Table of Contents
The AzureAD, MSOnline and AzureADPreview PowerShell modules are scheduled for deprecation. The schedule has changed a couple of times. To be prepared, admins should get going with the new Microsoft Graph PowerShell SDK module. However, the Microsoft Graph PowerShell SDK works differently. There’s a learning curve that has proven steep. Many admins who have walked the path before you have reported many issues.
About Entra ID and PowerShell
Entra ID is one of the many services that are part of the Microsoft 365 suite. For a long time, Entra ID had its own application programming interfaces (APIs). The cmdlets in the MSOnline PowerShell module (introduced in 2012) use its own non-public-callable API. The AzureAD PowerShell module started life in 2015 as a result of the vision that all the functionality should be available through a public API. The cmdlets in the AzureADPreview module points to the same API as the ones in the AzureAD module, but then in beta mode.
The problems with these PowerShell modules is that each one of them doesn’t cover all the cmdlets needed to fully manage Entra ID. Some cmdlets are in the MSOnline PowerShell module. Most of the cmdlets are in the AzureAD module. Other issues with the MSOnline, AzureAD and AzureADPreview modules is that:
- Rarely the latest version of the PowerShell modules is present on admin devices.
Updates need to be performed manually and admins are typically hesitant of updating something that works as functionality may break. - These modules are not cross-platform.
- These modules are not open source.
About the Microsoft Graph PowerShell SDK
Microsoft Graph is a unified endpoint for accessing data, intelligence, and insights in Microsoft 365. The Microsoft Graph PowerShell SDK unifies all the functionality of the cmdlets of the AzureAD, MSOnline and AzureADPreview PowerShell modules.
The Microsoft Graph PowerShell SDK aims to put unity in the above ‘unified endpoint’ strategy. Individual product teams should work on their own modules, but these modules should be based on the cmdlets in the Microsoft Graph PowerShell SDK. We are still waiting for this to happen. Only some teams have based their cmdlets off the SDK… The Microsoft Graph team automatically generates the cmdlets based on the Swagger spec of the Graph API, adhering to the OpenAPI standard.
This saves Microsoft engineering time and allows them to provide access to Microsoft 365 functionality faster.
The benefit for users of the Microsoft Graph PowerShell SDK is that they can get their hands on the latest and greatest in Entra ID on the command-line faster. The downside is that they need to relearn how to do even the basic stuff all over. Admins may also need additional permissions in Entra ID beyond the Global Reader role to get started. Even with the most extensive tools to do all that, they need to cope with changed outputs for their pipelines.
