Microsoft 365 Groups is the cross-application membership service in Microsoft 365. A Microsoft 365 Group is an object in Azure AD with a list of members and connected to Microsoft 365 workloads, such as Microsoft Teams, Yammer community, SharePoint team site, Exchange Online mailbox, Planner, and more.
In this blog, we will explore how to find the connected or associated resource services (Ex: Teams, Yammer, Stream) of the groups with PowerShell, and find from which service the group has been created with Microsoft Graph API.
Summary
- Find Teams Enabled Microsoft 365 Groups
- Find Yammer Enabled Microsoft 365 Groups
- Find how the Group was created and find the associated services
Find Teams Enabled Microsoft 365 Groups
We can use the Get-UnifiedGroup cmdlet to list all the M365 Groups. Before you start, install the latest Exchane Online PowerShell module and run the following command to connect the module.
Connect-ExchangeOnline
The Get-UnifiedGroup cmdlet supports the property ResourceProvisioningOptions which provides the information of the group connected resources. We need to apply a filter with the ResourceProvisioningOptions property to get only the teams-enabled groups. The below command list the Teams enabled groups and their Group Id/Team Id (ExternalDirectoryObjectId).
Get-UnifiedGroup -Filter {ResourceProvisioningOptions -eq "Team"} -ResultSize Unlimited | Select DisplayName, ExternalDirectoryObjectId, SharePointSiteUrl
Note: The ResourceProvisioningOptions property might not contain the value “Team” for some old or inactive Teams.
The Get-UnifiedGroup cmdlet also supports the property ServiceEndpointUris which provides the URLs of the groups’ associated services. For Teams, the URL starts with MicrosoftTeams.TeamHomeURL. The below command list the Teams enabled group by checking the available service endpoints in the group.
Get-UnifiedGroup -ResultSize Unlimited | Where-Object {$_.ServiceEndpointUris -like "*MicrosoftTeams.TeamHomeURL*"}
Find Yammer Enabled Microsoft 365 Groups
The ResourceProvisioningOptions property is currently not populated for Yammer-enabled groups. We need to check the GroupSKU property which provides the value “Yammer” if the group was provisioned through Yammer.
Get-UnifiedGroup -ResultSize Unlimited | Where-Object {$_.GroupSku -eq "Yammer"}
We can also use the property ServiceEndpointUris which returns the Yammer endpoint URL of the group if the Yammer community is provisioned.
Get-UnifiedGroup -ResultSize Unlimited | Where-Object {$_.ServiceEndpointUris -like "*Yammer.FeedURL*"}
Find how the M365 Group was created and find the associated services using Microsoft Graph API
The List groups API from Microsoft Graph supports the property “creationOptions” which provides the details of the originating M365 service from which the group was created. We need an OAuth Access Token with the permission “Group.Read.All” (Application or Delegated) to call this API.
We can use the MSAL.PS library to acquire access tokens with Delegated permissions. Run the following command in PowerShell to install this module.
Install-Module -Name MSAL.PS
Run the following commands to get Access Token on behalf of a user.
#Provide your Office 365 Tenant Domain Name or Tenant Id
$TenantId = "contoso.onmicrosoft.com"
#$TenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
#Used the Microsoft Graph PowerShell app id. You can create and use your own Azure AD App id.
$AppClientId="14d82eec-204b-4c2f-b7e8-296a70dab67e"
$MsalParams = @{
ClientId = $AppClientId
TenantId = $TenantId
Scopes = "https://graph.microsoft.com/Group.Read.All"
}
$MsalResponse = Get-MsalToken @MsalParams
$AccessToken = $MsalResponse.AccessToken
Once you get the required Access Token, we can use the Invoke-RestMethod cmdlet to call the Rest API with the token. The below script retrieves all M365 Groups and exports the result to a CSV file.
#Provide your access token.
#$AccessToken="eyJ0eXAiOiJ......"
#Form request headers with the acquired $AccessToken
$headers = @{'Content-Type'="application\json";'Authorization'="Bearer $AccessToken"}
#This request gets all M365 groups with requested properties.
$ApiUrl = "https://graph.microsoft.com/v1.0/groups?`$filter=groupTypes/any(a:a eq 'unified')&`$select=id,displayName,creationOptions,resourceProvisioningOptions&`$top=999"
$Result = @()
While ($ApiUrl -ne $Null) #Perform pagination if next page link (odata.nextlink) returned.
{
$Response = Invoke-RestMethod -Method GET -Uri $ApiUrl -ContentType "application\json" -Headers $headers
if($Response.value)
{
$Groups = $Response.value
ForEach($Group in $Groups)
{
$Result += New-Object PSObject -property $([ordered]@{
GroupName = $Group.displayName
GroupId = $Group.id
CreationOptions = ($Group.creationOptions -join ',')
ResourceProvisioningOptions = ($Group.resourceProvisioningOptions -join ',')
})
}
}
$ApiUrl=$Response.'@odata.nextlink'
}
$Result | Export-CSV "C:\Temp\Microsoft365Groups.CSV" -NoTypeInformation -Encoding UTF8
Once you successfully run the above commands, run the following command to list all the groups. The property CreationOptions give us the originating M365 service from which the group was created. The property ResourceProvisioningOptions provides the list of resource services (such as Stream, Team, etc) that are connected with the group.
$Result | Select GroupName,CreationOptions,ResourceProvisioningOptions
The below output image shows the following type of groups.
- Group created from Yammer portal.
- Group created while creating a Team from Microsoft Teams client.
- Group created from existing SharePoint Online site using the Groupify feature.
- Teams feature enabled in the existing Group.
- Group created from Microsoft Stream portal or Stream feature enabled in the existing Group.