How to List Hidden Group Memberships with the Graph

Listing hidden group membership with the Graph

A user reported that a script didn’t list any details of hidden group memberships and asked why. The reason is that a separate Graph permission controls access to hidden group memberships. If an app doesn’t have the permission, the Graph returns null memberships, which is probably not all that helpful. Once the right permission is in place, everything works.

Microsoft Graph Doesn’t Support Custom Attributes for Groups

Container management labels are an effective way to ensure that groups, teams, and sites have the right settings. The Graph doesn’t support custom attributes for groups, so these attributes aren’t available to store details of the “approved” container management label to check if anyone has changed the label after the original assignment. Time to find a new way to store this data.

Mastering the Foibles of the Microsoft Graph PowerShell SDK

After a while, you discover the holes in any technology. In the case of the Microsoft Graph PowerShell SDK, some inconsistencies await unwary developers. The SDK doesn’t like $Null, doesn’t support pipelining, insists on specific property casing at times, sometimes accepts user principal names and sometimes doesn’t, and sticks valuable data in hash tables hiding in a property you might know nothing about. Good as it is to have the SDK cmdlets, they need to be treated with care as you transition from the old Azure AD and MSOL modules.

Fetching Group Membership Information for an Entra ID User Account

As developers update PowerShell scripts in preparation for the deprecation of the Azure AD and MSOL modules, they might need to insert new code to retrieve the membership of Entra ID groups for specific accounts. We cover that topic here, including the interesting case of the AdditionalProperties property returned by several Microsoft Graph PowerShell SDK cmdlets and the valuable information found there.

Reporting Group Membership for Entra ID Guest Accounts with the Microsoft Graph PowerShell SDK

Entra ID Guest Accounts have a habit of becoming stale or obsolete as time progresses. Guest accounts created to share documents or to be a member of a long-forgotten team or group remain in Azure AD until someone comes to clean them up. This article explains how we refreshed a popular script to use cmdlets from the Microsoft Graph PowerShell SDK to report guest accounts with different degrees of staleness.

Basic Entra ID Group Management with the Microsoft Graph PowerShell SDK

The Microsoft Graph SDK for PowerShell includes cmdlets to create Entra ID Groups and manage those groups afterward. The cmdlets work and in some places they are screamingly fast compared to Exchange Online or Azure AD cmdlets. In other places, the cmdlets are a tad bizarre and expose a little too much of their Graph underpinnings. Oh well, at least after reading this article, you’ll know where the holes lie.