Automate and manage Azure AD tasks at scale with the Microsoft Graph PowerShell SDK

This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.

Howdy folks,

 

We’ve heard from customers that having a great PowerShell experience is critical in helping manage your identity needs at scale from automating tasks through scripts to managing users in bulk. Today we wanted to share the investments we’re making with PowerShell that will help you save time with administrative tasks. These will be focused on, but not limited to, high-use scenarios such as user, group, and application management and role-based access controls (RBAC).

 

If you’re using the Azure AD PowerShell or MSOnline PowerShell modules to manage Azure AD, we encourage you to try the Microsoft Graph PowerShell SDK. The Microsoft Graph PowerShell SDK is where all our current and future investments are being made.

 

Derrick Kimani, a program manager in the Identity Division drives our PowerShell initiatives, and his guest blog below will take you through our current and future investments in PowerShell. As always, please share your feedback in the comments below.

 

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Corporate Vice President Program Management

Microsoft Identity Division

 

 --------------------------------------------------------

 

Hi everyone – 

 

I’m excited to share our investments in PowerShell that make it easier to manage your identity needs and critical tasks. Today, thousands of customers use PowerShell for a wide range of tasks from monitoring and tracking data changes to managing cloud applications at scale.

 

Manage Azure AD with the Microsoft Graph PowerShell SDK

Last year, we announced end of support plans for Azure Active Directory (Azure AD) Graph API in favor of Microsoft Graph. Microsoft Graph offers a single endpoint to access Microsoft 365 data. The Microsoft Graph includes all the previous Azure AD APIs and APIs from several other Microsoft services like Teams, Exchange, Intune, and more. Since the announcement last year, we’ve added more Azure AD APIs in Microsoft Graph such as: Advanced Query Support, Device Management, and Cloud communication.

 

The Microsoft Graph PowerShell SDK acts as an API wrapper for the Microsoft Graph API, exposing the entire API set for use in PowerShell. Over the coming months, we will provide usability enhancements, documentation, examples, and additional improvements to the Microsoft Graph PowerShell SDK, where we will create compound commands that map more closely to the specific tasks and scenarios admins would like to automate.

 

As Alex stated above, the Microsoft Graph PowerShell SDK is where all our current and future investments are being made and is the best choice for future-proofing your scripts. With broad Microsoft 365 support, full cross-platform support, and an up-to-date release cycle with the Microsoft Graph API, the Microsoft Graph PowerShell SDK will become our recommended module for administering Azure AD. It is open source and available cross-platform on PowerShell 7 and above.  

 

Our plan with PowerShell moving forward is as follows:
  • As new Identity APIs are added to Microsoft Graph, they will continue to be made available through the Microsoft Graph PowerShell SDK.
  • We will provide usability enhancements, documentation, examples, and additional improvements to the Microsoft Graph PowerShell SDK on an ongoing basis.
  • Our Identity-related investments in the Microsoft Graph PowerShell SDK will be focused on, but not limited to, high-use scenarios such as user, group, and application management and role-based access controls (RBAC).

Our eventual goal is that every Azure AD feature has an API in Microsoft Graph so you can administer Azure AD through the Microsoft Graph API or Microsoft Graph PowerShell SDK. If you’re using other PowerShell modules to manage Azure AD, such as the Azure AD PowerShell or MSOL, we encourage you to start using Microsoft Graph PowerShell SDK.

 

While many customers use the Azure AD PowerShell to manage users, groups, applications, and service principals, we have stopped investing in new features for this module, and it will not be updated to work with PowerShell 7.

 

To get started using the Microsoft Graph PowerShell SDK, review our updated documentation and check out the GitHub wiki to find information on Microsoft Graph-based modules. We will continue to enhance samples and documentation in the coming months. The Microsoft Graph PowerShell SDK is open-source and we encourage the PowerShell scripting community to contribute to improving our identity modules. Anyone in the identity community is welcome to deliver improvements through the same open-source contribution process used by the API engineering teams.

 

Azure PowerShell Module & CLI

In the longer term, we’re also exploring how to align the Microsoft Graph PowerShell SDK with the Azure PowerShell Module and CLI to deliver a consistent and unified terminal experience.

The Azure PowerShell modules are a set of cmdlets for managing Azure resources directly from the PowerShell command line, which can include tasks such as provisioning virtual machines, databases, and networks. While we recommend that you use the Microsoft Graph PowerShell SDK for your Azure AD needs, the Azure PowerShell Module does support a small set of cmdlets to help manage identity features such as AzADUser, AzADGroup and AzADApplication. These modules are supported on Windows PowerShell 5.1 and PowerShell 7.x and above.

 

We’d love to hear your feedback or suggestions on how we can improve Azure AD management within Microsoft Graph PowerShell SDK. If you have feedback or suggestions for any new modules, be sure to comment below. 

 

Best,

Derrick Kimani 

Program Manager

Microsoft Identity Division

 

 

Learn more about Microsoft identity:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.