Chapter 1: Managing Users in M365
·
Add users
·
Assign or unassign licenses for users
·
Assign admin roles
·
Turn pronouns on or off
·
Guest users
·
Change a user name and email address
·
Change user profile photos
·
Restore a user
·
Create template to add users
·
Upgrade users to the latest apps
·
Manage guest access in Microsoft 365 group
Introduction
to Microsoft 365 Users.
What is Microsoft 365?
Microsoft 365 (M365) is a cloud-based productivity suite by
Microsoft that includes services like Outlook, Word, Excel, Teams, SharePoint,
and Exchange, among others. It enables organizations to collaborate,
communicate, and manage business processes efficiently in a secure cloud
environment
Users in Microsoft 365
Who are Users?
Users in Microsoft 365 are individuals who have a Microsoft
365 account (also called a user identity) to access services such as
Outlook, OneDrive, Teams, and SharePoint.
User Types
- Licensed Users: Have assigned M365 licenses and access to various services (e.g., Office apps, Teams).
- Unlicensed Users: Exist in the directory but do not have active services (e.g., shared mailboxes, guest users).
- Guest Users (External Users): People outside your organization who are invited to collaborate on documents or in Teams.
- Managed via Azure Active Directory (Azure AD).
- Can use multi-factor authentication (MFA) for added security.
- Supports Single Sign-On (SSO) and password policies.
Get a specific user: Get-MgUser -UserId "AdeleV@Imech544.onmicrosoft.com"
User Identity and Authentication
Licensed Users: How add users
from M365 admin center
Create a new user using Microsoft Graph api
Import-Module Microsoft.Graph.Users
$params = @{
accountEnabled
= $true
displayName
= "Adele Vance"
mailNickname
= "AdeleV"
userPrincipalName
= "AdeleV@Imech544.onmicrosoft.com"
passwordProfile
= @{
forceChangePasswordNextSignIn
= $true
password
= "xWwvJ]6NMw+bWH-d"
}
}
New-MgUser -BodyParameter $params
List all users
Get-MgUser | Select-Object DisplayName,
UserPrincipalName, AccountEnabled
Delete a users account using MG:
Remove-MgUser -UserId "AdeleV@Imech544.onmicrosoft.com"
List Users with Licenses:
Get-MgUser | ForEach-Object {
$user = $_
$licenses = Get-MgUserLicenseDetail -UserId $user.Id
[PSCustomObject]@{
DisplayName = $user.DisplayName
UPN = $user.UserPrincipalName
Licenses = ($licenses.SkuPartNumber -join ", ")
}
}
Microsoft Graph PowerShell - User Commands Cheat Sheet
1. Connect to Microsoft Graph
Install-Module Microsoft.Graph -Scope CurrentUser
Import-Module Microsoft.Graph
Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All"
2. List All Users
Get-MgUser | Select-Object DisplayName, UserPrincipalName, AccountEnabled
3. Get a Specific User
Get-MgUser -UserId "user@yourdomain.com"
4. Create a New User
New-MgUser -AccountEnabled $true `
-DisplayName "John Doe" `
-UserPrincipalName "johndoe@yourdomain.com" `
-MailNickname "johndoe" `
-PasswordProfile @{ ForceChangePasswordNextSignIn = $true; Password = "P@ssword123"
}
5. Update User Display Name
Update-MgUser -UserId "johndoe@yourdomain.com" -DisplayName "John D"
6. Delete a User
Remove-MgUser -UserId "johndoe@yourdomain.com"
7. Filter Users by Name
Get-MgUser -Filter "startswith(DisplayName,'John')"
How to Unassign Microsoft 365 Licenses and What Happens
Next
Managing licenses in Microsoft 365 is a crucial task for
IT admins. Whether you're offboarding an employee, reallocating licenses, or
optimizing costs, it's essential to understand the proper way to unassign
licenses and what happens to the user's data afterward.
- How
to unassign licenses from one or multiple users
- What
happens to a user's data after license removal
- Key
considerations and retention behavior
👤 How to Unassign
Licenses from a Single User
If you need to remove a license from just one user:
- Sign
in to the Microsoft 365 Admin Center.
- Go
to Users > Active users.
- Select
the row of the user you want to modify.
- In
the side pane, click on Licenses and Apps.
- Expand
the Licenses section.
- Uncheck
the license(s) you want to remove.
- Click
Save changes.
That’s it! The license will be freed up and ready to
assign to another user.
👥 How to Unassign
Licenses from Multiple Users
For bulk operations:
- Head
to Users > Active users in the admin center.
- Select
the checkboxes next to the users you want to modify.
- Click
on Manage product licenses from the top menu.
- In
the pane that opens, select Unassign all.
- Click
Save changes, then Done.
This process is useful during mass offboarding or license
audits.
📦 What Happens to a
User’s Data After License Removal?
Removing a license doesn’t immediately delete the user's
data, but here's what you need to know:
🔁 Exchange Online (Email)
- Mailbox
content is retained for 30 days.
- After
that, it’s permanently deleted unless retention policies are applied.
- If
you’re using eDiscovery or Content Search, the mailbox becomes unsearchable
once the license is gone.
☁️ OneDrive for Business
- User
data remains intact unless the user is deleted from Microsoft 365 or
removed via Active Directory sync.
- Learn
more about OneDrive file retention.
📨 Inactive Mailboxes
(Enterprise Plans Only)
- If
you're on Office 365 E3 or higher, you can convert a user’s mailbox to an inactive
mailbox to preserve its data indefinitely.
- How
to create and manage inactive mailboxes
🚫 Blocking Access After
License Removal
Even after license removal, users might still have access
to installed Office apps. In such cases:
- They’ll
see “Unlicensed Product” warnings and activation errors.
- To fully
secure the user’s access, follow the Microsoft guide:
👉 Remove a former employee and secure their data
Using Microsoft Graph PowerShell
📌 Unassign License from a
Single User
powershell
# Connect to Graph with proper scope
Connect-MgGraph -Scopes "User.ReadWrite.All"
# Get user
$user = Get-MgUser -UserId user@domain.com
# Get currently assigned licenses
$assignedLicenses = (Get-MgUserLicenseDetail -UserId
$user.Id).SkuId
# Choose the license to remove (e.g., remove all)
Set-MgUserLicense -UserId $user.Id -RemoveLicenses
$assignedLicenses -AddLicenses @{}
🔁 If you only want to
remove a specific license, get its SkuId and remove that one only.
📌 Unassign Licenses from
Multiple Users (Bulk)
powershell
# Example list of users
$users = @("user1@domain.com",
"user2@domain.com")
foreach ($userUPN in $users) {
$user = Get-MgUser
-UserId $userUPN
$assignedLicenses =
(Get-MgUserLicenseDetail -UserId $user.Id).SkuId
if ($assignedLicenses) {
Set-MgUserLicense
-UserId $user.Id -RemoveLicenses $assignedLicenses -AddLicenses @{}
Write-Output
"Removed licenses for $userUPN"
} else {
Write-Output
"$userUPN has no licenses assigned"
}
}
Guest users are external people (outside your organization) invited to collaborate in Microsoft 365. They can access Teams, SharePoint, OneDrive, and other shared resources but do not belong to your Azure AD tenant.
Common Guest Use Cases
- External partners, vendors, or consultants
- Clients needing access to documents
- Collaborators in Microsoft Teams or SharePoint
How Guest Access Works
- Added via Azure AD B2B (Business-to-Business)
- Users get an account ending in #EXT#
- They use their own credentials
- Controlled by Azure AD external collaboration settings
Ways to Invite Guest Users
1. Microsoft Entra Admin Center: Go to Users > New Guest User
2. Microsoft Teams: Add guest via 'Add member' with email
3. SharePoint/OneDrive: Share file or folder with external email
PowerShell for Managing Guest Users
Connect:
Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All"
Invite Guest:
$guest = @{
InvitedUserEmailAddress = "partner@example.com"
InviteRedirectUrl = "https://teams.microsoft.com"
SendInvitationMessage = $true
InvitedUserDisplayName = "Partner Name"
}
New-MgInvitation @guest
List Guests:
Get-MgUser -Filter "userType eq 'Guest'" | Select DisplayName, UserPrincipalName
Remove Guest:
Remove-MgUser -UserId "partner_example.com#EXT#@yourtenant.onmicrosoft.com"