How to Use Get-MgUser to Fetch Microsoft 365 Users?

If you're managing a Microsoft 365 environment, chances are you need to retrieve user details often. Whether it's for auditing, reporting, or user management, the Get-MgUser cmdlet in Microsoft Graph PowerShell is a powerful tool to fetch user information quickly and efficiently. This guide will help you understand how to use Get-MgUser with simple examples.

What is Get-MgUser?

Get-MgUser is a Microsoft Graph PowerShell cmdlet that allows administrators to retrieve details about Microsoft 365 users. It replaces the older Get-AzureADUser cmdlet and provides more flexibility and security using Microsoft Graph API.

With Get-MgUser, you can:

• ✅Fetch user information such as UserPrincipalName (UPN), Display Name, Email, and Account Status.
• ✅Retrieve specific users or all users in your organization.
• ✅Use filtering and property selection for more precise queries.

Why Use Get-MgUser?

Microsoft 365 administrators prefer Get-MgUser because:

• ✅ It provides a secure and efficient way to access user data.
• ✅ It is the recommended cmdlet for modern M365 management (AzureAD cmdlets are deprecated).
• ✅ It supports filtering, sorting, and selection of specific properties, reducing unnecessary data retrieval.
• ✅ It works with Microsoft Entra ID (formerly Azure AD) via Microsoft Graph API.

Cmdlet Syntax

The basic syntax for Get-MgUser is:

Get-MgUser [-UserId <String>] [-All] [-Filter <String>] 

Key Parameters:

• -UserId → Fetch a specific user by UPN or Object ID.
• -All → Retrieve all users in the organization.
• -Filter → Apply filters to get specific users (e.g., based on department or license status).
• -Property → Retrieve only specific properties instead of the full dataset.

Usage Examples

Retrieve All Users

Get-MgUser -All

This command fetches all users in your Microsoft 365 tenant.

Get a Specific User by Email (UPN)

Get-MgUser -UserId "admin@contoso.com"

Get a Specific User by Object ID

Get-MgUser -UserId "1111-2222-3333-4444"

Instead of an email address, you can also use the unique Object ID assigned to a user in Microsoft Entra ID.

Retrieve Only Guest Users

Get-MgUser -All -Filter "userType eq 'Guest'"

This command fetches all the guest users (or external users) in the tenant.

Retrieve Only Disabled User Accounts

Get-MgUser -All -Filter "accountEnabled eq false"

This command fetches all the disabled user accounts in the tenant.

Frequently Asked Questions

• ❓ How do I get only specific properties like Display Name and Email?

Get-MgUser -UserId "admin@contoso.com" -Property DisplayName,Mail

• This returns only the DisplayName and Mail fields for the user.
💡 Optimize API Responses with -Property

By default, Get-MgUser returns a limited set of user properties. To retrieve only the fields you need — such as DisplayName, UserPrincipalName, or AccountEnabled — use the -Property parameter.

This helps reduce data transfer and improves performance, especially in scripts handling large user sets.
• ❓ Can I filter users by department?

Get-MgUser -All -Filter "department eq 'Sales'"

• This retrieves only users from the Sales department.
• ❓ What permission do I need to run Get-MgUser?
• You need User.Read.All or Directory.Read.All permissions.
• ❓ Is Get-MgUser a replacement for Get-AzureADUser?
• Yes! Microsoft recommends using Get-MgUser since Azure AD PowerShell is deprecated.

Use Cases

• 📌 User Auditing → Fetch details of users for security and compliance audits.
• 📌 License Management → Identify unlicensed or inactive users.
• 📌 User Reports → Generate user reports based on roles, departments, or locations.
• 📌 Troubleshooting → Quickly verify user account status and details.

Conclusion

The Get-MgUser cmdlet is an essential tool for Microsoft 365 administrators looking to manage users efficiently. Whether you're retrieving a single user or querying all users in your organization, this cmdlet offers flexibility, security, and precision. Start using Get-MgUser today to streamline your M365 management!