Count Total Users in a Microsoft 365 Tenant

Knowing the total number of user accounts in your Microsoft 365 tenant is a foundational data point for license reconciliation, security audits, identity governance reviews, and capacity planning. While the number appears in several admin surfaces, getting a programmatic, repeatable count is essential for automation, reporting dashboards, and scheduled health checks.

This recipe covers three ways to get the count: the Microsoft 365 Admin Center (quickest for a one-off check), the Microsoft Graph API (best for automation), and PowerShell via the Microsoft Graph SDK (best for scripts and scheduled jobs).

When to run this

• Before a licensing renewal or true-up
• As part of a monthly tenant health report
• When reconciling HR headcount against directory accounts
• Before bulk operations that depend on knowing directory size

After completing this recipe you will have:

• An accurate total count of user objects in the tenant (including members and guests unless filtered)
• A reusable Graph API call or PowerShell script you can embed in dashboards or scheduled reports
• Understanding of the ConsistencyLevel: eventual header requirement for advanced Graph queries
• Optional breakdowns by user type (Member vs. Guest) and account status (enabled vs. disabled)

Things to be aware of

• Member vs. guest users: A raw count of /users includes both member accounts and B2B guest accounts. If you only want employees, filter on userType eq 'Member'.
• Disabled accounts: The default count includes disabled (blocked sign-in) accounts. Filter on accountEnabled eq true if you want active users only.
• Licensed vs. unlicensed: The user count is NOT the same as your licensed seat count. For license usage, query /subscribedSkus instead.
• ConsistencyLevel header: Graph's $count endpoint and $count=true query option require the ConsistencyLevel: eventual HTTP header. Passing it as a query parameter will fail.
• Permissions: User.Read.All is sufficient. Do not request Directory.Read.All unless you need more than user data.
• Deleted users: Soft-deleted users (in the recycle bin for 30 days) are not included in /users. Query /directory/deletedItems/microsoft.graph.user if you need those.