PS1 | Bulk deletes email messages from mailboxes based on specified search criteria, using either the newer Compliance Center search or the older Search-Mailbox cmdlet. |
| Query-CopilotGraph.PS1 | Demonstrates how to query the Microsoft 365 Copilot Graph API for information (e.g., to retrieve data on Copilot usage or status). |
| Remove-InactiveUserAccounts.PS1 | Removes user accounts that have been inactive or not used for a long period, to clean up the directory. |
| Remove-LicensesDisabledAccounts.PS1 | Removes (revokes) all Office 365 licences from user accounts that are disabled, freeing those licences. |
| Remove-Microsoft365UserAccount.PS1 | A script to permanently delete a specified Microsoft 365 (Azure AD) user account and related data (with appropriate checks). |
| Remove-ObsoleteMobileDevices.PS1 | Removes mobile device partnerships that are obsolete (devices that haven’t connected for a long time), to clean up the mobile device list. |
| Remove-PermissionsSharedMailbox.PS1 | Strips all delegated access permissions from a shared mailbox (to lock it down or before reassignment). |
| Remove-PostsTeamChannel.PS1 | Bulk-removes or purges messages in a Microsoft Teams channel (e.g., to clean up conversation history). |
| Remove-UtilityMessagesFromMailboxes.PS1 | Removes automated or utility email messages from user mailboxes (to reduce clutter, such as redundant notifications). |
| RemoveKaizalaServicePlans.PS1 | Disables or removes the Kaizala service plan from user licences (since Kaizala is deprecated and replaced by Teams). |
| RemoveServicePlan-MgGraph.PS1, RemoveServicePlan.PS1, RemoveServicePlan2.PS1, RemoveServicePlan3.PS1 | Variants of scripts to remove a specific Office 365 service plan (licence component) from users’ licence assignments (evolving approaches using different modules or Graph API). |
| RemoveVivaEngageCoreServicePlan.PS1 | Removes the Viva Engage Core service plan from user licences (if not needed, e.g., to disable the Viva Engage/Yammer service). |
| RenameMicrosoft365GroupsNamingPolicy.PS1 | Renames existing Microsoft 365 Groups to comply with a new naming policy (ensuring group names meet updated standards). |
| Report-AURolesAndMembers.PS1 | Reports on Administrative Unit (AU) roles in Azure AD and lists their members. |
| Report-ActivityAlertAuditEvents.PS1 | Gathers events that triggered Activity Alerts in Office 365 (a summary of alerts raised by preset monitoring rules). |
| Report-AdaptiveScopes.PS1 | Lists any Adaptive Policy Scopes defined for Purview retention policies (and their details). |
| Report-AllEmailProxyAddresses.PS1 | Collects all email proxy addresses (aliases) for every mailbox/user in the organisation (useful for address management). |
| Report-AppAuditEvents.PS1 | Reports on audit events generated by Azure AD integrated applications (app-related activities in the audit log). |
| Report-AppsAndServicePrincipals.PS1 | Provides a list of all Azure AD applications and service principals in the tenant with details (to review app inventory and permissions). |
| Report-AuditEventsviaEmailRunbook.PS1 | Azure runbook script that compiles recent audit log events and sends them via email for periodic review. |
| Report-CalendarItems.PS1 | Produces a report on user calendar statistics or appointments (e.g., count of meetings per user or listing certain calendar items). |
| Report-ComplianceCaseHolds.PS1 | Lists all eDiscovery (Compliance) cases and details of any content holds associated with those cases. |
| Report-ComplianceRoleGroups.PS1 | Reports on the eDiscovery/Compliance Center role groups and their members (who has what compliance roles). |
| Report-ConditionalAccessPolicies.PS1 | Exports or lists all Azure AD Conditional Access policies and their settings in the tenant. |
| Report-ContainerManagementLabels.PS1 | Reports which sensitivity (classification) labels are configured for containers (like Teams sites/groups) and which groups/sites have them. |
| Report-CopilotInteractions.PS1 | Summarises Microsoft 365 Copilot usage interactions across the tenant (e.g., how often Copilot has been used). |
| Report-CopilotLicensedUsers.PS1 | Lists all users who have been assigned a Microsoft 365 Copilot licence in the tenant. |
| Report-CopilotUsageWithUserDetail.PS1 | Provides a detailed report of Microsoft 365 Copilot usage per user (which users have used Copilot and how often). |
| Report-DailySignIns.PS1 | Summarises daily sign-in counts for the tenant or specific apps (showing authentication trends over time). |
| Report-DelegatedPermissions.PS1, Report-DelegatedPermssions.PS1 | Summarises the delegated OAuth permissions (Graph API delegated permissions) granted to third-party apps in the tenant. |
| Report-DeletedEntraIDObjects.PS1 | Reports on recently deleted Azure AD (Entra ID) objects (such as users or groups) for review or recovery purposes. |
| Report-EnforcedTimeStamps.PS1 | Identifies any content or policies where specific time-stamps are enforced (e.g., retention labels with event-based retention triggers). |
| Report-EntraIDGoveranceCosts.PS1 | Reports metrics related to Entra ID (Azure AD) governance, potentially including licensing usage or cost implications of governance features. |
| Report-EntraIDGuestSponsors.PS1 | Lists all guest users in the tenant along with their internal sponsor (the user who invited each guest). |
| Report-EntraRegisteredDevices.PS1 | Provides a report of devices registered in Entra ID (Azure AD), including device details and ownership. |
| Report-ExoMailboxFolderStats.PS1 | Reports per-mailbox folder statistics in Exchange Online (e.g., number of items and size per folder). |
| Report-ExpiringAppSecrets.PS1 | Identifies Azure AD application client secrets that will expire soon, so administrators can renew them in time. |
| Report-ExpiringPasswords.PS1 | Lists user accounts with passwords that are nearing expiration (for tenants with password expiration policies). |
| Report-ExternalTenantAccessbyGuests.PS1 | Reports on cross-tenant activities by guest users (e.g., tracking when your tenant’s guests access resources in their home tenant or vice versa). |
| Report-FileSharingAuditEvents.PS1 | Compiles audit log events related to file sharing actions in SharePoint/OneDrive (to monitor sharing activities). |
| Report-GroupBasedLicenseCounts.PS1 | Provides a count of licences assigned via group-based licensing in Azure AD (how many users have licences from each group). |
| Report-GroupsTeamsActivity.PS1 | Reports activity levels for Microsoft 365 Groups/Teams (to identify inactive groups or measure usage). |
| Report-HardDeletedUserAccounts.PS1 | Lists user accounts that were permanently deleted (hard-deleted) from the tenant. |
| Report-InactiveTeamsByEmail.PS1 | Identifies Teams with no recent activity and emails a report (or notifies the Team owners/admin about inactivity). |
| Report-IndividualUserSessions.PS1 | For a given user, provides a detailed report of that user’s sign-in sessions (logon activities, session details). |
| Report-LabelChangesAuditRecords.PS1 | Retrieves audit records of changes to sensitivity or retention labels on content (who changed a label on what item and when). |
| Report-LastAppAccessedByUsers.PS1 | Reports the last application accessed by each user (which app each user last used, based on activity data). |
| Report-LastSuccessfulSignIn.PS1 | Shows the timestamp of each user’s last successful sign-in to the Microsoft 365 tenant. |
| Report-LoopWorkspaces.PS1 | Lists all Microsoft Loop workspaces in the tenant and possibly their owners or activity status. |
| Report-MRMTagsOnFolders.PS1 | Reports which Managed Retention (MRM) tags are applied to mailbox folders for users (to see per-folder retention settings). |
| Report-MailUsageDomains.PS1 | Summarises email traffic by domain (e.g., top external domains users are sending or receiving mail from). |
| Report-MailboxAuditingConfiguration.PS1 | Lists the auditing configuration of each mailbox (which audit actions are enabled for each mailbox). |
| Report-MailboxMessagesSDK.PS1, ReportMailboxItems-Graph.PS1 | Exports or reports on the email messages in mailboxes (with versions using Graph API or Graph SDK to retrieve messages). |
| Report-MailboxSizes.PS1 | Reports the sizes of all mailboxes in the organisation (and possibly usage vs quota). |
| Report-MailboxesEnabledForEWS.PS1 | Identifies which mailboxes have Exchange Web Services (EWS) access enabled (for reviewing legacy access). |
| Report-ManagedIdentityPermissions.PS1 | Lists all Azure AD Managed Identity accounts and their assigned Azure roles or permissions. |
| Report-ManagersAndDirectReportsGraph.PS1 | Produces a report of each manager in the organisation and their direct reports, using Graph data (a variation of reporting hierarchy). |
| Report-Microsoft365GroupsExpiration.PS1 | Lists Microsoft 365 Groups and their expiration status (for those governed by an expiration policy, showing next renewal or deletion date). |
| Report-MobileDevices.PS1 | Reports the mobile devices registered or connected in Exchange Online (for each user, listing device details). |
| Report-NonMFASignIns.PS1 | Identifies sign-in sessions where multi-factor authentication was not used (to pinpoint logins that might have bypassed MFA). |
| Report-OneDriveFiles.PS1 | Compiles a report on the files stored in users’ OneDrive accounts (e.g., number of files, total size, or other attributes per OneDrive). |
| Report-OneDriveUsage.PS1 | Summarises OneDrive storage usage for each user (how much storage each user’s OneDrive is consuming). |
| Report-PIMRoleAssignmentsByEmail.PS1 | Sends out a report via email of Azure AD Privileged Identity Management (PIM) role assignments (who has activated privileged roles over a period). |
| Report-PermissionConsentRequests.PS1 | Lists application permission consent requests in the tenant (requests made by users for admin approval of app permissions). |
| Report-Plans.PS1 | Lists all Microsoft Planner plans in the organisation and basic information or usage statistics for each plan. |
| Report-PrimaryArchiveFolderSizes.ps1 | Compares the size of users’ primary mailbox vs. their archive mailbox (reporting on storage usage in each). |
| Report-PriorityCleanupSPOAuditRecords.PS1 | Identifies certain SharePoint Online audit log records that may need priority cleanup or special attention. |
| Report-RecoverableItems.PS1, Report-RecoverableItemsPS.PS1 | Reports the contents or statistics of the Recoverable Items (mailbox “dumpster”) folder for mailboxes (to monitor soft-deleted item storage). |
| Report-RetentionLabelAssignments.PS1 | Lists retention label assignments across various content (which items or sites have which retention labels). |
| Report-RoleAssignments.PS1 | Lists all admin role assignments in the tenant (which users/service principals have which Azure AD admin roles). |
| Report-RoomMailboxUsage.PS1, Report-RoomMailboxUsage-AzureAutomation.PS1 | Reports usage statistics for room mailboxes (e.g., number of meeting bookings), with a variant for running as an Azure Automation runbook. |
| Report-SPOFileVersions.PS1 | Reports on the version history counts for files in a SharePoint document library (to identify files with many versions). |
| Report-SPOFilesDocumentLibrary.PS1 | Lists all files in a specific SharePoint Online document library (with details such as size or last modified date). |
| Report-ServicePlans.PS1 | Produces a report of all Office 365 licence service plans and possibly the count of users assigned to each. |
| Report-ServicePrincipalAssignments.PS1 | Reports Azure AD role assignments granted to service principals/applications in the tenant. |
| Report-ServicePrincipalConnections.PS1 | Lists OAuth connection or token flow details for service principals in the tenant (to audit inter-service connections or recently used credentials). |
| Report-ServicePrincipalsWithHighPermissions.PS1 | Identifies service principals (applications) that have high-privilege permissions (such as admin-level Graph API scopes) in the directory. |
| Report-SharedMailboxResponseTimes.PS1 | Measures how quickly shared mailboxes respond to received emails (e.g., average time taken to reply to messages sent to each shared mailbox). |
| Report-SharingAuditEvents.PS1 | Reports on sharing events recorded in the audit log (file or folder shares in SharePoint/OneDrive across the tenant). |
| Report-SharingOneDriveFiles.PS1 | Specifically reports on OneDrive file sharing activities and share links (to monitor external sharing from OneDrive). |
| Report-SitesWithDefaultSensitivityLabels.PS1 | Lists SharePoint sites that have a default sensitivity label applied. |
| Report-StreamAuditEvents.PS1 | Collects audit events related to Microsoft Stream (video platform), e.g., video view or deletion events. |
| Report-TeamsApps.PS1 | Provides a list of Teams apps installed or in use in the tenant (including custom or third-party apps). |
| Report-TeamsChatInfo.PS1 | Gathers information about Teams chats (such as chat names, participants, and message counts) across the organisation. |
| Report-TeamsEmojis.PS1 | Reports on the usage of emoji reactions in Teams (how frequently and which types of reactions are used). |
| Report-TeamsOwners.PS1 | Lists all Teams and their owners, highlighting teams that have too few or no owners. |
| Report-TeamsTags.PS1 | Reports the use of custom tags in Teams (which tags exist and which users are associated with them). |
| Report-UserPasswordChanges.PS1 | Audits user password change events, listing which users changed their passwords and when. |
| Report-UserSignIns.PS1 | Provides a report of user sign-in activity (login attempts and successes over a given period). |
| Report-UserUpdateAuditRecords.PS1 | Extracts audit log records of user account updates (changes to user properties, licence assignments, etc.). |
| Report-WeeklyCalendarForRoomMailboxes.PS1 | Generates a weekly calendar schedule for room mailboxes, showing upcoming bookings for each room. |
| Report-iOSDevicesAuthenticator.PS1 | Identifies iOS devices registered in the tenant (particularly those used with Microsoft Authenticator for MFA). |
| ReportActiveTeams.ps1 | Lists active Microsoft Teams (e.g., teams with recent activity) in the tenant. |
| ReportAdminAzureADAccountsNoMFA.PS1 | Lists Azure AD administrative accounts that do not have multi-factor authentication enabled (a security risk audit). |
| ReportArchivedTeams.PS1 | Lists Teams that have been archived, including who archived them and when. |
| ReportAuditRecFailedSignIn.PS1 | Summarises audit records of failed sign-in attempts in the tenant. |
| ReportAuditRecsFileUpdates.PS1 | Summarises audit records of file update events (file modifications in SharePoint/OneDrive). |
| ReportAuditRecsGroupCreation.PS1 | Summarises audit records for Microsoft 365 Group creation events. |
| ReportAuditRecsGuestDocAccess.PS1 | Summarises audit log records of guest users accessing documents. |
| ReportAuditRecsUserSignIns.PS1 | Summarises audit records of user sign-in events (login audits) over a period. |
| ReportAuthenticationMethods.PS1 | Reports which authentication methods (MFA methods, etc.) are registered for each user in the tenant. |
| ReportAutoExpandingArchives.PS1 | Lists mailboxes using auto-expanding archives and their archive sizes/status (to monitor large archive mailboxes). |
| ReportDLMembershipsCounts-MgGraph.PS1, ReportDLMembershipsCounts.PS1, ReportDLMembershipsCountsGraph.PS1 | Reports the member counts of each distribution list in the organisation (with different script versions using various tools like the Microsoft Graph). |
| ReportDLsAndManagers.PS1 | Lists all distribution lists along with their assigned manager/owner. |
| ReportDeletedODSPDocuments.PS1 | Reports on documents deleted from OneDrive/SharePoint (e.g., recently deleted files, for audit or recovery tracking). |
| ReportDelveInsightsDisabled.PS1 | Identifies user mailboxes for which Delve analytics (Office Graph insights) have been disabled. |
| ReportDocumentSensitivityLabelMismatches.PS1 | Finds documents where the applied sensitivity label does not match the container’s (site or library’s) default label, indicating a potential mismatch. |
| ReportExpiringLinkExtended.PS1 | Scans for SharePoint/OneDrive sharing links that have expiration dates set and reports those that are about to expire. |
| ReportExternalEmailSent.PS1 | Analyses email sending to external recipients (which users are sending how many emails outside the organisation). |
| ReportFilesSPOSite.PS1 | Enumerates all files within a SharePoint site (all document libraries) to provide an inventory with details like size and last modified date. |
| ReportIndividualApplicationLicenses.PS1 | Reports on which users have specific application or add-on licences assigned (to track deployment of individual apps or add-ons). |
| ReportLastAccountSignIn-Mg.PS1 | Uses Microsoft Graph to find the last sign-in date/time for each user account (alternative method for last sign-in report). |
| ReportLicenseAssignmentsToUsers.Ps1, ReportUserAssignedLicenses-MgGraph.PS1 | Generates a report of all licences assigned to each user in the tenant (with a version using Microsoft Graph). |
| ReportM365GroupMemberships-Graph.PS1, ReportM365GroupMemberships.PS1 | Reports the membership of Microsoft 365 Groups (listing the members of each group, with a Graph API version and a standard version). |
| ReportMFAStatusAdmins.PS1, ReportMFAStatusUsers.PS1 | Reports the MFA (multi-factor authentication) status of admin accounts and regular user accounts, respectively (who has MFA enabled or not). |
| ReportMailboxPermissionsMailboxes.PS1 | Lists all mailbox permissions (who has access to whose mailboxes and what kind of access). |
| ReportMailboxQuotaUsed.Ps1 | Shows how much of their quota each mailbox has used, indicating which mailboxes are close to full. |
| ReportMailboxRightsAssignments.PS1 | Reports on mailbox-level permissions (which users have full access or send-as/send-on-behalf rights on others’ mailboxes). |
| ReportManagersAndDirectReports.PS1 | Generates a report of each manager and their direct reports (company org chart hierarchy report). |
| ReportMembershipM365Group.PS1 | Lists the members of a specified Microsoft 365 Group (or all groups, depending on usage). |
| ReportOneDriveStorageUsage.PS1 | (Older) Reports how much storage each OneDrive site is using (similar to Report-OneDriveUsage). |
| ReportPermissionsApps.PS1 | Reports permissions or roles granted to applications in the Microsoft 365 tenant (app permission audit). |
| ReportPermissionsFolderLevel.PS1 | Scans mailboxes to find folder-level permissions (delegation at the folder level in mailboxes). |
| ReportPermissionsOnMailboxes.PS1 | Aggregates all mailbox-level access permissions for each mailbox (who has access to which mailbox). |
| ReportQuarantinedMessages.PS1 | Produces a report of email messages currently in quarantine (e.g., emails blocked by spam or security filters). |
| ReportRestoreRecoverableItemsAudit.PS1 | Reports on any audit log events where items were restored from the Recoverable Items (dumpster), indicating recovery actions. |
| ReportRetentionLabelAuditEvents.PS1 | Retrieves audit log events related to retention label actions (application or removal of retention labels on content). |
| ReportRoomMailboxUsage-AzureAutomation.PS1 | An Azure Automation variant of the room mailbox usage reporting script, suitable for scheduling in cloud. |
| ReportSensitivityLabelSettings.PS1 | Summarises the configuration settings of all sensitivity labels in the organisation (e.g., encryption or access settings of each label). |
| ReportSensitivityLabelsAuditRecords.ps1 | Retrieves audit log records related to sensitivity label application or changes (to monitor label usage events). |
| ReportSharedMailboxLicenses.PS1 | Lists which shared mailboxes have licences assigned or if any licence is consumed by shared mailboxes (since normally they don’t require licences unless over limits). |
| ReportTeamsActivityData.PS1, ReportTeamsActivityGraph.PS1 | Gathers statistics on Microsoft Teams usage activity across the tenant (with one version possibly using a legacy approach and another using Graph API with improvements). |
| ReportTeamsChannelEmailAddresses.ps1 | Lists the email addresses associated with Teams channels (each standard channel’s email address for posting messages via email). |
| ReportTeamsChannels.PS1 | Provides a list of all Teams channels in the tenant, possibly including their properties or membership counts. |
| ReportTeamsCreationbyEmail.ps1 | Sends an email report whenever a new Team is created (monitoring and notification of new Teams). |
| ReportTeamsPolicyAssignments.PS1 | Reports which Teams policies are assigned to users (e.g., listing each user’s policy assignments for Teams). |
| ReportTeamsPrivateChannels.PS1 | Lists all private channels in Teams and their details (such as which Team they belong to and the channel members/owners). |
| ReportUnusedExoMailboxes.PS1 | Identifies Exchange Online mailboxes that have not been used (no recent logins or email activity), indicating they might be safe to remove or archive. |
| ReportUsersAndManagers.PS1 | Similar to the managers and direct reports report, listing each user and their manager (organisational hierarchy). |
| ReportWhiteBoardInfo.PS1 | Gathers information about Microsoft Whiteboard usage or settings in the tenant. |
| ReportYammerCommunityActivity.PS1 | Reports the activity levels in Yammer communities (number of messages, active users, etc., per Yammer group). |
| ReporteDiscoveryCases.Ps1 | Lists all eDiscovery cases in the tenant and key details (case names, status, etc.). |
| Restore-DeletedEntraGroups.PS1 | Restores Azure AD groups that were deleted (soft-deleted), if they are still within the recoverable period. |
| Restore-EntraIDUserNewUPN.PS1 | Restores a deleted AAD user by creating a new account with the user’s previous UPN (recovering a user’s identity after deletion). |
| SPOSitesRetention.ps1 | Reports or sets the retention policy settings on SharePoint Online sites (which sites have specific retention policies). |
| Search-AuditLogGraph.PS1 | Performs a search query against the Office 365 Unified Audit Log using Microsoft Graph (as an alternative to standard compliance search cmdlets). |
| SearchAndRemoveItemsMailboxes.PS1 | Searches user mailboxes for specific items (e.g., based on criteria or query) and removes any matches (combining eDiscovery search and purge in one step). |
| Send-AzureCommunicationsEmail.PS1 | Sends an email using the Azure Communication Services email API (as an alternative to using Exchange Online). |
| Send-EmailExchangeHVE.PS1, Send-HVEEmailRunbook.PS1 | Scripts for sending emails in a high-volume Exchange environment (ensuring reliable sending of large numbers of emails, with a variant for use in an Azure runbook). |
| Send-TeamsChatMessage.PS1 | Sends a chat message to a user or channel in Microsoft Teams via PowerShell (using Graph API). |
| Send-TeamsChatWithLotsofMentions.PS1 | Demonstrates how to send a Teams chat message that includes a large number of @mentions in a single message. |
| Send-WelcomeMessageNewUsers.PS1, Send-WelcomeNewUserMessagesHVE.PS1, SendWelcomeEmail.PS1, SendWelcomeEmailGraph.PS1, SendWelcomeEmail-Mg.PS1, SendWelcomeEmail-Runbook.ps1, SendWelcomeMessage-UserMail.PS1 | Various scripts (including Graph and runbook versions) to automate sending welcome emails or messages (Outlook email or Teams chat) to new users when they join the organisation. |
| Set-IntelligentVersioningOneDriveSites.PS1 | Configures “intelligent versioning” settings on OneDrive for Business sites (to optimise or limit the number of document versions retained). |
| SetAutoReplyTeamsGroups.PS1 | Sets an automatic reply (Out of Office message) on the mailbox associated with Microsoft 365 Groups/Teams (so group emails get an auto-reply). |
| SketchPad.PS1 | A general-purpose PowerShell “notebook” script used for testing and demonstrating various Microsoft 365 PowerShell operations (contains sample code snippets). |
| Switch-Licenses.PS1 | Switches users from one Microsoft 365 licence SKU to another in bulk (reassigning licences). |
| Switch-LitigationHoldsForEDiscovery.PS1 | Bulk toggles mailbox litigation holds on or off (for multiple mailboxes) to facilitate eDiscovery processes. |
| Switch-LitigationHoldsforRetentionPolicies.PS1 | Adjusts mailbox hold settings during retention policy changes (e.g., removing per-mailbox holds when a retention policy is in place, or vice versa). |
| Synchronize-M365GroupSecurityGroup.PS1 | Keeps the membership of a Microsoft 365 Group and a corresponding security group in sync (mirroring members between the two group types). |
| TeamsCreationReportByEmail.PS1 | Sends an email report whenever a new Team is created in the organisation (for monitoring new Teams instances). |
| TeamsGroupsActivityReport.ps1, TeamsGroupsActivityReportV5.PS1 | Generates a report of Microsoft 365 Groups/Teams activity, identifying inactive groups or summarising usage (with V5 being an updated version with enhanced data). |
| Test-BatchProcessing.PS1 | Demonstrates processing data in batches to avoid throttling or performance issues during large-scale operations. |
| Test-ComplianceHolds.PS1 | Tests the functionality of compliance holds (eDiscovery holds) by verifying that content under hold is preserved (e.g., creating then deleting items to see if they are retained). |
| Update-AppLockInstance.PS1 | Manages or updates an application lock (mutex) instance, ensuring only one instance of a process or script runs at a time. |
| Update-BannedPasswordsList.PS1 | Updates the custom banned passwords list in Azure AD Password Protection (adding new weak passwords to the block list). |
| Update-BreakGlassUsersCAPolicies.PS1 | Updates Conditional Access policies to ensure “break-glass” emergency admin accounts are exempted (so these accounts are never locked out by CA policies). |
| Update-DomainBlocks.PS1 | Updates the organisation’s blocked domains list (for example, updating email block lists or allowed domains for various services in bulk). |
| Update-DynamicM365GroupAzureAutomation.PS1 | Azure Automation runbook to update or maintain a dynamic Microsoft 365 Group (possibly to enforce membership or attributes on a schedule). |
| Update-GroupPhotosSDK.PS1 | Uses the Graph PowerShell SDK to update the profile photos of Microsoft 365 Groups. |
| Update-M365GroupOwners.PS1 | Updates (adds or changes) the owners of Microsoft 365 Groups in bulk (for example, to ensure each group has the required number of owners). |
| Update-Managers.PS1 | Bulk updates the “Manager” field in Azure AD user profiles (e.g., after organisational restructuring). |
| Update-MicrosoftIRMCAPolicies.PS1 | Updates Information Rights Management related Conditional Access or security policies in the tenant. |
| Update-OneDriveGroupMembers.PS1 | Adds or updates a designated security group as a secondary owner for all OneDrive sites (ensuring admin access to all OneDrive for Business user sites). |
| Update-PlanWithTasks.PS1 | Updates a Microsoft Planner plan by adding tasks (automating task creation in a plan, e.g., from an external data source). |
| Update-RetentionLabelsOneDrive.PS1 | Applies or updates retention labels on OneDrive documents (to enforce updated retention policies across OneDrive files). |
| Update-RetentionPolicySharedMailboxes.PS1 | Updates retention policy assignments specifically for shared mailboxes (e.g., switching them to a new policy or adjusting retention tags). |
| Update-SensitivityLabels.PS1 | Bulk updates sensitivity label assignments on content or removes certain labels from documents (for example, to enforce a new labelling standard). |
| Update-TenantCustomBranding.PS1 | Updates the Azure AD sign-in page custom branding (such as updating logos, background images, or custom sign-in text). |
| UpdateAzureAutomationGraphModules.PS1 | Ensures the Azure Automation account’s PowerShell Graph modules are up-to-date (downloading the latest Graph modules in an automation account). |
| UpdateGuestPhotos.PS1 | Bulk updates the profile photos for Azure AD guest user accounts. |
| UpdateMailboxAuditing.PS1 | Reconfigures mailbox auditing by turning it off and back on for all mailboxes (to refresh their audit configuration if needed). |
| UpdateOWASignatures.ps1 | Updates the Outlook Web App (OWA) email signature for multiple mailboxes (setting a standardised signature in users’ OWA settings). |
| UpdateOffice365PowerShellModules.PS1 | Checks for and updates the installed Office 365 PowerShell modules on an admin workstation to the latest versions. |
| UpdateOutlookSignature.PS1 | Updates a user’s Outlook (desktop client) email signature with information from Azure AD (such as name, title, and contact details). |
| UpdateSPOSitesWithLabels.PS1 | Applies or updates sensitivity labels on SharePoint Online sites (to set or change default site classification labels in bulk). |
| UpdateSensitivityLabelsForGroups.PS1 | Assigns or updates sensitivity labels on Microsoft 365 Groups (to ensure groups have proper classification labels). |
| UpdateStaticRetentionPolicy-AzureAutomation.PS1 | Azure Automation runbook that updates static retention policies (e.g., periodically adding or removing specific mailboxes/sites from a retention policy). |
| UpdateSubscribersInGroupsUsedByTeams.PS1 | Updates the subscriber settings for Microsoft 365 Groups that have Teams (often to manage whether members receive group emails, to prevent double notifications). |
| UpdateUserPhotos.PS1 | Bulk updates users’ profile photos in Azure AD (e.g., uploading new or standardised user images). |
| Upload-LargeAttachmentChunks.PS1, Upload-ManyAttachmentstoMessage.PS1 | Demonstrates how to attach files to email via Graph API, including uploading a large attachment in sequential chunks and sending an email with many attachments. |