Create Security Groups
Bulk-creates a predefined set of common security groups for a new tenant setup. Useful for onboarding new organisations with standard group structures.
Usage
Requires an active Microsoft Graph connection:
Connect-MgGraph -Scopes "Group.ReadWrite.All"Groups Created
| Group | Purpose |
|---|---|
| Autopilot Desktop Profile | Autopilot config for desktops |
| Autopilot Laptop Profile | Autopilot config for laptops |
| CA Exclusion | Exclude users from Conditional Access |
| DLP Exclusion | Exclude users from DLP policies |
| Intune Exclusion | Exclude users from Intune policies |
| Usecure Exclusion | Exclude users from Usecure |
| Holiday Group | Allow sign-in from outside UK while on holiday |
Script
$groups = @(
@{
Displayname = "Autopilot Desktop Profile"
Description = "Autopilot configuration profile for desktops"
mailnickname = "AutopilotDesktopProfile"
},
@{
Displayname = "Autopilot Laptop Profile"
Description = "Autopilot configuration profile for laptops"
mailnickname = "AutopilotLaptopProfile"
},
@{
Displayname = "CA Exclusion"
Description = "Exclude from Conditional Access policies"
mailnickname = "CaExclusion"
},
@{
Displayname = "DLP Exclusion"
Description = "Exclude from DLP policies"
mailnickname = "DLPExclusion"
},
@{
Displayname = "Intune Exclusion"
Description = "Exclude from Intune policies"
mailnickname = "IntuneExclusion"
},
@{
Displayname = "Usecure Exclusion"
Description = "Exclude from Usecure"
mailnickname = "UsecureExclusion"
},
@{
Displayname = "Holiday Group"
Description = "Allow sign-in from outside UK while on holiday"
mailnickname = "HolidayExclusion"
}
)
foreach ($group in $groups) {
New-MgGroup -DisplayName $group.Displayname `
-Description $group.Description `
-MailEnabled:$false `
-SecurityEnabled:$true `
-MailNickname $group.mailnickname
}Last updated on