microsoftgraph · KenitoInc · Oct 2, 2024 · Sep 19, 2024 · Sep 20, 2024 · Sep 20, 2024
@@ -105,6 +105,16 @@ Get-EntraBetaAuditSignInLog -Filter "createdDateTime ge 2024-07-01T00:00:00Z and
 
 This example shows how to retrieve sign-in logs between dates.
 
+### Example 5: List failed sign-ins for a user
+
+```powershell
+Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All'
+$failedSignIns = Get-EntraBetaAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0"
+$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize
+```
+
+This example demonstrates how to retrieve failed sign-ins for a user.
+
 ## Parameters
 
 ### -All

@@ -135,6 +135,24 @@ TestApp1    aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-ccccccc
 
 This cmdlet retrieves deleted applications having specified display name.  
 
+### Example 6: Get deleted applications with deletion age in days
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+Get-EntraBetaDeletedApplication |
+    Select-Object DisplayName, Id, AppId, SignInAudience, PublisherDomain, DeletedDateTime,
+        @{Name='DeletionAgeInDays'; Expression={(Get-Date) - $_.DeletedDateTime | Select-Object -ExpandProperty Days}} |
+    Format-Table -AutoSize
+```
+
+```Output
+DisplayName           Id                                   AppId                                SignInAudience PublisherDomain        DeletedDateTime      DeletionAgeInDays
+-----------           --                                   -----                                -------------- ---------------        ---------------      -----------------
+Entra PowerShell App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg   contoso.com 9/18/2024 7:41:44 AM                 1
+```
+
+This cmdlet retrieves deleted applications with deletion age in days.
+
 ## Parameters
 
 ### -All

@@ -220,6 +220,37 @@ Global secure access app     00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-
 
 This example demonstrates how to retrieve all Global secure access apps.
 
+### Example 11: List all applications without user assignment
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+Get-EntraBetaServicePrincipal -All | Where-Object {$_.appRoleAssignmentRequired -ne 'true'}
+```
+
+```Output
+DisplayName         Id                                   AppId                                SignInAudience         ServicePrincipalType
+-----------         --                                   -----                                --------------         --------------------
+App without user assignment     00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777                         Application
+```
+
+This example demonstrates how to retrieve all applications without user assignment.
+
+### Example 12: List all SAML application details
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+$servicePrincipal = Get-EntraServicePrincipal -Filter "PreferredSingleSignOnMode eq 'saml'"
+$servicePrincipal | Select-Object Id, DisplayName, AccountEnabled, AppId, PreferredSingleSignOnMode, AppRoleAssignmentRequired, SignInAudience, NotificationEmailAddresses, PreferredTokenSigningKeyEndDateTime, PreferredTokenSigningKeyValid, ReplyUrls,LoginUrl, LogoutUrl | Format-Table -AutoSize
+```
+
+```Output
+Id                                   DisplayName                           AccountEnabled AppId                                PreferredSingleSignOnMode AppRoleAssignmentRequired SignInAudience NotificationEmailAddresses
+--                                   -----------                           -------------- -----                                ------------------------- ------------------------- -------------- --------------
+00001111-aaaa-2222-bbbb-3333cccc4444 SAML App                             True            33334444-dddd-5555-eeee-6666ffff7777 saml                              True                    AzureADMyOrg   {admin@Contoso}
+```
+
+This example demonstrates how to retrieve all SAML application details.
+
 ## Parameters
 
 ### -All

@@ -82,7 +82,29 @@ This example demonstrates how to retrieve specified subscribed SKUs to Microsoft
 
 - `-ObjectId` parameter specifies the ID of the SKU (Stock Keeping Unit).
 
-### Example 3: Get a list of users, their assigned licenses, and licensing source
+### Example 3: Retrieve all users assigned a specific license
+
+```powershell
+Connect-Entra -Scopes 'Organization.Read.All'
+$sku = Get-EntraBetaSubscribedSku | Where-Object { $_.SkuPartNumber -eq 'DEVELOPERPACK_E5' }
+$skuId = $sku.SkuId
+$usersWithDeveloperPackE5 = Get-EntraBetaUser -All | Where-Object {
+    $_.AssignedLicenses -and ($_.AssignedLicenses.SkuId -contains $skuId)
+}
+$usersWithDeveloperPackE5 | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled, UserType | Format-Table -AutoSize
+```
+
+```Output
+Id                                   DisplayName     UserPrincipalName               AccountEnabled   UserType
+--                                   -----------     -----------------               --------------   --------
+cccccccc-2222-3333-4444-dddddddddddd  Angel Brown    AngelB@contoso.com              True             Member
+dddddddd-3333-4444-5555-eeeeeeeeeeee  Avery Smith    AveryS@contoso.com              True             Member
+eeeeeeee-4444-5555-6666-ffffffffffff  Sawyer Miller  SawyerM@contoso.com             True             Member
+```
+
+This example demonstrates how to retrieve all users assigned a specific license.
+
+### Example 4: Get a list of users, their assigned licenses, and licensing source
 
 ```powershell
 Connect-Entra -Scopes 'Organization.Read.All','User.Read.All','Group.Read.All'

@@ -175,6 +175,139 @@ New User           cccccccc-2222-3333-4444-dddddddddddd      NewUser@tenant.com
 
 This example demonstrates how to retrieve all users with disabled accounts.
 
+### Example 8: List users based in a specific country
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$usersInCanada = Get-EntraBetaUser -Filter "Country eq 'Canada'"
+$usersInCanada | Select-Object Id, DisplayName, UserPrincipalName, OfficeLocation, Country | Format-Table -AutoSize
+```
+
+```Output
+Id                                   DisplayName   UserPrincipalName         OfficeLocation   Country
+--                                   -----------   -----------------         --------------   -------
+cccccccc-2222-3333-4444-dddddddddddd  New User     NewUser@tenant.com        23/2102          Canada
+```
+
+This example demonstrates how to retrieve all users based in Canada.
+
+### Example 9: List user count per department
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$departmentCounts = Get-EntraBetaUser -All | Group-Object -Property Department | Select-Object Name, @{Name="MemberCount"; Expression={$_.Count}}
+$departmentCounts | Format-Table Name, MemberCount -AutoSize
+```
+
+```Output
+Name                 MemberCount
+----                 -----------
+                               7
+Engineering                    2
+Executive Management           1
+Finance                        1
+HR                             1
+```
+
+This example demonstrates how to retrieve user count in each department.
+
+### Example 10: List disabled users with active licenses
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$disabledUsersWithLicenses = Get-EntraBetaUser -Filter "accountEnabled eq false" -All | Where-Object {
+    $_.AssignedLicenses -ne $null -and $_.AssignedLicenses.Count -gt 0
+}
+$disabledUsersWithLicenses | Select-Object Id, DisplayName, UserPrincipalName, AccountEnabled | Format-Table -AutoSize
+```
+
+```Output
+Id                                   DisplayName  UserPrincipalName           AccountEnabled
+--                                   -----------  -----------------           --------------
+cccccccc-2222-3333-4444-dddddddddddd  New User     NewUser@tenant.com          False
+```
+
+This example demonstrates how to retrieve disabled users with active licenses.
+
+### Example 11: Retrieve guest users with active licenses
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$guestUsers = Get-EntraBetaUser -Filter "userType eq 'Guest'" -All
+$guestUsersWithLicenses = foreach ($guest in $guestUsers) {
+    if ($guest.AssignedLicenses.Count -gt 0) {
+        [pscustomobject]@{
+            Id               = $guest.Id
+            DisplayName      = $guest.DisplayName
+            UserPrincipalName = $guest.UserPrincipalName
+            AssignedLicenses = ($guest.AssignedLicenses | ForEach-Object { $_.SkuId }) -join ", "
+        }
+    }
+}
+$guestUsersWithLicenses | Format-Table Id, DisplayName, UserPrincipalName, AssignedLicenses -AutoSize
+```
+
+```Output
+Id                                   DisplayName  UserPrincipalName                                  AssignedLicenses
+--                                   -----------  -----------------                                  ----------------
+cccccccc-2222-3333-4444-dddddddddddd Sawyer Miller sawyerm_gmail.com#EXT#@contoso.com c42b9cae-ea4f-4ab7-9717-81576235ccac
+```
+
+This example demonstrates how to retrieve guest users with active licenses.
+
+### Example 12: Retrieve users without managers
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$allUsers = Get-EntraBetaUser -All
+$usersWithoutManagers = foreach ($user in $allUsers) {
+    $manager = Get-EntraBetaUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue
+    if (-not $manager) {
+        [pscustomobject]@{
+            Id               = $user.Id
+            DisplayName      = $user.DisplayName
+            UserPrincipalName = $user.UserPrincipalName
+        }
+    }
+}
+$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize
+```
+
+```Output
+Id                                   DisplayName     UserPrincipalName
+--                                   -----------     -----------------
+cccccccc-2222-3333-4444-dddddddddddd  New User       NewUser@tenant.com
+bbbbbbbb-1111-2222-3333-cccccccccccc  Sawyer Miller  SawyerM@contoso.com
+```
+
+This example demonstrates how to retrieve users without managers.
+
+### Example 13: List failed sign-ins for a user
+
+```powershell
+Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All'
+$failedSignIns = Get-EntraBetaAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0"
+$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize
+```
+
+This example demonstrates how to retrieve failed sign-ins for a user.
+
+### Example 14: List all guest users
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$guestUsers = Get-EntraBetaUser -Filter "userType eq 'Guest'" -All
+$guestUsers | Select-Object DisplayName, UserPrincipalName, Id, createdDateTime, creationType, accountEnabled, UserState | Format-Table -AutoSize
+```
+
+```Output
+DisplayName     UserPrincipalName                                 Id                                   CreatedDateTime       CreationType   AccountEnabled  UserState
+-----------     -----------------                                 --                                   ---------------       ------------   --------------  ---------
+Sawyer Miller   sawyerm_gmail.com#EXT#@contoso.com                bbbbbbbb-1111-2222-3333-cccccccccccc 9/13/2024 6:37:33 PM  Invitation     True            Accepted
+```
+
+This example demonstrates how to retrieve list all guest users.
+
 ## Parameters
 
 ### -All

@@ -64,6 +64,33 @@ This example demonstrates how to retrieve the manager of a specific user.
 
 - `-ObjectId` Parameter specifies ObjectID or User Principal Name of User.
 
+### Example 2: Retrieve users without managers
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$allUsers = Get-EntraBetaUser -All
+$usersWithoutManagers = foreach ($user in $allUsers) {
+    $manager = Get-EntraBetaUserManager -ObjectId $user.Id -ErrorAction SilentlyContinue
+    if (-not $manager) {
+        [pscustomobject]@{
+            Id               = $user.Id
+            DisplayName      = $user.DisplayName
+            UserPrincipalName = $user.UserPrincipalName
+        }
+    }
+}
+$usersWithoutManagers | Format-Table Id, DisplayName, UserPrincipalName -AutoSize
+```
+
+```Output
+Id                                   DisplayName     UserPrincipalName
+--                                   -----------     -----------------
+cccccccc-2222-3333-4444-dddddddddddd  New User       NewUser@tenant.com
+bbbbbbbb-1111-2222-3333-cccccccccccc  Sawyer Miller  SawyerM@contoso.com
+```
+
+This example demonstrates how to retrieve users without managers.
+
 ## Parameters
 
 ### -ObjectId

@@ -123,6 +123,22 @@ Id                                   DeletedDateTime
 
 This example demonstrates how to retrieve users top three memberships in Microsoft Entra ID.
 
+### Example 5: List groups that Sawyer Miller is a member of
+
+```powershell
+Connect-Entra -Scopes 'User.Read.All'
+$groups = Get-EntraBetaUserMembership -ObjectId 'SawyerM@contoso.com'
+$groups | Select-Object DisplayName, Id, GroupTypes, Visibility | Format-Table -AutoSize
+```
+
+```Output
+DisplayName       Id                                   GroupTypes  Visibility
+-----------       --                                   ----------  ----------
+Contoso Group     bbbbbbbb-1111-2222-3333-cccccccccccc  {Unified}  Public
+```
+
+This example demonstrates how to retrieve the groups that a user is a member of.
+
 ## Parameters
 
 ### -All

@@ -104,6 +104,16 @@ Get-EntraAuditSignInLog -Filter "createdDateTime ge 2024-07-01T00:00:00Z and cre
 
 This example shows how to retrieve sign-in logs between dates.
 
+### Example 5: List failed sign-ins for a user
+
+```powershell
+Connect-Entra -Scopes 'AuditLog.Read.All','Directory.Read.All'
+$failedSignIns = Get-EntraAuditSignInLog -Filter "userPrincipalName eq 'SawyerM@contoso.com' and status/errorCode ne 0"
+$failedSignIns | Select-Object UserPrincipalName, CreatedDateTime, Status, IpAddress, ClientAppUsed | Format-Table -AutoSize
+```
+
+This example demonstrates how to retrieve failed sign-ins for a user.
+
 ## Parameters
 
 ### -All

@@ -133,7 +133,25 @@ DisplayName Id                                   AppId
 TestApp1    aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg   contoso.com
 ```
 
-This cmdlet retrieves deleted applications having specified display name.  
+This cmdlet retrieves deleted applications having specified display name.
+
+### Example 6: Get deleted applications with deletion age in days
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+Get-EntraDeletedApplication |
+    Select-Object DisplayName, Id, AppId, SignInAudience, PublisherDomain, DeletedDateTime,
+        @{Name='DeletionAgeInDays'; Expression={(Get-Date) - $_.DeletedDateTime | Select-Object -ExpandProperty Days}} |
+    Format-Table -AutoSize
+```
+
+```Output
+DisplayName           Id                                   AppId                                SignInAudience PublisherDomain        DeletedDateTime      DeletionAgeInDays
+-----------           --                                   -----                                -------------- ---------------        ---------------      -----------------
+Entra PowerShell App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg   contoso.com 9/18/2024 7:41:44 AM                 1
+```
+
+This cmdlet retrieves deleted applications with deletion age in days.
 
 ## Parameters
 

@@ -220,6 +220,37 @@ Global secure access app     00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-
 
 This example demonstrates how to retrieve all Global secure access apps.
 
+### Example 11: List all applications without user assignment
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+Get-EntraServicePrincipal -All | Where-Object {$_.appRoleAssignmentRequired -ne 'true'}
+```
+
+```Output
+DisplayName         Id                                   AppId                                SignInAudience         ServicePrincipalType
+-----------         --                                   -----                                --------------         --------------------
+App without user assignment     00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777                         Application
+```
+
+This example demonstrates how to retrieve all applications without user assignment.
+
+### Example 12: List all SAML application details
+
+```powershell
+Connect-Entra -Scopes 'Application.Read.All'
+$servicePrincipal = Get-EntraServicePrincipal -Filter "PreferredSingleSignOnMode eq 'saml'"
+$servicePrincipal | Select-Object Id, DisplayName, AccountEnabled, AppId, PreferredSingleSignOnMode, AppRoleAssignmentRequired, SignInAudience, NotificationEmailAddresses, PreferredTokenSigningKeyEndDateTime, PreferredTokenSigningKeyValid, ReplyUrls,LoginUrl, LogoutUrl | Format-Table -AutoSize
+```
+
+```Output
+Id                                   DisplayName                           AccountEnabled AppId                                PreferredSingleSignOnMode AppRoleAssignmentRequired SignInAudience NotificationEmailAddresses
+--                                   -----------                           -------------- -----                                ------------------------- ------------------------- -------------- --------------
+00001111-aaaa-2222-bbbb-3333cccc4444 SAML App                             True            33334444-dddd-5555-eeee-6666ffff7777 saml                              True                    AzureADMyOrg   {admin@Contoso}
+```
+
+This example demonstrates how to retrieve all SAML application details.
+
 ## Parameters
 
 ### -All