The Users module lists all user accounts in your Azure Active Directory with over 150 user properties in one place. Use the Column Map to add or remove them from the grid to help you analyze user information to manage your users.

When you first launch the Users module, sapio365 will build a local cache of the data retrieved. You can set your preference to use cache or to retrieve fresh data each time. If the data in the grid is cached, it will be indicated with a purple band above the grid.

In this module, you can:

Scroll down to see what solutions are available to manage users with sapio365.

1 - Load user data

In this section you can refresh or reinitialize your grid data and cache subsequently. You can also load additional data to the grid for the users you select. The initial load retrieves basic user properties for every user. You can then select users and load additional user properties to the grid.

Properties that are retrieved through additional loading are displayed with an icon and text in a grid cell, indicative of the button to use to load the information.

Loading additional data is required before editing these properties because saved changes are processed through the grid.


Refresh information loaded in the grid by retrieving the latest changes from the server or click (Ctrl+R). Any pending change in the grid will be reverted to its initial state.

Other submenu options include:

  • Reload (Ctrl+Shift+R): Reload all data from the server and overwrite the cache without affecting 'On-prem Info', 'Mailbox Info' and 'Additional Info' values (slower than 'Refresh').
  • Reinitialize: Reset ALL data in the grid and overwrite the entire cache. ALL loaded 'On-prem Info’, 'Mailbox Info' and 'Additional Info' data will be REMOVED from the grid.
Load on-prem users (hybrid tenants only)

Retrieve selected attributes of all on-premises users, and reconcile them with existing M365 users in the grid (displayed as hybrid entries).
NOTE: Processing times depend on the volume of entries and attributes retrieved.

The first time you load on-prem users' attributes, you will be asked to select the attributes you want. This selection is sticky.

You have the option to load this last selection each time or be prompted to make one.

Other submenu options include:

  • Select on-prem users attributes list and load: Modify your current selection and load it.

back to top >

Additional info

Get information for selected users on their mailbox settings like out-of-office replies, language and time zone. This will also load and display in the grid selected users' personal SharePoint sites information like interests, schools, skills as well as their OneDrive storage information.

Mailbox Info

Retrieve mailbox settings and litigation hold information for selected users. PowerShell is required and you will be prompted to authenticate the first time during a session.

PropertyDescription of value

Status - Get mailbox info

Indicates if 'Mailbox Info' has been loaded.
Hidden from address lists - Mailbox SettingsIndicates if mailbox is hidden from address books.

Mailbox type

Shared, room, equipment or user type mailbox (friendly).
Recipient type detailsShared, room, equipment or user type mailbox.

Keep copy of forwarded message (SMTP) - Mailbox Settings

Setting option for when SMTP forwarding is enabled.

SMTP forwarding address - Mailbox Settings

Email address set for SMTP forwarding.

Forwarding addresses - Mailbox Settings

Email addresses set by user with mail flow settings.

'Send on behalf of' delegates - Mailbox settings

Users who can send email on behalf of this mailbox.
'Send as' delegates - Mailbox SettingsUsers who can send emails from this mailbox.
Litigation Hold EnabledLitigation hold status on a mailbox.
Litigation Hold DateDate on which the hold was placed.
Litigation Hold OwnerUser who placed the hold.
Litigation Hold DurationDuration of the hold.

back to top >

MFA info

Use this button to load MFA status, methods, contact information for selected users. PowerShell is required and you will be prompted to authenticate the first time during a session.

Status - Get MFA info
Requirement State
Default Method
Phone Number
Alternate Phone Number
Device Name
Device Authentication Type
Relying Party

back to top >

2 - Edit user data

In this section, you will be able to create or bulk import new users, edit or update users from a file, delete users, set or remove users' managers, manage MFA states and default methods of users, reset passwords with or without one-time MFA, and revoke session tokens to require re-authentication into M365 applications.

Hybrid tenants

If you have a hybrid tenant, certain changes can be made in Azure AD or in the associated local Active Directory.

Remember to force sync and refresh the sapio365 grid to see the changes in your synced data.

* in the features below indicates that an on-prem option is available in the submenu of the button.


Create a new user in Azure AD based on the properties of selected existing users. The creation dialog will be populated with the properties common to all users you selected.

Hybrid tenants

If you have a hybrid tenant synced from a local Active Directory, you can create a user in the cloud or on-prem.

Remember to force sync and refresh the sapio365 grid to see the changes in your synced data in the grid.


Edit the property information for all selected entries. Mass-editing is possible by selecting multiple entries and modifying the desired property information. Common and different values for all selected users are indicated in the dialog. Click on the pencil icon to change a value. Once you click Apply, you will see the changes you made in the grid before you save them.

Properties that are retrieved through additional loading are displayed with an icon and text in a grid cell, indicative of the button to use to load the information.

You must load the additional data before editing these properties.

Mass edition of on-prem and hybrid users

Just like for cloud-only user accounts, you are able to directly make changes on a mass scale to user properties in Active Directory directly from sapio365 with the secure 2-step saving process of sapio365.

We have also added a Quick Search feature in the edition dialog so that you can quickly find the attribute of interest – handy when there are so many property fields.

back to top >


Clicking on the 'Delete' button will flag selected users to be deleted upon saving.

Deleted users will be sent to the User Recycle Bin, and are kept there usually for 30 days with the option to restore them or to delete them permanently.

Hybrid tenant

If you have a hybrid tenant, you will be able to make changes on-prem or in the cloud (synced users). Successful changes will depend on your sync direction.

Set Manager
Set a manager for selected users by choosing a user from the directory.
Remove Manager

Remove a set manager for the users you select.

Reset Password

Select Microsoft 365 users and reset their passwords or force password change next time they login, or both. You can set your own password which will applied for the selection or set a randomly-generated password.

After clicking on 'Apply', make sure to copy the passwords from the grid before saving because this is the only time you will see them.

The enforcement flags for password change will be set in the grid for a user until the user changes their password.

back to top >

Edit MFA

Edit Multi-factor Authentication
Configure Multi-factor Authentication for selected users.

Revoke Access

Revoke access to all Microsoft 365 applications for selected users. Click the 'Save Selected' button to apply your changes.

Clicking on the 'Revoke Access' button will revoke session tokens for selected Azure AD users, signing them out of M365 sessions to force them to sign-in again. This may take up to 15 minutes to complete. Once the changes are saved, the 'Sign-in Sessions validity' date is reset to the date and time the revoking took place. You may need to refresh to see new date/time.

More information can be found in Microsoft's documentation on revoking sessions.

Import Users*

Add users in bulk to Azure AD using any CSV or Excel file. Headers are optional and if you do have them they do not need to be formatted since the import dialog allows you to map the data which will be added to the grid.

Hybrid tenant

If you have a hybrid tenant, you will be able to make changes on-prem or in the cloud (synced users). Successful changes will depend on your sync direction.

back to top >

Update Users*

This feature allows you to make specific bulk changes to users properties using an CSV or Excel file.

Similar to the 'Import users' feature, 'Update users' lets you map the columns in your file to the columns in the sapio365 grid. The only difference is that you are asked which property to use as the criteria used to match file data to that of the grid (pink rectangle in image below): Username or Graph ID.


Prepare the Users module grid with the users you wish you to modify, and export it. Make your changes in the file and use it to update those users. sapio365 will try to automatically match header names to the grid columns, and prefill mapped data in the mapping dialog.

Hybrid tenant

If you have a hybrid tenant, you will be able to make changes on-prem or in the cloud (synced users). Successful changes will depend on your sync direction.

back to top >

3 - Retrieve content or relationship information

Get users' messages, mail settings, inbox rules, calendar events, personal contacts

Use features in the 'User Management' area to access tools to manage mail and calendar information for selected user accounts, including shared mailboxes, rooms and equipment. Open each submodule in the current window or in a new one.

When retrieving mail messages, folders and calendar events, you can choose a specific date range, or criteria to speed things along. You can also choose to more information. For example, you can include Teams private chat messages, header information and more when querying messages.

Update mailbox permissions

Launch this submodule and you will see who has access to selected mailboxes and with which permissions. You'll be able to add or remove delegates, and change their permissions.

Note: You will be asked to confirm a session or sign-in even if you have enforced Single-sign-on on your machine because this feature requires PowerShell authentication.

Delete messages and attachments

The Messages submodule lists emails for selected mailboxes with rich information about each message and its attachments.

You will able to see a preview of the message, and you can even download it as an EML file to your computer. Use any mail client, including Outlook, to view an EML file.

Load attachment information to see attachment names and other properties. You'll then be able to download them or delete all attachments for selected messages, or 'explode' them to process them individually.

Delete calendar events and attachments

The Events submodule lists calendar events for selected users with rich information about each event and its attachments.

Just like in the Messages submodule, you will able to see a preview of the events, and manage event attachments.

See users' personal contacts

List personal contacts for selected users, including all their contact information.

Delete inbox rules

See selected users' inbox rules and their components including conditions, exceptions and actions. From here, you can delete rules as long as they are not 'Read-only'.

Due to Microsoft Graph API limitations, rules that are indicated as 'Read-only' will appear empty.

VIEW Use Case & Video

back to top >

Get group memberships

Select users and retrieve a list of the groups they belong to by clicking on 1) "Group Membership" button.

In the new view, you can 1) add selected users to others groups, or 2) remove, copy or move the selected group memberships from those users to other users.

As always, you can always undo the resulting changes in the grid before you save your changes.

OneDrive documents and folders

Select users and retrieve information about their OneDrive content by clicking on 1) "OneDrive Files" button.

In the resulting submodule, you will see each users' files listed in within their folder hierarchy. From there, you can select documents or folders to 2) rename them, download them, or delete them from their respective OneDrive. You can also check them out or update their sharing permissions.

Click here for more details on document management in sapio365.

Recycle Bin: Permanently delete or restore deleted users

View deleted user accounts which are available for reinstatement. You can access this from the Users module or from the main window.

1 - Restore users

Use this button to restore the user account and its associated data, including licenses (they will be assigned if they are available), OneDrive files, and mail.

2 - Permanently delete users

Click this button to permanently delete users. Once grid changes are saved, this action cannot be undone.