How to Get Microsoft 365 Group Reports Using PowerShell

Microsoft 365 Groups are the backbone of collaboration in the modern workplace. They’re the glue that connects Teams chats, SharePoint sites, Planner tasks, and Outlook conversations. However, manually tracking group ownership, membership, and usage trends can quickly become overwhelming.

Legacy reporting methods simply do not offer the automation and depth that modern administrators need. That’s why more organizations are turning to tools like Graph PowerShell and Graph Reports endpoints to generate reports.

These platforms automate repetitive tasks, like gathering membership data, and, more importantly, deliver richer datasets.

In this guide, we’ll show you how to automate Microsoft 365 group reporting using PowerShell and Graph Reports.

Automating Microsoft 365 group reports using PowerShell

PowerShell and Microsoft Graph are the two essential tools you’ll need to build a scalable and secure Microsoft 365 group reporting.

📌Prerequisites

• The Microsoft Graph PowerShell SDK and Exchange Online modules
• An Azure app registration configured with Reports.Read.All and Group.Read.All API scopes
• App-only or delegated credentials, stored securely in a Key Vault or an encrypted JSON file
• Admin permissions to access the Microsoft 365 tenant reporting and Exchange Online

Method 1: Conduct a complete group inventory using Microsoft Graph PowerShell

📌Use Case: This method establishes a secure connection to Microsoft Graph, which will enable you to query your Microsoft 365 data. It’s ideal for conducting a complete inventory of all groups in your tenant. This includes Teams-enabled and dynamic groups

A. Install and import modules

Install-Module Microsoft.Graph -Scope CurrentUser

Import-Module Microsoft.Graph

Connect-MgGraph -Scopes "Group.Read.All","Reports.Read.All"

This installs the SDK securely and connects it using the necessary permissions.

B. Use Get-MgGroup to inventory all Microsoft 365 Groups

Get-MgGroup -All | Select DisplayName,GroupTypes,Visibility,CreatedDateTime |

Export-Csv "C:\Reports\GroupInventory.csv" -NoTypeInformation

💡Tip: Filter the results by group type or naming convention to isolate Teams-enabled or dynamic groups.

Method 2: Retrieve membership and ownership using Exchange Online

📌Use Case: This method allows you to pull membership and ownership details directly from Exchange Online. It’s particularly useful for admins managing mail-enabled security groups or Microsoft 365 distribution lists.

A. Connect to Exchange Online:

Connect-ExchangeOnline -UserPrincipalName [email protected]

Get-UnifiedGroup | Select DisplayName,PrimarySmtpAddress,AccessType |

Export-Csv "C:\Reports\UnifiedGroups.csv" -NoTypeInformation

B. List group members or owners:

Get-UnifiedGroupLinks -Identity "<GroupName>" -LinkType Members |

Select Name,PrimarySmtpAddress

Export the results for review or audit documentation.

Method 3: Use Microsoft Graph Reports API to analyze group engagement

📌Use Case: This method lets you analyze group activity and lifecycle insights.

A. Call Graph Reports API for group activity

$uri = "https://graph.microsoft.com/v1.0/reports/getOffice365GroupsActivityDetail(period='D30')"

Invoke-MgGraphRequest -Method GET -Uri $uri |

ConvertFrom-Csv | Export-Csv "C:\Reports\GroupActivity_D30.csv" -NoTypeInformation

Compare activity counts to membership data to identify which groups are inactive, underused, or lacking ownership.

Method 4: Automate exports and scheduling

📌Use Case: This method allows you to generate group reports automatically for compliance and executive reporting.

1. Secure your app credentials by storing them in an encrypted JSON file.
2. Use a PowerShell scheduled task or Azure Automation runbook for cloud execution:

$timestamp = Get-Date -Format "yyyyMMdd_HHmm"
Get-MgGroup -All | Export-Csv "C:\Reports\Groups_$timestamp.csv" -NoTypeInformation

3. Enable logging for each run and make sure it includes key details, such as run timestamps, tenant name, record count, and success or failure status.
4. Optionally, you can feed the exported CSV files into Power BI or a compliance report pack.

Summary of best practices for getting Microsoft 365 group reports using PowerShell and Graph Reports

Practice	Purpose	Value Delivered
Graph cmdlets for inventory	Ensures alignment with modern Microsoft Graph APIs for retrieving group and directory data	Delivers accurate, reliable, and fully supported inventory results
Exchange Online for membership details	Strengthens governance by providing visibility into group ownership and access permissions	Allows administrators to confirm who owns each group and who has access to what
Graph Reports API for activity insights	Enables lifecycle visibility across groups by tracking usage and engagement patterns	Makes identifying inactive, redundant, or unowned groups easier
App-only authentication	Improves security by eliminating the need for interactive logins	Provides secure, token-based authentication that protects administrative access
Scheduled exports	Standardizes data collection through automation	Ensures repeatable reporting and continuous evidence for compliance audits

Validating and troubleshooting common issues

If your script returns errors or generates incomplete data, use the checklist below to identify and troubleshoot common issues.

• Empty Results: Verify tenant logging settings and check if the Graph API permissions are assigned correctly.
• Access Denied: Ensure that admin consent has been explicitly granted for all required API scopes in the Azure App Registration.
• Rate Limits: Apply delay or retry logic for larger tenants to slow down requests and avoid overwhelming the Graph API’s rate limits.
• Script Errors: Wrap query blocks in Try/Catch to handle exceptions properly and log the error for later review.
• Expired Tokens: Set up alerts for monitoring token expiration and rotate your app secrets regularly. This step ensures that your automated reports continue running.

Automation touchpoint for Microsoft 365 Group reporting

Automation can be a game-changer for MSPs. For example, a daily scheduled job that connects to Microsoft Graph using app-only authentication can help you:

• Retrieve group lists and activity metrics across multiple client tenants.
• Merge data into a unified CSV report, complete with timestamps.
• Automatically email reports to designated administrators.

This approach reduces the manual effort required of your team, allowing them to focus on more important tasks.

Simplifying Microsoft 365 group reporting with NinjaOne

NinjaOne makes Microsoft 365 group reporting effortless. It features a robust scripting engine that enables you to automate PowerShell deployments across client environments.

With secure credential storage, you can build scripts that deliver actionable insights, automatically generate CSV reports, and attach them directly to client documentation without compromising security.

Generate smarter Microsoft 365 Group Reports using PowerShell

Modern PowerShell reporting for Microsoft 365 Groups utilizes graph-based cmdlets and APIs, unlocking a level of precision and automation that legacy reporting methods can’t match.

By combining inventory, membership, and activity data into unified reports, you gain crucial visibility across every client tenant or business unit you manage. More importantly, this approach keeps your reporting process scalable and future-ready.

Related topics:

• How to Use Microsoft Graph API to Pull Compliance Reports Across Multiple Tenants
• How to Backup Microsoft 365 Exchange Online
• The Administrator’s Handbook to SharePoint Group Permissions: Setup, Management and Best Practices
• Using Microsoft Graph API with Windows PowerShell to Monitor and Manage Microsoft 365 Clients
• How To Generate MSP-friendly Compliance Reports From Microsoft Secure Score