Useful Office365 PowerShell Commands

ByDaniel Lutton

Jul 6, 2021
Office365 powershell

If you manage a Microsoft 365 tenant at any meaningful scale, PowerShell isn’t optional—it’s essential.

While Microsoft provides a growing number of admin portals (Entra ID, Exchange Admin Center, SharePoint Admin Center, Purview, Teams Admin Center), critical information is still fragmented across these interfaces. Simple tasks like auditing mailbox permissions, exporting license usage, or identifying inactive users often require jumping between portals—or worse, aren’t available in the UI at all.

PowerShell solves this problem by giving you:

  • A single control plane for your tenant
  • The ability to query, correlate, and export data
  • Repeatability through automation and scripting
  • Faster execution than any GUI

In real-world administration, PowerShell is how you stay ahead of incidents, not how you clean up after them.

Modern PowerShell Modules You Should Be Using (Important)

Before diving into commands, it’s important to address something many older articles get wrong.

Deprecated Modules (Avoid for New Work)

  • MSOnline (deprecated)
  • AzureAD (deprecated)

Current, Supported Modules

  • Microsoft Graph PowerShell SDK
  • Exchange Online Management (EXO V3)

You’ll still encounter legacy environments using MSOnline, but for long-term viability and security, Graph + EXO should be your default.

Connecting to Microsoft 365 with PowerShell (Modern Method)

Install Required Modules

Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ExchangeOnlineManagement -Scope CurrentUser

Connect to Microsoft Graph

Connect-MgGraph -Scopes User.Read.All, Group.Read.All, Directory.Read.All

Connect to Exchange Online

Connect-ExchangeOnline

Real-world tip: Use certificate-based authentication for automation and scheduled tasks. Password-based auth should never be used in production scripts.

Discovering Available PowerShell Commands

When working in unfamiliar tenants or environments, discovery matters.

Get-Command -Module ExchangeOnlineManagement
Get-Command -Module Microsoft.Graph.Users

This is often faster than Googling—and ensures you’re using supported cmdlets.

User and License Management with PowerShell

List All Users with Key Attributes

Get-MgUser -All | Select DisplayName, UserPrincipalName, Department, AccountEnabled

Retrieve License Usage

Get-MgSubscribedSku | Select SkuPartNumber, ConsumedUnits, PrepaidUnits

This is invaluable during audits, cost reviews, or tenant cleanups.

Creating and Managing Users

Create a New User

New-MgUser `
  -DisplayName "Jonathan Brown" `
  -UserPrincipalName "[email protected]" `
  -AccountEnabled `
  -MailNickname "jbrown" `
  -PasswordProfile @{ Password = "TempP@ss123!"; ForceChangePasswordNextSignIn = $true }

Operational insight: Always force password change on first login. Anything else is a security failure.

Reset a User Password

Update-MgUser -UserId [email protected] `
  -PasswordProfile @{ Password = "N3wP@ss!"; ForceChangePasswordNextSignIn = $true }

Group Membership Management

List All Groups

Get-MgGroup -All | Select DisplayName, Id

Add a User to a Group

New-MgGroupMember `
  -GroupId <GroupID> `
  -DirectoryObjectId <UserID>

Remove a User from a Group

Remove-MgGroupMember `
  -GroupId <GroupID> `
  -DirectoryObjectId <UserID>

PowerShell is dramatically faster than portal-based group management—especially during onboarding or offboarding.

Exchange Online PowerShell: Where Admins Really Live

List All Mailboxes

Get-ExoMailbox -ResultSize Unlimited

List Shared Mailboxes

Get-ExoMailbox -RecipientTypeDetails SharedMailbox

Archive Mailboxes

Identify Archive-Enabled Mailboxes

Get-ExoMailbox -Archive

View Archive Mailbox Size

Get-ExoMailbox -Archive | Get-ExoMailboxStatistics |
Select DisplayName, TotalItemSize

This is critical when managing retention policies or troubleshooting storage complaints.

Mailbox Permission Auditing (Highly Valuable)

Full Access Permissions

Get-ExoMailbox | ForEach-Object {
  Get-ExoMailboxPermission $_.UserPrincipalName |
  Where-Object { $_.AccessRights -contains "FullAccess" -and !$_.IsInherited }
}

Send As Permissions

Get-RecipientPermission -ResultSize Unlimited |
Where-Object { $_.Trustee -notlike "NT AUTHORITY*" }

Send on Behalf Permissions

Get-ExoMailbox | Where-Object {$_.GrantSendOnBehalfTo -ne $null} |
Select UserPrincipalName, GrantSendOnBehalfTo

Real-world insight: Undocumented mailbox permissions are a major insider risk. These reports should be scheduled monthly.

Identifying Inactive Mailboxes

Get-ExoMailbox -ResultSize Unlimited | ForEach-Object {
  Get-ExoMailboxStatistics $_.UserPrincipalName |
  Select DisplayName, LastLogonTime, LastUserActionTime
}

Perfect for:

  • License reclamation
  • Dormant account cleanup
  • Security reviews

Email Forwarding Detection (Security Critical)

Get-ExoMailbox -ResultSize Unlimited |
Where-Object { $_.ForwardingAddress -ne $null } |
Select DisplayName, ForwardingAddress

Forwarding rules are commonly abused after account compromise.

Mailbox Folder Permissions

List Mailbox Folders

Get-MailboxFolderStatistics [email protected]

View Folder Permissions

Get-MailboxFolderPermission "[email protected]:\Inbox"

Folder-level permissions often bypass standard mailbox audits.

SharePoint Online PowerShell

Create a New Site Collection

New-SPOSite `
  -Url "https://contoso.sharepoint.com/sites/NewSite" `
  -Owner "[email protected]" `
  -StorageQuota 1024 `
  -Title "New Site"

Remove a User from All SharePoint Sites

Get-SPOSite -Limit All |
ForEach-Object {
  Remove-SPOUser -Site $_.Url -LoginName "[email protected]"
}

This is invaluable during offboarding.

Creating Reports with PowerShell

Mailboxes Not Logged In for 30 Days

Get-ExoMailbox |
Get-ExoMailboxStatistics |
Where-Object {$_.LastLogonTime -lt (Get-Date).AddDays(-30)} |
Select DisplayName, LastLogonTime

Group Membership Report

Get-UnifiedGroup | ForEach-Object {
  Write-Host "Group:" $_.DisplayName
  Get-UnifiedGroupLinks -Identity $_.Identity -LinkType Members
}

Final Thoughts: PowerShell Is an Admin Multiplier

PowerShell doesn’t just make Microsoft 365 administration faster—it makes it possible at scale.

Admins who rely solely on portals:

  • Miss hidden risks
  • Struggle with audits
  • Waste hours on repetitive tasks

Admins who master PowerShell:

  • Automate confidently
  • See their environment clearly
  • Respond faster to incidents

In modern Microsoft 365 environments, PowerShell isn’t optional—it’s your advantage.

Related Post

Windows 11 Update Rings and Deployment Strategy for SMB Environments

Daniel Lutton

Windows 11 Security Baselines Explained: What IT Pros Should Actually Enforce

Daniel Lutton

From Infrastructure Engineer to Platform Engineer: What Actually Changes

Daniel Lutton

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Posts

Sys Admin Windows 10 Windows 11

Windows 11 Update Rings and Deployment Strategy for SMB Environments

I.T Management

Why CIOs and Engineers Often Disagree on Technology Strategy

Tech Tips

How Windows 11 Handles Modern Hardware Better Than Windows 10

I.T Management

Why Your IT Architecture Is More Political Than Technical (And What That Means for Modern IT Leaders)