3 Ways to Remove Members from Groups in Microsoft 365

Group memberships change all the time, people switch roles, projects wrap up, and accounts are offboarded. Keeping Microsoft 365 groups tidy helps maintain least-privilege access, reduce risk, and avoid confusing team experiences in Outlook, Teams, and SharePoint.

This guide shows three practical ways to remove members based on your role and tools: Microsoft 365 admin center, Microsoft Entra ID (Azure AD), and PowerShell. We’ll note permissions, scope, and audit tips along the way.

Table of Contents

• Use Microsoft 365's UI
• Use Torii
• Use Microsoft 365's API

Use Microsoft 365’s UI

Here, you’ll use the Microsoft 365 admin center to remove someone from a group. These steps align with Microsoft’s own admin help articles for managing group membership in the UI.

Check your permissions

You need an admin role that can manage groups, like Global admin, Groups admin, or User admin.

Open the Microsoft 365 admin center

• Go to the Microsoft 365 admin center and sign in with your admin account.
• In the left navigation, select Teams & groups, then Active teams & groups.

Find the group

Use search or filters to locate the group. You’ll see group types like:

• Microsoft 365
• Distribution list
• Security
• Mail-enabled security

Select the group name to open its details.

Remove the member

• On the group page, open the Members tab.
• Select View all and manage members.
• Find the person you want to remove. You can scroll or use the search box.
• Select the user, then choose Remove. Confirm if prompted.
• If you see Save changes, select it to finish.

Notes:

• For Microsoft 365 groups, removing the user here also removes them from the connected Team, group mailbox, Planner, and SharePoint site.
• If you don’t see Remove, the group may have settings that limit changes in this page, or it could be managed elsewhere. Check your role and the group type.

Verify the change

• The person should disappear from the member list right away. If not, refresh the page.
• Changes can take a few minutes to show across apps like Teams and SharePoint. Give it a moment, then check access in those apps if needed.

What the user loses

Once removed from a Microsoft 365 group, the user no longer has:

• Access to the Team tied to the group
• The group’s SharePoint site and files
• The group mailbox and calendar
• Group resources like Planner plans

Quick troubleshooting

• Can’t find the group:
  • Use the group type filter and confirm you’re in Active teams & groups.
• Remove button missing:
  • You might not have the right role, or the group is managed with settings that block changes here.
• Change isn’t showing in Teams:
  • Wait a few minutes and refresh the Teams client. Propagation can lag slightly.

If you want deeper background, Microsoft’s admin docs cover these exact pages and labels, including “Add or remove members from Microsoft 365 groups in the admin center” and related articles for distribution lists and security groups.

Use Torii

Instead of working directly in Microsoft 365, you can use Torii, a SaaS Management Platform, to remove member from groups in Microsoft 365. SMPs centralize management of your SaaS subscriptions and integrations, making it easy to programmatically on/offboard users, view subscription details, and more.

Rather than completing this manually in Microsoft 365, Torii lets you automate the task so it runs whenever a defined trigger occurs. Triggers can include a new hire, an employee departure, a contract renewal, and more. This saves time when the action needs to be repeated often.

To remove member from groups in Microsoft 365 straight from Torii, follow these steps:

1. Sign up for Torii

Contact Torii, and request your free two-week proof-of-concept.

2. Connect your Microsoft 365 account to Torii

Once your account is active, connect Microsoft 365 to Torii (assuming you already have an account). Here are the instructions for the Microsoft 365 integration.

3. Create a Torii workflow for Microsoft 365

In Torii, create an automated workflow to remove member from groups in Microsoft 365. Go to the Workflows tab, choose a trigger, and add an action that will remove member from groups in Microsoft 365. After that, each time the trigger fires, Microsoft 365 will be updated automatically.

Use Microsoft 365’s API

Use Microsoft Graph to remove members from groups

Here, you’ll call Microsoft Graph to remove a user or group from a Microsoft 365 group. We’ll cover the permissions, how to look up IDs, and the delete call.

1. Get the right permissions and an access token

You need Microsoft Graph permissions that allow editing group membership. The Microsoft Graph docs list these under “Delete member” for groups.

• Choose one:
  • Delegated permissions: Group.ReadWrite.All
  • Application permissions: Group.ReadWrite.All or Directory.ReadWrite.All
  • Admin consent is required for these permissions.

Example token request with client credentials is:

curl -X POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-D "client_id={client-id}&client_secret={client-secret}&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default"

Save the access token:

export ACCESS_TOKEN="eyJ."

2. Find the group ID

If you already know the group ID, skip this. If not, query by name. The Graph docs cover “List groups” and “Get group.”

Example curl is:

curl -X GET "https://graph.microsoft.com/v1.0/groups?$filter=displayName eq 'Sales Team'&$select=id,displayName,groupTypes" \
-H "Authorization: Bearer $ACCESS_TOKEN"

Note the id from the result. If groupTypes contains DynamicMembership, you cannot manually remove members.

3. Find the member’s directory object ID

You can resolve a user by UPN, or list the group’s members and pick the right one. See “Get user” and “List group members” in the Graph docs.

Example, resolve by UPN:

curl -X GET "https://graph.microsoft.com/v1.0/users/[email protected]?$select=id,displayName,userPrincipalName" \
-H "Authorization: Bearer $ACCESS_TOKEN"

Or list group members:

curl -X GET "https://graph.microsoft.com/v1.0/groups/{group-id}/members?$select=id,displayName,userPrincipalName" \
-H "Authorization: Bearer $ACCESS_TOKEN"

Copy the member id you want to remove. This works for users, service principals, devices, or nested groups.

4. Remove the member from the group

Use the “Delete member” operation. You delete the reference between the group and the directory object.

Example curl is:

curl -X DELETE "https://graph.microsoft.com/v1.0/groups/{group-id}/members/{member-id}/$ref" \
-H "Authorization: Bearer $ACCESS_TOKEN"

A successful delete returns 204 No Content.

5. Verify the change

You can list members again to confirm the user is gone.

Example curl is:

curl -X GET "https://graph.microsoft.com/v1.0/groups/{group-id}/members?$select=id,displayName,userPrincipalName" \
-H "Authorization: Bearer $ACCESS_TOKEN"

6. Common variations and edge cases

• Remove an owner instead of a member:
  • Use the owners relationship: DELETE /v1.0/groups/{group-id}/owners/{owner-id}/$ref
• Remove a nested group from a group:
  • Use the child group’s id in the same members endpoint. Only security groups can be members of security groups.
• Teams that use a Microsoft 365 group:
  • Removing the user from the underlying group removes them from the team.
• Dynamic membership groups:
  • You cannot add or remove members directly. Update the membership rule instead. The Graph “Group” docs explain this behavior.
• Errors to watch:
  • 403 Insufficient privileges: the app or user lacks Group.ReadWrite.All or consent was not granted.
  • 400 or 409 for dynamic groups or invalid relationships. The response body explains the constraint.