Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Most of the administration functions in SharePoint Online work with the user interface. However, there are times where you are performing repetitive tasks that can be scripted using PowerShell. For example, organizations often need to provide reports on current permissions, site structures and even the content that resides in the site to the Security and Compliance officers. This cannot be done easily using the user interface, but with PowerShell, it is very easy and can be ran multiple times as needed.

In these situations, PowerShell is the tool of choice as it allows for remote administration for all components within Office 365. For those of you that aren’t already familiar with PowerShell, it is a task automation and configuration management framework from Microsoft that is going to make some of your tasks much, much easier. In this post, we will walk through the steps needed to work with SharePoint Online using PowerShell.

However, there is a difference between SharePoint Online PowerShell commands and Office or Microsoft 365 PowerShell commands.

SharePoint Online PowerShell commands manage SharePoint Online users, sites, SharePoint services and components only. The Office 365 PowerShell commands manage Office and Microsoft 365 level tasks such as user management, licenses, organization information, and core tenant level services.

Both sets of the PowerShell commands can manage users and groups, either at the SharePoint Level or the Tenant level.

Office 365 PowerShell Setup for Remote Administration

Getting your system configured and ready is the first step. Download the following components:

  1. Microsoft Online Service Sign-in Assistant for IT Professionals
  2. Windows Azure Active Directory Module for Windows PowerShell
  3. SharePoint Online Management Shell

Download each component in the order listed above, ensuring that each one has installed successfully before moving on to the next. Make sure to use the correct version based on your operating system (32 bit or 64 bit). The currently supported Operating Systems are, Windows 10, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 SP1, Windows 10 version 1507, 1511, Windows 10 version 1607 and up, Windows Server 2012, Windows Server 2016 and Windows Server 2019.

Microsoft Online Service Sign-in Assistant for IT Professionals

Azure AD Module

SP Online Management

Now launch a standard PowerShell window and run the following command:

Set-ExecutionPolicy RemoteSigned

launch a standard PowerShell

This step ensures that all PowerShell scripts that you run are not blocked by the security measures of PowerShell.

You are now setup as an administrator and ready to use Office or Microsoft 365 PowerShell commands. You will notice that there is not an installation for Exchange Online PowerShell cmdlets. Connecting to Exchange Online is completed using the New-PSSession and Import-PSSession commands instead.


Connect to Office or Microsoft 365 using PowerShell

To run the needed PowerShell commands, for ease and convenience you will use the PowerShell ISE tool found within Windows. To launch this, if you are using Windows 8 and higher then you can simply press the start menu and type “PowerShell ISE” and launch it from there. Once it is found, right click and choose “Run as administrator”.

Connect to Office 365 using PowerShell Run as Administrator

Once the PowerShell ISE loads, you can then run commands within the script section of the PowerShell ISE window, and see the execution and results in the bottom half. If the top section is not visible, click the “Script” link and it will split the screen into two sections.

PowerShell ISE Script

In the script pane, you can now initiate a connection to Office or Microsoft 365 by typing the following PowerShell commands in order. The first command is comprised of a variable and a Get-Credential command, which will allow you to enter your Microsoft credentials securely, and create a variable that can then be used in other commands when authentication is required.

$credential = get-credential

When prompted type your username and password within the popup window, once you have typed them, press OK, which will close the dialogue and populate the credential variable.


To validate the variable, in the blue section at the bottom of the PowerShell ISE, simply type $credential, then press enter and it will display the created credential value.

validate the variable

Now you have the credentials stored and available, you need to import the PowerShell Modules directly into the PowerShell ISE window. This is done by typing the following:

Import-Module MSOnline

Once this is loaded, you can then initiate a connection to Office or Microsoft 365 with the stored credential object using the following command:

Connect-MsolService -Credential $credential

Unless there are any errors displayed, then you will now have a connection to Azure Active Directory. To connect to SharePoint Online you will need to run the following command, which will import the SharePoint Online PowerShell cmdlets.

Import-Module Microsoft.Online.Sharepoint.PowerShell

Once this has completed you will have access to all the modules and cmdlets within your current PowerShell session. Now you can create a connection to SharePoint Online by pasting in:

Connect-SPOService –url https://{tenant} -Credential $credential


SharePoint Online PowerShell Cmdlets

The SharePoint Online Management PowerShell pack that you previously installed, provides the PowerShell cmdlets that an administrator would need to manage SharePoint Online. The full list of cmdlets that SharePoint Online supports can be found here:

The following table outlines the most frequently used cmdlets.

Cmdlet name Description
Add-SPOUser Adds an existing Office 365 user or an Office 365 security group to a SharePoint group.
Connect-SPOService Connects a SharePoint Online global administrator to a SharePoint Online connection (the SharePoint Online Administration Center). This cmdlet must be run before any other SharePoint Online cmdlets can run.
Disconnect-SPOService Disconnects from a SharePoint Online service.
Get-SPOExternalUser Returns external users that are located in the tenant’s folder based on specified criteria.
Get-SPOSite Returns one or more site collections.
Get-SPOSiteGroup Returns all the groups on the specified site collection.
Get-SPOTenant Returns SharePoint Online organization properties.
Get-SPOUser Returns the SharePoint Online user or security group accounts that match given search criteria.
New-SPOSite Creates a new SharePoint Online site collection for the current company.
New-SPOSiteGroup Creates a new group in a SharePoint Online site collection.
Remove-SPOSite Sends a SharePoint Online site collection to the SharePoint Online Recycle Bin.
Remove-SPOSiteGroup Removes a SharePoint Online group from a site collection.
Remove-SPOUser Removes a user or a security group from a site collection or a group.
Set-SPOUser Configures properties on an existing user.
Test-SPOSite Tests a SharePoint Online site collection.
Upgrade-SPOSite Starts the upgrade process on a site collection.

Certain administrative tasks require the use of a number of different cmdlets, not just those used in SharePoint Online. Combining multiple cmdlets allows a tenant wide service management. An example of this is when you want to provision a user directly in Office 365. You cannot use the SharePoint Online cmdlets for this, you first need to use the core Azure Active Directory cmdlets.


Managing SharePoint Online using PowerShell

The most common tasks that are performed using PowerShell within SharePoint Online are related to the following functions:

  1. User Permissions and Security
  2. Updating user details
  3. Creation, Update, and Removal of Sites
  4. List interactions

In order to use the PowerShell cmdlets, you must understand the SharePoint objects and properties that are retrieved by running the commands.

Retrieve SharePoint sites


Retrieve SharePoint Sites


Retrieve a list of groups (SP Groups)

Get-SPOSite | ForEach-Object {Get-SPOSiteGroup -Site $_.Url} |Format-Table

Retrieve a list of groups


Retrieve a list of all users

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url}

Retrieve a list of all users

Retrieving SharePoint information is done by employing “GET” commands with the various parameters completed as needed. However, the process of setting values is different as it requires the use of the “SET” commands.


Setting a new Site Collection Administrator

Set-SPOUser -Site {SharePoint Online Site} -LoginName -IsSiteCollectionAdmin $true


Remove a user from the Site Collection Administrator Group

Remove-SPOUser -LoginName -Site {SharePoint Online Site}


The power really comes by combing these commands with regular PowerShell functions to create reusable scripts that can be ran either manually or as scheduled tasks.  For example, a common administration task is to retrieve all sites along with their security groups and memberships. And the following is an effective way of doing this:


// Get all SharePoint Online Sites

$sites = Get-SPOSite


// Iterate all sites one-by-one

foreach ($site in $sites)


Write-Host $site.Url -ForegroundColor “Yellow”


// Get groups within site

$groups = Get-SPOSiteGroup -Site $site.Url


// Iterate all groups

foreach ($group in $groups)


// Retrieve specific site

$siteGroup = Get-SPOSiteGroup -Site $site.Url -Group $group.Title\

Write-Host $siteGroup.Title -ForegroundColor “Cyan”


// Retrieve members of the selected group

$siteGroup | Select-Object -ExpandProperty Users




Remove a user from the Site

This PowerShell will then repeat all the sites, groups and members within SharePoint Online. It can then be saved as a “ps1” file and run manually, or scheduled, as a task at any point. This makes PowerShell the easiest and most time efficient way of running repeatable tasks.

Lastly, the Office 365 cmdlets allow for quick and easy management of not just SharePoint Online, but all features from Azure Active Directory, Exchange, Skype and then SharePoint. Learning these cmdlets and getting to grips with PowerShell in general will provide you with the best approach for Administration tasks.

Written by The Sherweb Team Collaborators @ Sherweb

As a value-added cloud solutions provider, Sherweb is dedicated to providing more for its partners, direct customers and extended network. The Sherweb Blog is just one example of how we make this happen, and our team members frequently collaborate on content to ensure it's as beneficial as possible for our readers. If you like what you see here, we strongly encourage you to subscribe!