🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Find Users Not in Any Groups in Microsoft 365

Users not in any groups can easily go unnoticed when admins primarily rely on groups to manage user permissions, resources, licenses, etc. This can lead to potential inactivity or a lack of access to essential files or teams in Microsoft 365. Therefore, identifying and managing these users is crucial for maintaining security and engagement. This guide will help you find users who are not part of any group, ensuring they are effectively managed in Microsoft 365.

Option 1
Option 2
Option 3
Important Tips
Errors and Resolution Steps
FAQs

Using Windows PowerShell

Microsoft 365 Permission Required
Reports Reader Least Privilege
Global Admin Most Privilege
  • Connect to the Microsoft Graph PowerShell using the cmdlet below.
  • Windows PowerShell Windows PowerShell 
     Connect-MgGraph -Scopes 'User.Read.All'
  • Run the below cmdlet to get all users without Azure AD group memberships.
  • Windows PowerShell Windows PowerShell 
     Get-MgUser -All | Where-Object { (Get-MgUserMemberOf -UserId $_.Id).Count -eq 0 }
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Reports Reader Least Privilege
Global Admin Most Privilege
  • We created a PowerShell script to provide deeper insights into users without group membership in Microsoft 365.
  • This script identifies users who are not members of any groups, along with essential details such as license status, account status, department, and admin roles.
  • To retrieve users not in any groups in Microsoft 365, download and run the following script as shown below.
  • Windows PowerShell Windows PowerShell 
     ./UserMembershipReport.ps1 -UsersNotinAnyGroup
Using PowerShell Script
UserMembershipReport.ps1
AdminDroid Microsoft 365 Groups Reporting

Unlock efficient management of users not in any groups!

AdminDroid's Azure AD reporting tool offers the ultimate one-stop solution for Microsoft 365 management. It delivers exclusive reports on all data within your Azure AD environment. From user and group reports to in-depth insights, it empowers you to monitor, analyze, and secure your Microsoft 365 infrastructure with unmatched ease.

Stay Updated on Users Without Group Membership

Use AdminDroid’s scheduling feature to receive regular updates on users without group membership and proactively add them to the appropriate groups to fix access issues.

Ensure Proper Group Membership During Role Transitions

Monitor group member changes to ensure that when a user's admin role changes, they are promptly removed from outdated groups and added to the relevant groups.

Identify Users Without Managers to Ensure Necessary Group Access

Identify users with no managers in Microsoft 365 to ensure effective oversight and appropriate group allocation which prevent gaps in accountability and access management.

Manage Permissions of External Users Without Group Membership

Utilize the filters available on the external users' report to identify external users without group memberships and ensure their direct permissions are consistently controlled to maintain security.

Track Activities of Users Not in Any Groups Across Microsoft 365

Filter the user activity trend dashboard based on the UPN of the user(s) without group memberships to identify activities performed by them across all M365 services.

Verify Disabled Users Have No Group Membership Access

Track groups with disabled users to ensure they are not in any sensitive groups, as re-enabling them without considering their group membership can lead to instant access and potential security risks.

AdminDroid’s Azure AD management tool provides detailed reports to manage users not in any groups within Microsoft 365, including disabled users and inactive users. These insights enhance access management, reduce risks, and ensure that users have appropriate permissions based on their roles.

Explore a full range of reporting options
Download Live Demo

Important Tips

Automate the user onboarding process to ensure that every new user is added to the relevant group in Microsoft 365, enhancing their collaboration from day one.

Allow users to request group access through the MyApps Groups portal using self-service group management to ensure they have the right access without needing admin help.

Avoid permission gaps by managing user role changes with workflows that automatically assign users to their relevant groups when their roles change.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while tracking users with no groups in Microsoft 365.

Error Get-MgUser : Authentication needed. Please call Connect-MgGraph.

This error occurs in PowerShell when you execute the cmdlet before connecting to the Microsoft Graph module.

Fix Install and connect to the Microsoft Graph module before running the cmdlet. 
//Execute the below cmdlet to install the Microsoft Graph module.
Install-Module Microsoft.Graph
//Run the below command to connect to the Microsoft Graph.
Connect-MgGraph

Error Needs permission to access resources in your organization that only an admin can grant.

This error may occur when you try to run the script with an account that lacks the necessary admin permissions to access the user details.

Fix Ensure that your account has appropriate permission to access the users' details in Microsoft 365.

Error Get-MgUser : One or more errors occurred.

This error may occur while running the cmdlet in PowerShell if more than one Graph module is installed.

Fix Use the cmdlet below to check all the installed versions of the Graph module in your PowerShell. If multiple versions are available, remove all previously installed versions of the Microsoft Graph modules and install the latest version to ensure all dependencies are up to date. 
Get-Module -Name Microsoft.Graph -ListAvailable

Error Get-MgUser : Insufficient privileges to complete the operation.

This error occurs in PowerShell when you execute the 'Get-MgUser' cmdlet without the necessary permissions.

Fix Reconnect to Microsoft Graph with appropriate permissions. 
Connect-MgGraph -Scopes "User.Read.All"
Azure AD

Frequently Asked Questions

Efficiently Manage Users Not in Any Azure AD Groups for SreamLined Access in Microsoft 365

What are the impacts of users without group membership in Microsoft 365?

What are the impacts of users without group membership in Microsoft 365? +

In Microsoft 365, group memberships are essential for effective user management, security, and collaboration. When users are not assigned to any relevant groups, several challenges may arise that can hinder operational efficiency and security. Understanding these impacts is crucial for maintaining a well-organized and secure Microsoft 365 environment.

  • Increased Administrative Workload: Managing users without group memberships requires more manual effort to ensure proper configurations, as they do not benefit from automated processes tied to group memberships. Consequently, identifying and managing these users can be time-consuming.
  • Complicated License Management: Manual license assignment becomes necessary since you can't manage licenses for users not in any groups using group-based licensing. This can lead to errors, resulting in increased licensing costs or unnecessary licenses for users.
  • Complex Permission Management: Managing permissions for these users complicates access control. You may find it challenging to ensure that these users have the appropriate permissions to access respective resources for their workflows.
  • Increased Security Risks: These users may retain access to sensitive information without proper oversight, such as Conditional Access policies and MFA. This lack of control can create vulnerabilities that attackers might exploit, increasing your organization's risk profile.

How to automatically add users to groups in Microsoft 365?

How to automatically add users to groups in Microsoft 365? +

Imagine a project manager needs access to specific resources in a group for a critical project. Without being assigned to that group, they cannot access necessary files or collaborate with the team, which can delay project timelines. To prevent such issues, you can automate their group membership to ensure users are always included in relevant groups in Microsoft 365.

Features to automate the group membership of Microsoft 365 users

  • Dynamic Group Membership: In M365, collaboration and resource management are facilitated through Microsoft 365 groups and security groups. However, managing these group's membership is typically done manually, which can lead to errors, such as missing users who need to be added.

    In these instances, you can create Microsoft 365 groups with dynamic membership in Azure AD or update security groups with dynamic membership. This automatically adds group members based on attributes such as roles, job titles, departments, etc., without manual intervention.
  • Dynamic Distribution Groups: When your requirement for the group is only mail communication, you can create a dynamic distribution group in Microsoft 365. These groups automatically add group members based on filters applied to specific user attributes, such as job title, department, or location, eliminating the need for manual updates. This ensures the users receive emails sent to their relevant groups.

    Note: The membership of a dynamic distribution group is updated every 24 hours based on the conditions you set.

Handy Tip: Regularly review group memberships to identify any users who may have been overlooked for inclusion in relevant groups and ensure that all authorized users are assigned to the appropriate groups.

How users not in any Azure AD groups can be managed in Microsoft 365?

How users not in any Azure AD groups can be managed in Microsoft 365? +

Identifying Microsoft 365 users without group membership is only the beginning, proper management of these users is key to resolving potential issues. Without proper attention, these users may experience access limitations and security risks. To ensure a seamless workflow and maintain security standards, consider the following proactive measures to manage these users.

  • Add Users to the Group: After identifying users not in any Azure AD groups, check if they are active accounts that require relevant group assignments. If so, add the user to the Azure AD groups based on their roles and responsibilities.
  • Grant Individual Permissions: For external users collaborating temporarily, granting group permissions may not be necessary. In these situations, you can assign specific permissions to individual resources, such as Word documents or files.

    Note: To ensure proper authentication for accessing these resources, security policies must be applied individually. While this approach enhances security, it increases administrative overhead due to the need to grant direct permissions.
  • Efficient Offboarding: If user accounts remain in your organization without group memberships and are no longer needed, you can remove them by following proper Microsoft 365 offboarding practices.

    Tip: You can automate the Office 365 offboarding process to minimize human errors and create a streamlined, secure approach.

These are some of the best practices for managing Office 365 users not in any groups. By applying these methods, you can effectively manage users without group memberships in Microsoft 365.

+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Find Users Not in Any Groups in Microsoft 365
Azure AD Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo