Groups: Microsoft 365 With Owners

Retrieving all Microsoft 365 groups with Owners using Microsoft Graph.

PowerShell

Connect-MgGraph -Scopes @('Group.Read.All', 'User.Read.All')

$params = @{
    'All'      = $true;
    'PageSize' = '999';
    'Filter'   = "(groupTypes/any(c:c eq 'Unified'))";
    'Expand'   = 'owners($select=id,userPrincipalName,displayName)';
    'Select'   = 'id,displayName';
}
$m365groups = Get-MgGroup @params
$m365groupsWithOwners = $m365groups | Where-Object { $_.Owners.Count -ne 0 }
$m365groupsWithOwners | Select-Object Id, DisplayName, Owners `
| Select-Object Id, DisplayName, @{
    Name       = 'OwnersUpn';
    Expression = { $_.Owners.AdditionalProperties.userPrincipalName -join ', ' }
},
@{
    Name       = 'OwnersDisplayName';
    Expression = { $_.Owners.AdditionalProperties.displayName -join ', ' }
} `
| Export-Csv -Path ".\output.csv" -NoTypeInformation

Dependencies

Microsoft Graph SDK for PowerShell

Install-Module Microsoft.Graph -AllowClobber -Force

Connect-MgGraph

Using the Microsoft Graph Command Line Tools Enterprise Application:

Connect-MgGraph -Scopes @('')

Using an existing Access Token:

Connect-MgGraph -AccessToken (ConvertTo-SecureString 'ey..' -AsPlainText -Force)

Using an Application Registration (Platform: Mobile and desktop applications, redirect http://localhost):

Connect-MgGraph -ClientId 'abc..' -TenantId 'abc..'

Using a ClientId and Secret (Password):

$tenantId = ''
$clientId = ''
$secret = ConvertTo-SecureString '' -AsPlainText -Force
$secretCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secret)
$params = @{
    'SecretCredential' = $secretCredential
    'TenantId'         = $tenantId
}
Connect-MgGraph @params