M365Corner

🔧 New: User Management Graph PowerShell Toolkit

Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.

🚀 Launch Toolkit
M365 PowerShell

Microsoft 365 User Onboarding with Graph PowerShell

Setting up new employees in Microsoft 365 can be streamlined using Microsoft Graph PowerShell. This guide walks you through the step-by-step onboarding process, from user creation to assigning roles, using tested cmdlets.


Connect to Microsoft Graph

Start by connecting to Microsoft Graph with the necessary permissions:

Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All", "Group.ReadWrite.All"

Create the User Account

Provision the user with a secure, ready-to-use account:

New-MgUser -DisplayName "Jane Kumar" `
-UserPrincipalName "jane.kumar@yourdomain.com" `
-MailNickname "janekumar" `
-AccountEnabled  `
-PasswordProfile @{ ForceChangePasswordNextSignIn = $true; Password = "StrongP@ssw0rd!" }

✅ This creates an active user account and enforces a password change at first login.


Assign Licenses

Enable a ccess to Microsoft 365 services by assigning a license:

Set-MgUserLicense -UserId "jane.kumar@yourdomain.com" -AddLicenses @(@{SkuId="license-sku-id"}) -RemoveLicenses @()

🔑 Not sure what SkuId to use? Run:

Get-MgSubscribedSku | select id, skupartnumber

This lists all available license types (along with their SKU IDs) in your tenant. Note: RemoveLicenses @() should be included for the command to work (even though you may not be removing any licenses).


Add to Security and Microsoft 365 Groups

Ensure the user has proper access and collaboration rights:

New-MgGroupMember -GroupId "group-id" -DirectoryObjectId "user-object-id"

📌 Use:

  • Security groups: for file/app/resource access.
  • Microsoft 365 groups: for Teams, Planner, and shared inbox access.

Set Department, Job Title

Update organizational metadata: 

Update-MgUser -UserId "jane.kumar@7xh7fj.onmicrosoft.com" `
-Department "Sales" `
-JobTitle "Territory Manager"

This helps with internal org charts, policies, and access controls.


Assign Roles (Optional)

Grant admin privileges only if needed:

$roleId = (Get-MgDirectoryRole -Filter "displayName eq 'Global Administrator'").Id
$body = @{
"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/2d6a3dc5-36af-494b-aebd-e2dd179077b2"
}
New-MgDirectoryRoleMemberByRef -DirectoryRoleId $roleId -BodyParameter $body

🛡️ Only assign roles like Global Admin or Exchange Admin to trusted individuals—these roles have high privileges.


Mailbox Setup

After license assignment, mailboxes are provisioned automatically.

➡️ For advanced configurations, use Exchange Online PowerShell as Graph PowerShell doesn’t manage mailbox settings directly.


Verify & Audit

Confirm the user is fully onboarded:

Get-MgUser -UserId "jane.kumar@yourdomain.com"

📊 You can also check in the Microsoft 365 Admin Center for the newly created user details (Users >> Active Users) or using Entra ID Admin Center (Entra ID >> All Users).


Final Thoughts

With just a few Graph PowerShell commands, you can automate and standardize the Microsoft 365 onboarding process. You can wrap all this into a PowerShell function or workflow script that takes parameters like name, department etc., and automates user onboarding. This ensures consistency, security, and speed, especially in growing organizations.

Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex