Microsoft Graph PowerShell Tips and Tricks, Part 1: Introduction

Reading Time: 3 minutes

Microsoft Graph Giraffes

The AzureAD, MSOnline and AzureADPreview PowerShell modules are scheduled for deprecation. The schedule has changed a couple of times. To be prepared, admins should get going with the new Microsoft Graph PowerShell SDK module. However, the Microsoft Graph PowerShell SDK works differently. There's a learning curve that has proven steep. Many admins who have walked the path before you have reported many issues.

This blogpost series aims to help you on your journey. Together with Aleksandar Nikolic, a Microsoft MVP with an extensive background in PowerShell, we're providing tips and tricks on finding your way through typical questions, situations and annoyances.

This first blogpost in this series provides background on why Microsoft is changing is.

 

About the Microsoft Graph

Microsoft Graph is a unified endpoint for accessing data, intelligence, and insights in Microsoft 365.

 

About Azure AD and PowerShell

Azure AD is one of the many services that are part of the Microsoft 365 suite. For a long time, Azure AD had its own application programming interfaces (APIs). The cmdlets in the MSOnline PowerShell module (introduced in 2012) use its own non-public-callable API. The AzureAD PowerShell module started life in 2015 as a result of the vision that all the functionality should be available through a public API. The cmdlets in the AzureADPreview module points to the same API as the ones in the AzureAD module, but then in beta mode.

The problems with these PowerShell modules is that each one of them doesn't cover all the cmdlets needed to fully manage Azure AD. Some cmdlets are in the MSOnline PowerShell module. Most of the cmdlets are in the AzureAD module. Other issues with the MSOnline, AzureAD and AzureADPreview modules is that:

  • Rarely the latest version of the PowerShell modules is present on admin devices.
    Updates need to be performed manually and admins are typically hesitant of updating something that works as functionality may break.
  • These modules are not cross-platform.
  • These modules are not open source.

 

About the Microsoft Graph PowerShell SDK

The Microsoft Graph PowerShell SDK unifies all the functionality of the cmdlets of the AzureAD, MSOnline and AzureADPreview PowerShell modules.

The Microsoft Graph PowerShell SDK aims to put unity in the above 'unified endpoint' strategy. Individual product teams should work on their own modules, but these modules should be based on the cmdlets in the Microsoft Graph PowerShell SDK. We are still waiting for this to happen. Only some teams have based their cmdlets off the SDK… The Microsoft Graph team automatically generates the cmdlets based on the Swagger spec of the Graph API, adhering to the OpenAPI standard.

This saves Microsoft engineering time and allows them to provide access to Microsoft 365 functionality faster.

The benefit for users of the Microsoft Graph PowerShell SDK is that they can get their hands on the latest and greatest in Azure AD on the command-line faster. The downside is that they need to relearn how to do even the basic stuff all over. Admins may also need additional permissions in Azure AD beyond the Global Reader role to get started. Even with the most extensive tools to do all that, they need to cope with changed outputs for their pipelines.

In short: It's a mess. However, just like in life, it's about the journey. Not the destination.

 

Let's go!

Now that we know what to expect, let's start our journey moving to the Microsoft Graph PowerShell SDK.

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.