Prerequisites to use PowerShell for Microsoft Entra roles

  • Article

If you want to manage Microsoft Entra roles using PowerShell, you must have the required prerequisites. This article describes the PowerShell prerequisites for different Microsoft Entra role features.

Microsoft Graph PowerShell

To use PowerShell commands to do the following:

  • Add users, groups, or devices to an administrative unit
  • Create a new group in an administrative unit

You must have the Microsoft Graph PowerShell SDK installed:

Azure AD PowerShell module

Important

Azure AD PowerShell is planned for deprecation on March 30, 2024. To learn more, read the deprecation update. We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). Microsoft Graph PowerShell allows access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to common migration queries, see the Migration FAQ.

To use PowerShell commands to do the following:

  • List role assignments
  • Create a role-assignable group
  • Manage administrative units

You must have the following module installed:

Check Azure AD PowerShell version

To check which version of Azure AD PowerShell you have installed, use Get-InstalledModule.

Get-InstalledModule -Name AzureAD

You should see output similar to the following:

Version    Name                                Repository           Description
-------    ----                                ----------           -----------
2.0.2.140  AzureAD                             PSGallery            Azure Active Directory V2 General Availability M...

Install Azure AD PowerShell

If you don't have Azure AD PowerShell installed, use Install-Module to install Azure AD PowerShell.

Install-Module -Name AzureAD

Update Azure AD PowerShell

To update Azure AD PowerShell to the latest version, re-run Install-Module.

Install-Module -Name AzureAD

Use Azure AD PowerShell

To use Azure AD PowerShell, follow these steps to make sure it is imported into the current session.

  1. Use Get-Module to check if Azure AD PowerShell is loaded into memory.

    Get-Module -Name AzureAD

  2. If you don't see any output in the previous step, use Import-Module to import Azure AD PowerShell. The -Force parameter removes the loaded module and then imports it again.

    Import-Module -Name AzureAD -Force

  3. Run Get-Module again.

    Get-Module -Name AzureAD

    You should see output similar to the following:

    ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     2.0.2.140  AzureAD                             {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredO...

AzureADPreview module

Important

Azure AD PowerShell is planned for deprecation on March 30, 2024. To learn more, read the deprecation update. We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). Microsoft Graph PowerShell allows access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to common migration queries, see the Migration FAQ.

To use PowerShell commands to do the following:

  • Assign roles to users or groups
  • Remove a role assignment
  • Make a group eligible for a role using Privileged Identity Management
  • Create custom roles

You must have the following module installed:

Check AzureADPreview version

To check which version of AzureADPreview you have installed, use Get-InstalledModule.

Get-InstalledModule -Name AzureADPreview

You should see output similar to the following:

Version    Name                                Repository           Description
-------    ----                                ----------           -----------
2.0.2.149  AzureADPreview                      PSGallery            Azure Active Directory V2 Preview Module. ...

Install AzureADPreview

If you don't have AzureADPreview installed, use Install-Module to install AzureADPreview.

Install-Module -Name AzureADPreview

Update AzureADPreview

To update AzureADPreview to the latest version, re-run Install-Module.

Install-Module -Name AzureADPreview

Use AzureADPreview

To use AzureADPreview, follow these steps to make sure it is imported into the current session.

  1. Use Get-Module to check if AzureADPreview is loaded into memory.

    Get-Module -Name AzureADPreview

  2. If you don't see any output in the previous step, use Import-Module to import AzureADPreview. The -Force parameter removes the loaded module and then imports it again.

    Import-Module -Name AzureADPreview -Force

  3. Run Get-Module again.

    Get-Module -Name AzureADPreview

    You should see output similar to the following:

    ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Binary     2.0.2.149  AzureADPreview                      {Add-AzureADAdministrativeUnitMember, Add-AzureADApplicati...

Next steps