Introduction
Last week, I was on service desk duty. It’s not my favorite field of endeavour, and I’m past my due date for that kind of work. However, doing it once in a while is an eye-opener to how disorganized and chaotic many organizations are. Some requests are ideal to solve by automating them and handing them over to the team to leverage. That is how I wrote a script to bulk invite guest users to Azure Entra ID, as I could not bring myself to click through the same action dozens of times in the portal. You can find the script on my GitHub page https://github.com/WorkingHardInIT/BulkInviteGuestUsersToEntraIdAzure
Script to Bulk Invite Guest Users to Azure Entra ID
📌 Overview
This PowerShell script allows administrators to bulk invite guest users to an Azure Entra ID (formerly Azure Active Directory) tenant using Microsoft Graph. It includes retry logic for connecting to Microsoft Graph, supports both interactive and device code login, and reads user details from a CSV file.
✨ Features
- Connects to Microsoft Graph securely using MS Graph PowerShell SDK
- Retry logic with customizable attempt count
- Supports both interactive and device-based authentication
- Invites guest users based on a CSV file input
- Allows optional CC recipients in the invitation email (limited to one due to API constraints)
- Includes meaningful console output and error handling
📁 Prerequisites
- PowerShell 5.1+ or PowerShell Core 7+
- Microsoft.Graph PowerShell module
- Azure Entra ID Tenant ID
- A CSV file with guest user details
📄 CSV File Format
Create a file named BulkInviteGuestUsersToAzureEntraID.csv in the same folder as the script with the following columns:
emailAddress,displayName,ccRecipients [email protected],Guest One,[email protected] [email protected],Guest Two,
Note: Only the first
ccRecipientwill be used due to a known Microsoft Graph API limitation.
🔧 Script Configuration
Open the script and configure the following variables:
$Scopes = "User.Invite.All" # Required scope $csvFilePath = ".\BulkInviteGuestUsersToAzureEntraID.csv" $TenantID = "<your-tenant-id-guid-here>" # Replace with your tenant ID $emailAddresses = $Null # Optional static list of CC recipients
▶️ How to Run
- Open PowerShell as Administrator
- Install Microsoft Graph module (if not already):Install-Module Microsoft.Graph -Scope CurrentUser
- Execute the script:.\InviteGuestsToAzureEntraID.ps1Or specify login type:Test-GraphConnection -TenantID “<tenant-id>” -Scopes $Scopes -UseDeviceLogin
🧠 Function: Test-GraphConnection
This helper function ensures a valid Microsoft Graph session is established:
- Disconnects any stale Graph sessions
- Attempts up to
$MaxRetriestimes to connect - Verifies that the session is for the specified Tenant ID
- Supports
-UseDeviceLoginswitch for non-interactive login (e.g., headless servers)
📬 Inviting Users
The script loops through all entries in the CSV file and sends out personalized invitations using the New-MgInvitation cmdlet.
Each invite includes:
- Redirect URL (
https://mycompany.portal.com) - Display name from CSV
- Custom message
- Optional CC recipient (only first address is respected by Graph API)
⚠️ Known Issues
- CC Recipients Limitation: Only the first email in
ccRecipientsis honored. This is a known issue in the Microsoft Graph API. - Multi-user CC: If different users need unique CCs, adapt the script to parse a
ccRecipientscolumn with user-specific values.
📤 Example Output
✅ Using device login for Microsoft Graph... ✅ Microsoft Graph is connected to the correct Azure tenant (xxxx-xxxx-xxxx). ✅ Invitation sent to Guest One using [email protected] ⚠️ Skipped a user due to missing email address. ⚠️ Failed to invite Guest Two: Insufficient privileges to complete the operation
🧽 Cleanup / Disconnect
Graph sessions are managed per execution. If needed, manually disconnect with:
Disconnect-MgGraph
📚 References
🛡️ License
This script is provided as-is without warranty. Use it at your own risk. Feel free to adapt and extend as needed.
✍️ Author
Didier Van Hoye
Contributions welcome!