Prerequisites to use PowerShell for Microsoft Entra roles
If you want to manage Microsoft Entra roles using PowerShell, you must have the required prerequisites. This article describes the PowerShell prerequisites for different Microsoft Entra role features.
Microsoft Graph PowerShell
To use PowerShell commands to do the following:
- Add users, groups, or devices to an administrative unit
- Create a new group in an administrative unit
You must have the Microsoft Graph PowerShell SDK installed:
Azure AD PowerShell module
To use PowerShell commands to do the following:
- List role assignments
- Create a role-assignable group
- Manage administrative units
You must have the following module installed:
- Azure AD PowerShell module (current version)
Check Azure AD PowerShell version
To check which version of Azure AD PowerShell you have installed, use Get-InstalledModule.
Get-InstalledModule -Name AzureAD
You should see output similar to the following:
Version Name Repository Description
------- ---- ---------- -----------
2.0.2.140 AzureAD PSGallery Azure Active Directory V2 General Availability M...
Install Azure AD PowerShell
If you don't have Azure AD PowerShell installed, use Install-Module to install Azure AD PowerShell.
Install-Module -Name AzureAD
Update Azure AD PowerShell
To update Azure AD PowerShell to the latest version, re-run Install-Module.
Install-Module -Name AzureAD
Use Azure AD PowerShell
To use Azure AD PowerShell, follow these steps to make sure it is imported into the current session.
Use Get-Module to check if Azure AD PowerShell is loaded into memory.
Get-Module -Name AzureADIf you don't see any output in the previous step, use Import-Module to import Azure AD PowerShell. The
-Forceparameter removes the loaded module and then imports it again.Import-Module -Name AzureAD -ForceRun Get-Module again.
Get-Module -Name AzureADYou should see output similar to the following:
ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Binary 2.0.2.140 AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredO...
AzureADPreview module
To use PowerShell commands to do the following:
- Assign roles to users or groups
- Remove a role assignment
- Make a group eligible for a role using Privileged Identity Management
- Create custom roles
You must have the following module installed:
- AzureADPreview (current version)
Check AzureADPreview version
To check which version of AzureADPreview you have installed, use Get-InstalledModule.
Get-InstalledModule -Name AzureADPreview
You should see output similar to the following:
Version Name Repository Description
------- ---- ---------- -----------
2.0.2.149 AzureADPreview PSGallery Azure Active Directory V2 Preview Module. ...
Install AzureADPreview
If you don't have AzureADPreview installed, use Install-Module to install AzureADPreview.
Install-Module -Name AzureADPreview
Update AzureADPreview
To update AzureADPreview to the latest version, re-run Install-Module.
Install-Module -Name AzureADPreview
Use AzureADPreview
To use AzureADPreview, follow these steps to make sure it is imported into the current session.
Use Get-Module to check if AzureADPreview is loaded into memory.
Get-Module -Name AzureADPreviewIf you don't see any output in the previous step, use Import-Module to import AzureADPreview. The
-Forceparameter removes the loaded module and then imports it again.Import-Module -Name AzureADPreview -ForceRun Get-Module again.
Get-Module -Name AzureADPreviewYou should see output similar to the following:
ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Binary 2.0.2.149 AzureADPreview {Add-AzureADAdministrativeUnitMember, Add-AzureADApplicati...