PowerShell: A Microsoft 365 Admin Roles Membership Report

Posted in MicrosoftTagged ,

Manually reviewing the membership roster for each of the dozens of RBAC roles in a Microsft 365 tenant is quite the undertaking. Since this is something I need to keep an eye on, I decided to automate a report. Run the script, then look in your documents folder for the report.

$UserCredential = Get-Credential
Connect-AzureAD -Credential $UserCredential

$AzureADRoles = @(Get-AzureADDirectoryRole)

foreach ($AzureADRole in $AzureADRoles) {

    Write-Verbose “Processing $($AzureADRole.DisplayName)”

    #Get the list of members for the role
    $RoleMembers = @(Get-AzureADDirectoryRoleMember -ObjectId $AzureADRole.ObjectId)

    #Loop through the list of members
    foreach ($RoleMember in $RoleMembers) {
        $ObjectProperties = [Ordered]@{
            “Role” = $AzureADRole.DisplayName
            “Display Name” = $RoleMember.DisplayName
            “Object Type” = $RoleMember.ObjectType
            “Account Enabled” = $RoleMember.AccountEnabled
            “User Principal Name” = $RoleMember.UserPrincipalName
            “Password Policies” = $RoleMember.PasswordPolicies
            “HomePage” = $RoleMember.HomePage
        }

        $RoleMemberObject = New-Object -TypeName PSObject -Property $ObjectProperties

        #Add the role member’s details to the array for the report data
        [void]$O365AdminGroupReport.Add($RoleMemberObject)
    }
}

$O365AdminGroupReport | Export-CSV -Path $env:userprofile\documents\0365AdminGroupReport.csv -NoClobber -NoTypeInformation

2 thoughts on “PowerShell: A Microsoft 365 Admin Roles Membership Report

  1. Pingback: The PowerShell Podcast Kubernetes is Easy with Anthony Nocentino – PowerShell.org
  2. Pingback: The PowerShell Podcast Kubernetes is Easy with Anthony Nocentino – 247 TECH

Leave a comment