Related features:

Related Powershell Guides:

How to update an Entra ID group using Microsoft Graph PowerShell

Updating groups ensures that access permissions, memberships, and policies remain accurate and aligned with organizational needs. This enhances security by preventing unauthorized access and improves collaboration by keeping the right users in the right groups. Admins can use the Update-MgGroup cmdlet in Microsoft Graph PowerShell to update Entra ID groups. However, this requires strong technical skills. For a streamlined, user-friendly approach, ADManager Plus provides a script-free alternative, empowering admins to effortlessly manage and update Entra ID groups in bulk, saving time and reducing the risk of errors.

  • ADManager Plus
  • PowerShell
 

Updating an Entra ID group using ADManager Plus

  1. Log in to the ADManager Plus admin console.
  2. Navigate to Microsoft 365 > Management > Group Management.
  3. Choose the group management action you want to perform. ADManager Plus helps you do a myriad of these actions, including creating and modifying groups in bulk.
Managing Microsoft 365 groups with ADManager Plus
Get started

Updating an Entra ID group using Graph PowerShell

Prerequisites

Before using the Update-MgGroup cmdlet, ensure the following prerequisites are met:

  • If the Graph PowerShell module is not installed, install it using this script:
    Install-Module Microsoft.Graph -Scope CurrentUser
  • Connect to Graph PowerShell with the following permissions (from the least to most privileged) to update an Entra ID group:
    Group.ReadWrite.All, Directory.ReadWrite.All,

Using the Update-MgGroup cmdlet

Run the following cmdlet in Graph PowerShell to update an Entra ID group:

Update-MgGroup -GroupId <String>
[-ResponseHeadersVariable <String>]
[-AcceptedSenders <IMicrosoftGraphDirectoryObject[]>]
[-AdditionalProperties <Hashtable>]
[-AllowExternalSenders]
[-AppRoleAssignments <IMicrosoftGraphAppRoleAssignment[]>]
[-AssignedLabels <IMicrosoftGraphAssignedLabel[]>]
[-AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]
[-AutoSubscribeNewMembers]
[-Calendar <IMicrosoftGraphCalendar>]
[-CalendarView <IMicrosoftGraphEvent[]>]
[-Classification <String>]
[-Conversations <IMicrosoftGraphConversation[]>]
[-CreatedDateTime <DateTime>]
[-CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]
[-DeletedDateTime <DateTime>]
[-Description <String>]
[-DisplayName <String>]
[-Drive <IMicrosoftGraphDrive>]
[-Drives <IMicrosoftGraphDrive[]>]
[-Events <IMicrosoftGraphEvent[]>]
[-ExpirationDateTime <DateTime>]
[-Extensions <IMicrosoftGraphExtension[]>]
[-GroupLifecyclePolicies <IMicrosoftGraphGroupLifecyclePolicy[]>]
[-GroupTypes <String[]>]
[-HasMembersWithLicenseErrors]
[-HideFromAddressLists]
[-HideFromOutlookClients]
[-Id <String>]
[-IsArchived]
[-IsAssignableToRole]
[-IsManagementRestricted]
[-IsSubscribedByMail]
[-LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]
[-Mail <String>]
[-MailEnabled]
[-MailNickname <String>]
[-MemberOf <IMicrosoftGraphDirectoryObject[]>]
[-Members <IMicrosoftGraphDirectoryObject[]>]
[-MembersWithLicenseErrors <IMicrosoftGraphDirectoryObject[]>]
[-MembershipRule <String>]
[-MembershipRuleProcessingState <String>]
[-OnPremisesDomainName <String>]
[-OnPremisesLastSyncDateTime <DateTime>]
[-OnPremisesNetBiosName <String>]
[-OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]
[-OnPremisesSamAccountName <String>]
[-OnPremisesSecurityIdentifier <String>]
[-OnPremisesSyncEnabled]
[-Onenote <IMicrosoftGraphOnenote>]
[-Owners <IMicrosoftGraphDirectoryObject[]>]
[-PermissionGrants <IMicrosoftGraphResourceSpecificPermissionGrant[]>]
[-Photo <IMicrosoftGraphProfilePhoto>]
[-Photos <IMicrosoftGraphProfilePhoto[]>]
[-Planner <IMicrosoftGraphPlannerGroup>]
[-PreferredDataLocation <String>]
[-PreferredLanguage <String>]
[-ProxyAddresses <String[]>]
[-RejectedSenders <IMicrosoftGraphDirectoryObject[]>]
[-RenewedDateTime <DateTime>]
[-SecurityEnabled]
[-SecurityIdentifier <String>]
[-ServiceProvisioningErrors <IMicrosoftGraphServiceProvisioningError[]>]
[-Settings <IMicrosoftGraphGroupSetting[]>]
[-Sites <IMicrosoftGraphSite[]>]
[-Team <IMicrosoftGraphTeam>]
[-Theme <String>]
[-Threads <IMicrosoftGraphConversationThread[]>]
[-TransitiveMemberOf <IMicrosoftGraphDirectoryObject[]>]
[-TransitiveMembers <IMicrosoftGraphDirectoryObject[]>]
[-UniqueName <String>]
[-UnseenCount <Int32>]
[-Visibility <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]

[<CommonParameters&

Supported parameters

The following are some essential parameters that can be used along with the Update-MgGroup command:

Parameters Description
-AcceptedSenders This parameter displays the list of users or groups allowed to create posts or calendar events in the group.
-AllowExternalSenders This parameter indicates if people external to the organization can send messages to the group.
-AppRoleAssignments This parameter displays the app roles granted to a group for an application.
-AssignedLabels This parameter displays the list of sensitivity label pairs (label ID, label name) associated with an Entra ID group.
-AssignedLicenses This parameter displays the licenses that are assigned to the group.

Limitations of using Graph PowerShell to update Entra ID groups

  • PowerShell scripts can get complicated with different use cases and scenarios.
  • IT admins can spend a lot of time debugging errors, which in turn negatively impacts productivity.
  • Delegation can get tricky since technicians require elevated permissions.

How ADManager Plus helps you manage Entra ID groups and more

ADManager Plus is an identity governance and administration solution with comprehensive Entra ID management and reporting capabilities. It helps you perform complicated admin tasks from a single, user-friendly console:

  • Manage groups, contacts, users, licenses, and other Entra ID objects with a script-free, centralized console.
  • Reduce human error by automating and orchestrating tasks such as user provisioning, deprovisioning, and license assignment across various platforms.
  • Delegate tasks to technicians without elevating their native privileges.
  • Keep a watchful eye on your IT environment with more than 200 prepackaged reports.
  • Monitor delegated activities through smart workflows.
  • Ensure business continuity with AD, Entra ID, and Google Workspace backup and recovery.

Perform script-free Entra ID management and reporting with ADManager Plus

Try it now for free
 
  • Updating an Entra ID group using ADManager Plus
  • Updating an Entra ID group using Graph PowerShell
  • Limitations of using Graph PowerShell to update Entra ID groups
  • How ADManager Plus helps you manage Entra ID groups and more
The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link