Office 365: Remove a user from All Security groups using PowerShell

Requirement: Remove a user from all Active Directory security groups in Microsoft 365.

How to remove a user account from all Security Groups?

Office 365 Security groups are used for managing user access in Office 365, as they allow administrators to quickly and easily grant or revoke access to resources such as Office 365 applications, files, and services. Removing a user from a security group revokes their access to the resources associated with that group. This is an important task that administrators can perform to ensure that users only have access to the resources they need. If you’re an Office 365 administrator, chances are you’ve had to remove a user from all Office 365 security groups at some point. In this article, we will outline the steps required to remove a user from a security group in Office 365 using Microsoft 365 Admin center and PowerShell.

To remove a user from a security group in Office 365, follow these steps on Microsoft 365 Admin center:

  1. Log in to the Microsoft 365 admin center using your administrator account.
  2. In the Microsoft 365 admin center, go to the “Users” section and select “Active users”.
  3. Find the user you wish to remove from the group and click on their name to open their account details.
  4. Click “Manage groups” under the “Groups” section on the user’s profile page.
    how to remove user from all security groups using powershell
  5. Select all the security groups that you wish to remove the user from. Click on the checkbox in front of the “Groups” header to select all groups.
  6. Click on the “Remove” button in the toolbar and confirm the prompt.
    remove user from security group office 365
  7. The user will now be removed from the security group and will no longer have access to the group’s resources.

You will need the Microsoft 365 Global Admin or user administrator permissions to remove users from security groups.

Remove Members from Microsoft 365 Security Group

You can use the Office 365 admin center to manually remove the user from each Office 365 security group. You can also remove users from the group by following the below steps, from the security group context:

  1. In Microsoft 365 Admin center, Under the “Teams & Groups” section and select “Active Teams & Groups.”
  2. Click on the “Security” tab >> Find the security group the user is a member of and click on the group name.
  3. Under the “Members” tab, Click on “View all and manage members”.
    remove user from all security groups powershell
  4. Select the members you wish to remove and click on the “Remove” button from the little three dots.
    how to remove user from security group office 365
  5. Confirm the removal by clicking “Yes” when prompted.

Removing a user from all security groups through Microsoft 365 admin center could be a tedious process. Fortunately, there’s an easier way! Use PowerShell to quickly and easily remove a user from all Office 365 security groups!

Remove a user from security groups from Azure Active Directory

You can remove a user from all security groups in Azure Active Directory (AD) through the Azure AD portal. Here’s how:

  1. Sign in to the Azure portal at https://aad.portal.azure.com/.
  2. Navigate to the Azure AD instance.
  3. Select “Users” from the left-side menu.
  4. Search for and select the user you want to remove from security groups.
  5. Go to the “Groups” section of the user’s profile page.
  6. Select all groups the user is a member of and click “Remove” to remove the user from each group.
    remove security group members from azure ad
  7. Confirm the action by clicking “Yes” when prompted.

If you have a large number of security groups, this process can become time-consuming. In that case, using PowerShell may be more efficient.

PowerShell to Remove a User from All Security Groups

While removing a user from a single security group is fairly straightforward, PowerShell is the efficient solution when you have a large number of security groups. Using PowerShell to remove a user from all Office 365 security groups has several other advantages. First, it’s much faster than manually removing a user from each Office 365 security group. Second, it ensures that the user is removed from all Office 365 security groups, which reduces the risk of the user gaining access to resources they don’t need access to. Finally, it’s a much more efficient use of an administrator’s time.

Let’s explore how to remove a user from all security groups in Microsoft 365 using PowerShell script:

  1. The first step is to connect to Office 365 with PowerShell. To do this, you’ll need to install the Azure Active Directory Module for Windows PowerShell.
  2. Once you’ve installed the necessary components, you can connect to Office 365 with the Connect-AzureAD cmdlet. You’ll be prompted to enter your Office 365 username and password, and then you’ll be connected to Office 365.
  3. Use the Get-AzureADUserMembership cmdlet to retrieve a list of all Office 365 security group memberships of the user.
  4. Use the Remove-AzureADGroupMember cmdlet to remove the user from each Office 365 security group.
$UserToRemove = "Steve@Crescent.com"

Try {
    #Connect to Azure AD
    Connect-AzureAD | Out-Null

    #Get the user
    $User = Get-AzureADuser -ObjectId $UserToRemove

    #Get All Security Groups of the user
    $GroupMemberships = Get-AzureADUserMembership -ObjectId $User.ObjectId -All $true | Where {$_.ObjectType -eq "Group" -and $_.SecurityEnabled -eq $true -and $_.MailEnabled -eq $false}

    #Loop through each security group
    ForEach($Group in $GroupMemberships)
    { 
        Try { 
            Remove-AzureADGroupMember -ObjectId $Group.ObjectID -MemberId $User.ObjectId -erroraction Stop 
            Write-host "Removed user from Group: $($Group.DisplayName)"
        }
        catch {
            #Remove-DistributionGroupMember -identity $group.mail -member $userid -BypassSecurityGroupManagerCheck # -Confirm:$false
            write-host -f Red "Error:" $_.Exception.Message
        }
    }
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
}

Wrapping up

In conclusion, removing a user from a security group in Office 365 is a common task for Microsoft 365 Administrators that can be completed in a few simple steps. By following the steps outlined in this article, administrators can save time and ensure that the correct user is removed from all security groups in their Microsoft 365 environment. In this blog post, We discussed the basics of Office 365 security groups, the steps you need to take to remove a user from all Office 365 security groups using Microsoft 365 Admin center, and how to use PowerShell to remove a user from all Office 365 security groups.

It’s important to regularly review and update security group membership to ensure that users have the appropriate level of access to resources. By doing so, you can help to protect your organization’s data and resources. The use of PowerShell in managing Microsoft 365 environments can greatly improve an administrator’s efficiency and ability to automate tasks.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. Passionate about sharing the deep technical knowledge and experience to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *