M365Corner
M365 PowerShell

Update-MgGroup: How to Modify Microsoft 365 Groups

This article provides a step-by-step guide to using the Update-MgGroup cmdlet in Microsoft Graph PowerShell. Learn how to modify Microsoft 365 group properties, such as display name, description, and visibility, with examples for single and bulk updates

The Update-MgGroup cmdlet in the Microsoft Graph PowerShell module allows administrators to modify the properties of existing Microsoft 365 groups. This article will guide you through the prerequisites, cmdlet syntax, usage examples, tips, common errors, and solutions for the Update-MgGroup cmdlet.


Prerequisites

  • Microsoft Graph PowerShell Module: Install the module if you haven't already. 
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Microsoft 365 Admin Privileges: Ensure you have the necessary administrator privileges (like User Administrator or Global Administrator) to update groups.
  • Group.ReadWrite.All Graph API Permission: Ensure you possess the Group.ReadWrite.All Graph API permission needed to access and modify M365 groups.
  • Authentication: Connect to Microsoft Graph with the required scopes (API Permissions) by running the following command: 
    Connect-MgGraph -Scopes "Group.ReadWrite.All"

Cmdlet Syntax

Update-MgGroup -GroupId <String> [-DisplayName <String>] [-Description <String>] [-MailNickname <String>] [-Visibility <String>] [-SecurityEnabled <Boolean>] [-MailEnabled <Boolean>] [-WhatIf] [-Confirm] []
  • -GroupId: (Required) The ID of the group to update.
  • -DisplayName: (Optional) The new display name for the group.
  • -Description: (Optional) The new description for the group.
  • -Visibility: (Optional) The new visibility setting for the group (Public or Private).
  • -SecurityEnabled: (Optional) Specifies if the group is a security group.
  • -MailEnabled: (Optional) Specifies if the group is mail-enabled.
  • -WhatIf: (Optional) Shows what would happen if the cmdlet runs. The cmdlet is not executed.
  • -Confirm: (Optional) Prompts for confirmation before executing the cmdlet.

Usage Examples


Update Group Display Name and Description

You should pass in the new display name and description along with Group ID.

Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DisplayName "New Group Name" -Description "Updated group description"

Change Group Visibility to Private

You should pass in the new group visibility along with Group ID.

Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -Visibility Private

Add Members to a Group

You should use New-MgGroupMember cmdlet to add or update members of a group

$members = @("8a7c50d3-fcbd-4727-a889-8ab232dfea01", "9a6d50d3-fcbd-4727-a889-8ab232dfea02")
foreach ($member in $members) {
    New-MgGroupMember -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DirectoryObjectId $member
}

Remove Members from a Group

You should use Remove-MgGroupMemberByRef cmdlet to remove members from a group

$members = @("8a7c50d3-fcbd-4727-a889-8ab232dfea01", "9a6d50d3-fcbd-4727-a889-8ab232dfea02")
foreach ($member in $members) {
    Remove-MgGroupMemberByRef -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DirectoryObjectId $member
}

Add Owner to a Group

You should use New-MgGroupOwner cmdlet to add or update members of a group

$members = @("8a7c50d3-fcbd-4727-a889-8ab232dfea01", "9a6d50d3-fcbd-4727-a889-8ab232dfea02")
foreach ($member in $members) {
    New-MgGroupOwner -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DirectoryObjectId $member
}

Remove Owner from a Group

You should use Remove-MgGroupOwnerByRef cmdlet to owners from a group

$members = @("8a7c50d3-fcbd-4727-a889-8ab232dfea01", "9a6d50d3-fcbd-4727-a889-8ab232dfea02")
foreach ($member in $members) {
    Remove-MgGroupOwnerByRef -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DirectoryObjectId $member
}

Update a Group's Mail Nickname

To change the mail nickname (alias) of a Microsoft 365 group, execute the following command:

Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -MailNickname "NewAlias"

Note:Modifying the mail nickname affects the group's email address, so ensure the new alias aligns with your organization's naming conventions.

Enable or Disable a Group's Mail and Security Settings

To configure a group's mail-enabled and security-enabled settings, use:

Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -MailEnabled $true -SecurityEnabled $false

This command enables the group to receive emails while disabling its security group capabilities.

Updating Group From Microsoft 365 Admin Center

You should do the following to update a group using Microsoft 365 admin center:

  • Click Teams & Groups >> select Active teams & groups option. All the groups in your tenant get listed.
  • Select the group you wish to update or edit. The Group flyer opens up. Click the Edit button to modify the settings.
  • Adding Group Owners: Select Membership tab >> click Owners option >> click Add owners
  • Adding Group Members: Select Membership tab >> click Members option >> click Add members

Cmdlet Tips

  • Validate Group ID: Ensure the Group ID is correct to avoid updating the wrong group.
  • Test Changes: Use the -WhatIf parameter to see what changes will be made without actually applying them.
  • Error Handling: Use try-catch blocks to handle errors gracefully in your scripts.

Use Cases

  1. Modifying Group Properties to Reflect Organizational Changes:
    • Scenario: As organizations grow or restructure, group properties like names, descriptions, or membership settings may need to be updated to reflect new roles or departments.
    • Implementation: Use Update-MgGroup to modify properties such as DisplayName, Description, and MailNickname to align with the organization's evolving structure.
    • Benefit: Keeps group settings up-to-date with organizational changes, ensuring that teams and departments have accurate representations within Microsoft 365.
  2. Managing Access for Security Groups:
    • Scenario: IT administrators need to regularly review and update access permissions for security groups to ensure that only authorized users have access to sensitive resources.
    • Implementation: Use Update-MgGroup to change membership settings or group types, such as switching a group from "Security" to "Microsoft 365" to enable collaboration features.
    • Benefit: Enhances security by ensuring that group configurations are in line with the organization's access control policies, preventing unauthorized access.
  3. Updating Group Settings for Improved Collaboration:
    • Scenario: To improve collaboration, teams may need to modify their Microsoft 365 group settings, such as allowing external guests or enabling specific communication options.
    • Implementation: Use Update-MgGroup to adjust settings that control group features, such as enabling or disabling guest access and changing the visibility of the group.
    • Benefit: Optimizes group functionality to better support collaborative efforts, allowing teams to adjust their settings to meet specific needs without compromising security.
  4. Automating Group Management Tasks:
    • Scenario: Large organizations with many groups require automated processes to keep group properties and settings consistent across the organization.
    • Implementation: Use Update-MgGroup in scripts that automatically adjust group settings based on predefined criteria, such as periodic updates to descriptions or group owners.
    • Benefit: Reduces manual work for IT teams by automating group management tasks, ensuring that all groups adhere to organizational standards and guidelines.

Possible Errors and Solutions

Error Cause Solution
ResourceNotFound The specified Group ID does not exist. Verify the Group ID and try again. Use Get-MgGroup cmdlet to verify group id.
InsufficientPrivileges The user does not have sufficient privileges to update the group. Ensure you have the necessary permissions and try again. Group.ReadWrite.All is the Graph API permission you need.
InvalidRequest One or more parameters are invalid. Check the parameter values and ensure they meet the requirements.

Always include a try-catch block within your scripts so that you can catch errors successfully.

try {
    Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DisplayName "New Group Name"
} catch {
    Write-Host "An error occurred: $_"
}

Frequently Asked Questions

  • What is Update-MgGroup used for?

    • Update-MgGroup is a Microsoft Graph PowerShell cmdlet used to modify properties of Microsoft 365 groups, such as display name, description, visibility, and membership settings.

  • How can I update a group’s display name and description?

    • You can update a group’s properties using the -BodyParameter parameter:

        $Body = @{
"displayName" = "New Group Name"
"description" = "Updated group description"
}
Update-MgGroup -GroupId "" -BodyParameter $Body
  • How can I bulk update group properties using a CSV file?

    • Prepare a CSV file with the following format:

       GroupId,DisplayName,Description
,New Group Name 1,Updated Description 1
,New Group Name 2,Updated Description 2

    Use this script to process the CSV and update group properties:

     $Groups = Import-Csv -Path "C:\Path\To\File.csv"
foreach ($Group in $Groups) {
$Body = @{
"displayName" = $Group.DisplayName
"description" = $Group.Description
}
Update-MgGroup -GroupId $Group.GroupId -BodyParameter $Body
}
  • How can I update multiple properties of a group simultaneously?

    • You can modify multiple properties in a single Update-MgGroup command by specifying each property and its new value. For example:

    Update-MgGroup -GroupId "12345678-90ab-cdef-1234-567890abcdef" -DisplayName "New Group Name" -Description "Updated Description" -Visibility "Private"

    This command updates the group's display name, description, and visibility settings simultaneously.

  • What permissions are required to use the Update-MgGroup cmdlet?

    • To execute the Update-MgGroup cmdlet, your account must have the Group.ReadWrite.All permission in Microsoft Graph. Additionally, you should have administrative roles such as User Administrator or Global Administrator in Azure Active Directory to modify group properties. Ensure you connect to Microsoft Graph with the necessary scopes:

    Connect-MgGraph -Scopes "Group.ReadWrite.All"

    By integrating these additional examples and FAQs, your article will provide a more comprehensive guide to managing Microsoft 365 groups using the Update-MgGroup cmdlet.


🛠️ Update Only What You Need

You don’t have to pass every group property when using Update-MgGroup.
Just include the fields you intend to change within the -BodyParameter hashtable — others will remain unaffected.

This minimizes the risk of overwriting unrelated group data.
✏️ Group Description Has a 256 Character Limit

When updating the description field for a Microsoft 365 group, note that it must not exceed 256 characters.
Longer inputs will throw a BadRequest error.

Keep your updates concise and well within this limit to avoid issues.

Conclusion

The Update-MgGroup cmdlet is a versatile tool for managing Microsoft 365 groups' properties. To manage group members, use the New-MgGroupMember and Remove-MgGroupMember cmdlets. By understanding these cmdlets and their usage, administrators can efficiently manage group properties and memberships. Always test changes with the -WhatIf parameter and handle errors to ensure smooth operations.

For more detailed information, refer to the Microsoft Graph PowerShell Update-MgGroup documentation.

Suggested Reading

Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex