We all know that Microsoft deprecated the Azure AD PowerShell and MSOnline PowerShell modules. So, they advise us to migrate all the scripts to the MS Graph PowerShell. But finding the equivalent cmdlets and updating the scripts can be tough. Don’t worry! Microsoft heard our struggle! They’ve introduced Microsoft Entra PowerShell module, which is currently in public preview. It requires only one to three lines of modification in your existing scripts, making your migration quick and easy.
Not just for migration, this new module serves various purposes for efficient Entra ID management. Let’s explore it now!
What is Microsoft Entra PowerShell Module?
The Microsoft Entra PowerShell module is built upon the Microsoft Graph PowerShell SDK. It is a scenario-focused module designed to manage and automate Microsoft Entra resources effectively, including users, applications, groups, service principals, and more.
Being part of the Graph PowerShell SDK, it allows you to seamlessly use cmdlets from both the Entra and Graph modules to perform intricate tasks with well-documented and easy-to-use commands. In simple, the Microsoft Entra PowerShell module is compatible with Microsoft Graph PowerShell.
Note: The Microsoft Entra PowerShell module supports PowerShell version 5.1 and version 7+. However, it is advisable to use PS version 7 or higher for all platforms including Windows, Linux, and macOS.
Install the Microsoft Entra PowerShell Module
The Microsoft Entra PowerShell module offers two independent installable packages. You can choose it based on your requirements.
- Microsoft.Graph.Entra (General availability/(v1.0)): It utilizes Microsoft Graph v1.0 and Microsoft Graph PowerShell SDK v1.0 resources.
- Microsoft.Graph.Entra.Beta (Beta version): It leverages the Microsoft Graph Beta and Microsoft Graph PowerShell SDK beta resources.
To install the v1.0 version of the Microsoft Entra PowerShell module, run the following cmdlet.
1 |
Install-Module -Name Microsoft.Graph.Entra -Repository PSGallery -Scope CurrentUser -AllowPrerelease –Force |
To install the Beta Microsoft Entra PowerShell module, run the following cmdlet.
1 |
Install-Module -Name Microsoft.Graph.Entra.Beta -Repository PSGallery –AllowPrerelease |
Note:
It is advised to use the v1.0 version for scripts. If the needed features are not available in this version, you can opt for the Beta module. However, be aware that cmdlets in the Beta module can change unexpectedly, which may disrupt your script executions.
Connect to the Microsoft Entra PowerShell
Once the installation is done, you can start managing your Entra resources by connecting your tenant using the cmdlet Connect-Entra as shown below.
1 |
Connect-Entra -Scopes 'User.Read.All' |
That’s it! You can use the available cmdlets to manage your Entra ID resources. To get all available cmdlets, run the “Get-Command -Module Microsoft.Graph.Entra” cmdlet. Now, let’s enter the main closeup shot!
#1 Benefit of New Entra PowerShell: Migrate Azure AD PowerShell Scripts Effortlessly!
The Entra module is designed to work with over 98% of the cmdlets you already use in Azure AD PowerShell and specific MSOnline cmdlets. This means most of your existing scripts of the deprecated Azure AD module will work with minimal changes.
The Microsoft Entra PowerShell module provides a cmdlet called Enable-EntraAzureADAlias, which can replace “Connect-AzureAD”. This allows you to keep the subsequent cmdlets in your Azure AD PowerShell scripts the same.
Here’s an example. Suppose you have an Azure AD PowerShell script that retrieves all Azure AD group details:
1 2 3 |
Connect-AzureAD Get-AzureADGroup -All:$true ..... |
To migrate this script to MS Graph PowerShell, you don’t need to search for an equivalent MS Graph cmdlet. Simply replace the connection cmdlet with Enable-EntraAzureADAlias like below.
1 2 3 4 5 |
Import-Module -Name Microsoft.Graph.Entra Connect-Entra # Replaces Connect-AzureAD Enable-EntraAzureADAlias # Activate aliasing Get-AzureADGroup -All:$true ...... |
With this aliasing, your existing scripts will work with minimal modifications, simplifying your transition to this new module. If you’ve already updated to MS Graph PowerShell, there’s no need to switch to Entra Graph PowerShell. Also, you can use the “Test-EntraScript” to check whether the Azure AD cmdlets in the scripts work with this new Entra PowerShell module. If it finds any issues, it will list the number, issue type, specific code snippet, etc. This helps you troubleshoot compatibility issues instantly.
Other Benefits of the New Entra PowerShell
- The Entra PowerShell module offers easy-to use and human-readable parameters. It also integrates seamlessly with core PowerShell features, allowing you to streamline your scripts.
- Being an open source, the Microsoft Entra PowerShell module enables community contributions to enhance PowerShell experiences and share them widely. This allows you to utilize community-driven improvements for your specific Entra requirements
- This new module supports various authentication methods, including certificate, Service Principal, and Managed Identity.
- The parameter “-Debug” in the Microsoft Entra PowerShell helps you troubleshoot issues as it provides you with detailed diagnostic information.
- You can use the “Get-Help” command to obtain detailed information about module cmdlets, functions, and examples to avoid mistakes during execution.
Error and Troubleshooting Tips
Error:
Connect-Entra : The term ‘Connect-Entra’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Solution:
1. When a user installs the beta version, they can’t connect to Entra PowerShell because the Connect-Entra cmdlet is only available in V1. Therefore, both V1 and the beta version must be installed to use the beta cmdlets.
2. This error might also occur if the Entra module is not imported. To import the module, use:
1 |
Import-Module Microsoft.Graph.Entra |
That’s it! Hope you got the simplest way to migrate your deprecation module scripts. For further comments and doubts, you can reach out to us through the comments section.