| | |

Microsoft Entra ID Bulk Operations Guide (2025 Updated)

ByTechieGeek

In-Depth Guide: Performing Bulk Operations in Microsoft Entra ID

(Updated for December 2025 – All methods, best practices, limitations, and ready-to-use examples)

1. Overview of Bulk Operations in Microsoft Entra ID

Operation Portal (GUI) Microsoft Graph PowerShell / API Max Records (Portal) Recommended Scale
Create users Yes Yes 1,000 per upload >1,000 → Graph
Invite guest (B2B) users Yes Yes 1,000 per upload Automation → Graph
Delete users Yes Yes No hard limit Any size
Update user attributes Yes Yes 1,000 per upload Large → Graph
Download / export users Yes Yes 500,000 (portal) Very large → Graph
Add / remove group members Yes Yes 1,000 per upload Large → Graph
Bulk password reset No Yes (via Graph) N/A Only via Graph

2. Method 1 – Entra Admin Center (Portal) – Current 2025 Experience

Portal URL: https://entra.microsoft.com → Identity → Users → All users

Step-by-Step: Bulk Create Users (Most Common Onboarding Task)

  1. Click Bulk operationsBulk create
  2. Click Download the template CSV (immediately gives you the latest template with 50+ columns)
  3. Required columns (minimum):
  • User principal name [sign-in name] → e.g., john.smith@contoso.com
  • Display name
  • First name
  • Last name
  • Password (or leave blank → temporary password generated)
  • Block sign in (Yes/No)
  • Usage location (two-letter ISO code, required for license assignment)
  1. Optional but very useful columns:
  • Job title, Department, Office, City, Country, Manager (UPN), Mobile phone, etc.
  1. Save → Upload the filled CSV
  2. Review summary → Submit
  3. Track progress: Bulk operation results (under Notifications bell or Identity → Monitoring → Bulk operation results)

Step-by-Step: Bulk Delete (Safest Way)

  1. Bulk operations → Bulk delete
  2. Download template → only one column needed: User principal name or Object ID
  3. Paste the list (one per row starting at row 3)
  4. Upload → Confirm irreversible deletion → Submit
    → Deleted users go to the 30-day soft-delete recycle bin

Step-by-Step: Bulk Update Attributes

  1. Bulk operations → Bulk update
  2. Template contains every writable attribute
  3. You can leave cells blank to keep existing value, or put #remove# to clear a value
  4. Very useful for mass department changes, manager updates, license assignment (indirectly via usageLocation or extension attributes)

Step-by-Step: Bulk Group Membership Changes

  • Bulk operations → Add group members or Remove group members
  • Template needs Member object ID or UPN and Group object ID or name

3. Method 2 – Microsoft Graph PowerShell (2025 Gold Standard)

The AzureAD and MSOnline modules are fully retired. Use only Microsoft.Graph.

Initial Setup (Run Once)

# Install the module (admin or user scope)
Install-Module Microsoft.Graph -Scope CurrentUser -AllowClobber -Force

# Connect with the exact scopes you need
Connect-MgGraph -Scopes `
    "User.ReadWrite.All",
    "Group.ReadWrite.All",
    "Directory.ReadWrite.All",
    "AuditLog.Read.All"

Example 1: Bulk User Creation from CSV (10,000+ users – no problem)

CSV format (NewUsers.csv):

DisplayName,FirstName,LastName,MailNickname,UserPrincipalName,JobTitle,Department,UsageLocation,Password
"John Smith","John","Smith","john.smith","john.smith@contoso.com","Sales Rep","Sales","US","P@ssw0rd2025!"
"Jane Doe","Jane","Doe","jane.doe","jane.doe@contoso.com","Engineer","R&D","GB","P@ssw0rd2025!"

Script:

$users = Import-Csv "C:\Bulk\NewUsers.csv"

foreach ($u in $users) {
    $passwordProfile = @{
        password                      = $u.Password
        forceChangePasswordNextSignIn = $true
    }

    try {
        New-MgUser `
            -DisplayName          $u.DisplayName `
            -GivenName            $u.FirstName `
            -Surname              $u.LastName `
            -MailNickname         $u.MailNickname `
            -UserPrincipalName    $u.UserPrincipalName `
            -AccountEnabled       $true `
            -PasswordProfile      $passwordProfile `
            -UsageLocation        $u.UsageLocation `
            -JobTitle             $u.JobTitle `
            -Department           $u.Department `
            -OfficeLocation       $u.OfficeLocation

        Write-Host "Created $($u.UserPrincipalName)" -ForegroundColor Green
    }
    catch {
        Write-Host "FAILED $($u.UserPrincipalName): $_" -ForegroundColor Red
    }
}

Example 2: Bulk Delete from CSV (Even 100,000+ users)

Import-Csv "C:\Bulk\DeleteUsers.csv" | ForEach-Object {
    $upn = $_.UserPrincipalName
    try {
        Remove-MgUser -UserId $upn -Confirm:$false
        Write-Host "Deleted $upn"
    }
    catch {
        Write-Host "Not found or error: $upn"
    }
}

Example 3: Bulk Add Users to Group (Fastest Method)

$groupId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"   # or (Get-MgGroup -Filter "displayName eq 'All Company'").Id

Import-Csv "C:\Bulk\AddToFinance.csv" | ForEach-Object -Parallel {
    Import-Module Microsoft.Graph.Identity.DirectoryManagement
    $userId = (Get-MgUser -UserId $_.UserPrincipalName).Id
    New-MgGroupMember -GroupId $using:groupId -DirectoryObjectId $userId
} -ThrottleLimit 20

Example 4: Bulk Update Specific Attributes (e.g., change everyone’s department)

Get-MgUser -All | Where-Object {$_.Department -eq "Sales Old"} | ForEach-Object {
    Update-MgUser -UserId $_.Id -Department "Revenue Operations" -JobTitle "Account Executive"
}

4. Advanced Techniques & Best Practices (2025)

Scenario Recommended Technique
50,000+ users Graph + Parallel foreach + batching (20–50 concurrent)
Need audit trail Graph automatically logs in Sign-in & Audit logs
On-prem AD sync (Hybrid) Do NOT delete in cloud if still synced – breaks sync
Passwords in bulk Only via Graph (portal still blocks it)
Dynamic membership rules preferred Avoid manual bulk group adds when possible
License assignment Use group-based licensing instead of bulk user updates

5. Official Microsoft Documentation Links (Always Current)

  • Bulk create users (CSV template): https://learn.microsoft.com/en-us/entra/identity/users/users-bulk-add
  • Bulk delete users: https://learn.microsoft.com/en-us/entra/identity/users/users-bulk-delete
  • Bulk update users: https://learn.microsoft.com/en-us/entra/identity/users/users-bulk-update
  • Bulk add group members: https://learn.microsoft.com/en-us/entra/identity/users/groups-bulk-import-members
  • Microsoft Graph PowerShell: https://learn.microsoft.com/en-us/powershell/microsoftgraph/overview
  • Graph batching (for 100k+ ops): https://learn.microsoft.com/en-us/graph/json-batching

 

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *