I had written a post last year for a PowerShell script that would get all the M365 License information for all users in your tenant and output the data to a CSV file that could be saved as a report. Since then, the legacy modules for AzureAD and MSOnline are being deprecated and replaced with Microsoft Graph. In this blog post, I will show how to use the Microsoft Graph SDK to update this script to use Microsoft Graph to gather and report the same information. Original Post is HERE.


Note, this script can be used in all tenant types, including Government Cloud and Commercial Cloud. As will all scripts, please test the script in a test environment before placing into production and running it. Although I have successfully tested this script, I cannot guarantee functionality. LDLNET does not claim any responsibility for the use or modification of this script.


You will need to create a Enterprise Application in Azure for the Microsoft Graph SDK to connect to as an API endpoint and set the proper permissions. This script requires the User.Read.All and the DIrectory.Read.All permissions as a minimum so that the API can read the User and License Information when queried by the API

Setup the Application in Azure

Step 1: Register the Application in Azure

  • Navigate to the Azure portal and sign in with your account.
  • Go to Azure Active Directory > App registrations > New registration.
  • Enter a name for the application (like MS Graph SDK PowerShell), select the supported account types, and provide the redirect URI if necessary.
  • Click on Register to create the application.

Step 2: Configure Permissions

  • Once the app is registered, go to API permissions > Add a permission.
  • Choose Microsoft Graph > Application permissions and select the appropriate permissions for reading and writing user and license information.
  • For reading and writing user data, add permissions like User.ReadWrite.All.
  • For managing licenses, add permissions like Directory.ReadWrite.All.
  • After adding the permissions, click on Grant admin consent to apply these permissions.

Step 3: Generate Client ID and Secret

  • In the application’s overview page, copy the Application (client) ID; this will be your clientID.
  • Go to Certificates & secrets > New client secret.
  • Add a description and set an expiry for the secret key.
  • Once created, copy the Value of the client secret; this will be your secret key. You will not be able to copy this key again after this, so save the key to use in the script later or else you will have to create a new key!


The script is pretty self-explanatory. I have tried to provide as much information as possible with comments to help show what is happening in the script. Please review the notes section in the script for functionality and the example on how to run the script.


The Output will be in a CSV format file that will have separate columns for the main licenses (Sku) and the add-ons (Service Plans). The format should allow you to sort on the license or add-ons and get a list of UPNs that have that enabled on their account. This can be very helpful when doing a migration or an audit of your tenant.


As we move away from the legacy tools, we will need to be able to use the Microsoft Graph SDK to do the same tasks as those old tools did. Good luck with your scripting! Be sure to continually check for updates!

About Lance Lingerfelt

Lance Lingerfelt Profile Photo

Lance Lingerfelt is an M365 Specialist and Evangelist with over 20 years of experience in the Information Technology field. Having worked in enterprise environments to small businesses, he is able to adapt and provide the best IT Training and Consultation possible. With a focus on AI, the M365 Stack, and Healthcare, he continues to give back to the community with training, public speaking events, and this blog.

Get E-Mail Updates
I agree to have my personal information transfered to MailChimp ( more information )
Want to know when I post new content? Sign up here to get an email when I do post!
I despise spam. Your email address will not be sold or shared with anyone else.