Key Points
- Use Microsoft Graph PowerShell to generate comprehensive Microsoft 365 Group reports that include group names, types, and visibility.
- Combine Exchange Online PowerShell and Graph data to accurately report group ownership and membership.
- Leverage the Microsoft Graph Reports API to track group activity and identify inactive or orphaned groups over 7-, 30-, or 90-day periods.
- Automate Microsoft 365 reporting using app-only authentication, scheduled PowerShell tasks, and CSV/JSON exports for consistent tracking.
- Standardize multi-tenant Microsoft 365 reports with scripted connection loops, timestamped logs, and unified reporting across all organizations.
Microsoft 365 Groups are the backbone of collaboration in the modern workplace. They’re the glue that connects Teams chats, SharePoint sites, Planner tasks, and Outlook conversations. However, manually tracking group ownership, membership, and usage trends can quickly become overwhelming.
Legacy reporting methods simply do not offer the automation and depth that modern administrators need. That’s why more organizations are turning to tools like Graph PowerShell and Graph Reports endpoints to generate reports.
These platforms automate repetitive tasks, like gathering membership data, and, more importantly, deliver richer datasets.
In this guide, we’ll show you how to automate Microsoft 365 group reporting using PowerShell and Graph Reports.
Automating Microsoft 365 group reports using PowerShell
PowerShell and Microsoft Graph are the two essential tools you’ll need to build a scalable and secure Microsoft 365 group reporting.
📌Prerequisites
- The Microsoft Graph PowerShell SDK and Exchange Online modules
- An Azure app registration configured with Reports.Read.All and Group.Read.All API scopes
- App-only or delegated credentials, stored securely in a Key Vault or an encrypted JSON file
- Admin permissions to access the Microsoft 365 tenant reporting and Exchange Online
Method 1: Conduct a complete group inventory using Microsoft Graph PowerShell
📌Use Case: This method establishes a secure connection to Microsoft Graph, which will enable you to query your Microsoft 365 data. It’s ideal for conducting a complete inventory of all groups in your tenant. This includes Teams-enabled and dynamic groups
A. Install and import modules
Install-Module Microsoft.Graph -Scope CurrentUser
Import-Module Microsoft.Graph
Connect-MgGraph -Scopes "Group.Read.All","Reports.Read.All"
This installs the SDK securely and connects it using the necessary permissions.
B. Use Get-MgGroup to inventory all Microsoft 365 Groups
Get-MgGroup -All | Select DisplayName,GroupTypes,Visibility,CreatedDateTime |
Export-Csv "C:\Reports\GroupInventory.csv" -NoTypeInformation
💡Tip: Filter the results by group type or naming convention to isolate Teams-enabled or dynamic groups.
Method 2: Retrieve membership and ownership using Exchange Online
📌Use Case: This method allows you to pull membership and ownership details directly from Exchange Online. It’s particularly useful for admins managing mail-enabled security groups or Microsoft 365 distribution lists.
A. Connect to Exchange Online:
Connect-ExchangeOnline -UserPrincipalName [email protected]
Get-UnifiedGroup | Select DisplayName,PrimarySmtpAddress,AccessType |
Export-Csv "C:\Reports\UnifiedGroups.csv" -NoTypeInformation
B. List group members or owners:
Get-UnifiedGroupLinks -Identity "<GroupName>" -LinkType Members |
Select Name,PrimarySmtpAddress
Export the results for review or audit documentation.
Method 3: Use Microsoft Graph Reports API to analyze group engagement
📌Use Case: This method lets you analyze group activity and lifecycle insights.
A. Call Graph Reports API for group activity
$uri = "https://graph.microsoft.com/v1.0/reports/getOffice365GroupsActivityDetail(period='D30')"
Invoke-MgGraphRequest -Method GET -Uri $uri |
ConvertFrom-Csv | Export-Csv "C:\Reports\GroupActivity_D30.csv" -NoTypeInformation
Compare activity counts to membership data to identify which groups are inactive, underused, or lacking ownership.
Method 4: Automate exports and scheduling
📌Use Case: This method allows you to generate group reports automatically for compliance and executive reporting.
- Secure your app credentials by storing them in an encrypted JSON file.
- Use a PowerShell scheduled task or Azure Automation runbook for cloud execution:
$timestamp = Get-Date -Format "yyyyMMdd_HHmm"Get-MgGroup -All | Export-Csv "C:\Reports\Groups_$timestamp.csv" -NoTypeInformation
- Enable logging for each run and make sure it includes key details, such as run timestamps, tenant name, record count, and success or failure status.
- Optionally, you can feed the exported CSV files into Power BI or a compliance report pack.
Summary of best practices for getting Microsoft 365 group reports using PowerShell and Graph Reports
| Practice | Purpose | Value Delivered |
| Graph cmdlets for inventory | Ensures alignment with modern Microsoft Graph APIs for retrieving group and directory data | Delivers accurate, reliable, and fully supported inventory results |
| Exchange Online for membership details | Strengthens governance by providing visibility into group ownership and access permissions | Allows administrators to confirm who owns each group and who has access to what |
| Graph Reports API for activity insights | Enables lifecycle visibility across groups by tracking usage and engagement patterns | Makes identifying inactive, redundant, or unowned groups easier |
| App-only authentication | Improves security by eliminating the need for interactive logins | Provides secure, token-based authentication that protects administrative access |
| Scheduled exports | Standardizes data collection through automation | Ensures repeatable reporting and continuous evidence for compliance audits |
Validating and troubleshooting common issues
If your script returns errors or generates incomplete data, use the checklist below to identify and troubleshoot common issues.
- Empty Results: Verify tenant logging settings and check if the Graph API permissions are assigned correctly.
- Access Denied: Ensure that admin consent has been explicitly granted for all required API scopes in the Azure App Registration.
- Rate Limits: Apply delay or retry logic for larger tenants to slow down requests and avoid overwhelming the Graph API’s rate limits.
- Script Errors: Wrap query blocks in Try/Catch to handle exceptions properly and log the error for later review.
- Expired Tokens: Set up alerts for monitoring token expiration and rotate your app secrets regularly. This step ensures that your automated reports continue running.
Automation touchpoint for Microsoft 365 Group reporting
Automation can be a game-changer for MSPs. For example, a daily scheduled job that connects to Microsoft Graph using app-only authentication can help you:
- Retrieve group lists and activity metrics across multiple client tenants.
- Merge data into a unified CSV report, complete with timestamps.
- Automatically email reports to designated administrators.
This approach reduces the manual effort required of your team, allowing them to focus on more important tasks.
Simplifying Microsoft 365 group reporting with NinjaOne
NinjaOne makes Microsoft 365 group reporting effortless. It features a robust scripting engine that enables you to automate PowerShell deployments across client environments.
With secure credential storage, you can build scripts that deliver actionable insights, automatically generate CSV reports, and attach them directly to client documentation without compromising security.
Generate smarter Microsoft 365 Group Reports using PowerShell
Modern PowerShell reporting for Microsoft 365 Groups utilizes graph-based cmdlets and APIs, unlocking a level of precision and automation that legacy reporting methods can’t match.
By combining inventory, membership, and activity data into unified reports, you gain crucial visibility across every client tenant or business unit you manage. More importantly, this approach keeps your reporting process scalable and future-ready.
Related topics:
- How to Use Microsoft Graph API to Pull Compliance Reports Across Multiple Tenants
- How to Backup Microsoft 365 Exchange Online
- The Administrator’s Handbook to SharePoint Group Permissions: Setup, Management and Best Practices
- Using Microsoft Graph API with Windows PowerShell to Monitor and Manage Microsoft 365 Clients
- How To Generate MSP-friendly Compliance Reports From Microsoft Secure Score
