PowerShell automation scripts for auditing Microsoft Entra ID using Microsoft Graph and Azure CLI authentication.
These scripts are designed to support identity governance and administrative auditing tasks in Microsoft Entra environments.
This script identifies enabled Microsoft Entra ID users who do not have the Department attribute populated. Missing department values can create issues for identity governance, access policies, and organisational reporting.
The script authenticates using Azure CLI, queries Microsoft Graph, filters enabled users with empty department attributes, and exports the results to a CSV report.
-
Authenticates to Microsoft Graph using an Azure CLI access token
-
Queries Microsoft Entra ID users via Microsoft Graph API
-
Filters users where:
accountEnabled = truedepartmentattribute is empty or null
-
Exports the results to a CSV report
Output file:
Reports/users-missing-department.csv
Before running the script ensure the following are installed and configured.
Install Azure CLI:
https://learn.microsoft.com/cli/azure/install-azure-cli
Run:
az login --tenant <TENANT_ID> --allow-no-subscriptions --use-device-code
The account running the script must have delegated Microsoft Graph permission:
User.Read.All
- Open PowerShell
- Navigate to the Scripts directory
Example:
cd Scripts
- Run the script
.\users-missing-department.ps1
The script generates a CSV report containing:
- Display Name
- User Principal Name
- Department
File location:
Reports/users-missing-department.csv
This script can help identity administrators identify missing directory attributes that may affect:
- Access policies
- Dynamic group membership
- Identity governance processes
- HR data synchronization
- Add pagination support for tenants with more than 999 users
- Add additional attribute audits (Job Title, Manager, Office Location)
- Export results to additional formats
- Integrate with automated reporting workflows