🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Get User Group Membership Report in Azure Active Directory

Are you struggling to keep track of all Microsoft 365 groups a user is a member of? Imagine this: Your organization has multiple groups, projects, and departments, where users frequently engage between them. Managing those users along with their groups can be a real challenge. But don't worry! Explore effective methods to monitor Azure AD user group membership in Microsoft 365.

Native Solution

Microsoft 365 Permission Required

High

Global Admin or Privileged Role Admin.

Option 1 Using Microsoft Entra Admin Center

  • Sign-in to the Microsoft Entra admin center.
  • Go to 'All Users' tab under Identity»Users.
  • Select a user and then click on Groups under Manage.
  • Now you can see all the groups that the selected user is a member of.
Using Microsoft Entra Admin Center

Option 2 Using PowerShell Cmdlets

  • You can use PowerShell to get the group membership of Office 365 users. Install and connect the Azure Active Directory module. Then, run the following cmdlets to retrieve the list of Microsoft 365 groups a user is a member of.
  • Windows PowerShell Windows PowerShell
     Connect-AzureAD
    Get-AzureADUserMembership ‐ObjectId <User Object Id>
Using PowerShell Cmdlets

Steps Using PowerShell Script

  • To retrieve and export Azure AD users' group membership report in a detailed format without any difficulties, you can simply download and execute the below PowerShell script.
Using PowerShell Script
AdminDroid Solution
This report and 150+ more reports are under free editionFREE

AdminDroid Permission Required

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

ad
  • Open AdminDroid Office 365 Reporter.
  • Navigate to Reports»Azure AD»User Reports»Group Membership.
Using AdminDroid

Get the users' group membership report for all your Azure AD users along with information like group ID, group type, user mail, license status, sign-in status, etc.

admindroid-combo-view
  • Additionally, the report includes user-friendly features such as a bird's eye view, geo-map visualization, and charts. These elements simplify the analysis and identification of user's Microsoft 365 groups and their geographical locations.

Simple yet the best! Isn't it?

Master Microsoft 365 group memberships like a pro - Take control, secure access, and simplify Office 365 group management with AdminDroid.

Witness the report in action using the

Important Tips

Implement Microsoft 365 group expiration policy to efficiently manage users who belong to multiple groups. Set expiration dates for certain groups to automatically remove users' group memberships when they expire.

By utilizing group-based access, you can assign or revoke multiple licenses simply by adding or removing users from the group.

Azure AD nested groups allow creating parent groups with subgroups. Users added to parent groups gain automatic access to subgroups, simplifying user management in large organizations.

Azure ADFind All Office 365 Group Membership of a User for Effective User Management in Microsoft 365

Showing 1 of 5

Why do Azure AD users need group memberships?

Simplify access, boost productivity, and optimize resources! Azure AD user group memberships can satisfy all these at once! Some of the best reasons why users need group memberships are:

  • Streamlined Access Management User group memberships in Azure AD simplify access management by granting permission to specific file shares or SharePoint sites to a group, optimizing access permissions for these resources.
  • Enhanced Productivity Microsoft 365 organization can add users to groups to increase their efficiency by simplifying user management. Admins can assign roles and permissions to entire groups or departments with a few clicks.
  • Efficient Resource Allocation Utilizing Office 365 groups and its memberships allows seamless resource allocation. Assigning a specific license package to an entire group at once will ensure all members have same access to the required applications and services.
  • Impactful User Experience Azure AD users can experience improved collaboration, teamwork, and a more secure environment with Microsoft 365 group memberships.

Therefore, users with group memberships significantly enhance organizational efficiency! Conversely, users who are not a member of any groups may not contribute to the efficiency of the organization.

To avoid this, you need to monitor the users who are not in any groups and add them to their respective groups. This helps to utilize the benefits of Microsoft 365 group membership, resulting in increased collaboration.

Using AdminDroid, you can easily monitor the users not in any groups and take necessary actions to increase productivity and collaboration in your Microsoft 365 organization.

How to get Azure AD users with inherited Office 365 licenses?

To ensure proper resource allocation through M365 groups, we need to know the users with inherited licenses.

To get Azure AD users with inherited licenses, you can follow the below steps:

  • Login into the Microsoft Entra admin center.
  • Navigate to Billing»Licenses»All Products and click on Product.
  • Under the Assignment path, you can view the assigned path of license to the users.
users-with-inherited-licences

You can view a list of license-assigned groups for that particular product under the Licensed Group tab.

Do you want to review how your Microsoft 365 licenses are assigned?

Using AdminDroid, effortlessly track the group-based license activities and users with inherited licenses in a single report.

To accomplish this, simply refer to AdminDroid Licensed users report with the filter set to Is License Assigned via Group – equal – Inherited.

customize-column

To incorporate the necessary column into the report, you can follow the instructions provided in the AdminDroid Interactive Guide. Following these guidelines will assist you in seamlessly integrating the desired column and optimizing the overall report viewing experience.

What roles are assigned to an Azure AD group?

Azure AD group-based role assignments ensure that all members within a group inherit the assigned role. Consequently, Microsoft 365 admins should actively monitor these assignments to verify whether they have granted permissions to appropriate users.

By following the below steps, you can check the role assigned to the groups.

  • Login into Azure Active Directory Portal.
  • Navigate to Groups»Select any specific group»Click on Assigned Roles.

It shows all the assigned roles of the Microsoft 365 groups and access rights. Therefore, the members of those groups are also assigned or inherited with those roles. You can check the Members tab on the same page to verify all members of a group, roles and their access levels.

When checking the members list, it includes external user group memberships if any external user is part of the group.

roles-assigned-to-an-azure-ad-group

Stay in control, monitor Azure AD role assignments, and manage authorization wisely.

Using AdminDroid, you can easily export the list of group-based role assignments for the Microsoft 365 groups. To achieve that, you can refer User Added as Admin report with the ‘Role Added to – contains - Group’ filter.

save-as-view

Tip: Once you've set your filters, save them as a customized view! No need to re-apply filters every time. Also, effortlessly export Office 365 group members report to CSV whenever you need it.

How to monitor group members in Microsoft 365 groups?

Adding users in Office 365 groups is crucial for effective collaboration, streamlined management, and improved communication. To retrieve the list of Azure AD groups a user is member of, you can use the following approaches:

  • Azure Active Directory To get the user group membership list in Azure AD, navigate to Azure AD»Users»Select a user»Click on Groups under Manage.
  • Microsoft 365 Admin Center To check Azure AD user group membership list in the Microsoft 365 admin center, navigate to Users»Active users»select a user»Click on Manage groups in the user details pane.
  • PowerShell Cmdlets Run the PS script provided and get all Microsoft 365 group members using PowerShell.

However, Microsoft 365 admins must manually search for users' groups in Azure Active Directory or run complex PowerShell cmdlets to get Azure AD user group memberships.

With AdminDroid, you can easily monitor all groups and their members in Office 365 using the Group Member Changes’ report. It will be very helpful for admins when monitoring a more number of groups and users who belong to multiple M365 groups.

Are you wondering how to audit Azure Active Directory group membership changes?

Utilize AdminDroid’s chart feature and select by Added/Removed user to visualize the count of membership changes. You can use the time filter at your convenience to filter the group membership changes and their count over the specified time range.

monitor-quick-schedule

How to manage group members in Azure AD?

In order to manage Microsoft 365 users' group memberships, it is necessary to assign them to the appropriate Azure AD groups and ensure that access controls are in place. To prevent unnecessary group access, admins must regularly monitor the users' group membership in Azure Active Directory and take action to remove users from any group if they are not required in a group.

How to add a user to an Azure AD group?

  • Navigate to Groups»All Groups»Select Group.
  • Click on Add members under Members.
  • Enter username in search and then click on users.
  • Click on Select and add member to a Microsoft 365 group.
add-user-to-azure-ad

How to remove a user from an Azure AD group?

  • Navigate to Groups»All Groups»Select Group.
  • Select the check box of the respective Azure AD user.
  • Click on Remove and then click on Yes. to remove the user from the Microsoft 365 group.
remove-user-from-azure-ad

AdminDroid Azure AD ReporterElevate Azure AD user group membership management to new heights!

Say goodbye to tedious scripts and uncover group memberships in a snap! AdminDroid Azure AD reporting and auditing tool provides an intuitive interface that allows you to quickly access and explore a Microsoft 365 user's group membership report, saving valuable time and effort.

Out-of-the-box capabilities that AdminDroid offers you to manage Azure AD user's group membership are listed below

The All Users Group Membership report offers comprehensive details regarding the Microsoft 365 group membership of users, which includes the group ID, group type, user email, license status, signin status, and more. The report serves as a valuable resource for administrators to manage Office 365 user groups effectively.

A Quick Summary

Comprehensive List of Azure AD Reports

Effortlessly locate all users and their group membership in your Microsoft 365 environment. Conveniently verify who has access to different resources in a single interface.

Dedicated Dashboard with M365 Insights

Gain a rapid overview of all group report data directly from Azure AD dashboard and utilize deeper insights into your Microsoft 365 environment.

Automated Report Generation and Scheduling

AdminDroid’s scheduling functionality will automatically forward the user membership changes to the manager’s mailbox periodically. Thus ensuring proper membership management.

Various Export Formats and Customization

Export reports in multiple formats with advanced filtering, column merging, and sorting features. Customize your reports to admins' preferences, providing accurate insights for streamlined sharing.

Advanced Alerting for Group Management

AdminDroid provides real-time alerts for group owners' changes that helps Microsoft 365 admins to stay informed about ownership changes and ensures the right users are in charge of group management.

Up-to-date Group Memberships

AdminDroid's hassle-free auto-syncing ensures that you have real-time details on user group memberships. This feature helps you stay updated with recent Microsoft 365 group memberships.

Overall, AdminDroid provides powerful features that empower you to efficiently manage and track Azure AD user group membership list for Microsoft 365 administration. You can also monitor users not in any group, recently created, deleted, enabled and disabled users report, ensuring control over the users in your Office 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps for User Group Membership

The following are possible errors and troubleshooting hints while dealing with users’ group membership management.

Error: Insufficient privileges to add the selected memberships.

This error will appear if the user or admin did not have sufficient privilege to do the action.

Troubleshooting hint :Ask your global admin to provide you with the necessary Microsoft 365 group permissions. If you are the global admin and still cannot add members, then the group is likely a dynamic Office 365 group, which manages membership based on predefined conditions.

Error: Inherited license assignments cannot be removed from the user directly. To remove the license, you must remove them from their group

This error occurs when you try to directly remove the license of a user when the license assignment is inherited via a group.

Troubleshooting hint :Check whether the license assignment is direct or inherited. If it is inherited, remove the member from their group to remove that specific license.

Error: You must call the Connect-AzureAD cmdlet before calling any other cmdlets.

When you try to get Azure AD user membership through command lines before connecting the Azure AD module, this error will occur.

Troubleshooting hint :To overcome this error, install and connect your Azure AD PowerShell module before using this cmdlet.

Install-Module AzureAD
Connect-AzureAD

Error: You don't have access to this. Your sign-in was successful but you don't have permission to access this resource.

In general, this error occurs when a restriction is imposed by a conditional access policy on your Microsoft 365 account.

Troubleshooting hint :Indicate the issue to the admin and ask to exclude you from the conditional access policy to get the Microsoft 365 group membership of a user.