AzureADPreview

Important

Azure AD PowerShell is planned for deprecation. For more details on the deprecation plans, see the deprecation update. You can start trying Microsoft Graph PowerShell to interact with Azure AD as you would in Azure AD PowerShell. In addition, Microsoft Graph PowerShell allows you access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to frequent migration queries, see the migration FAQ.

The Azure Active Directory PowerShell for Graph Preview module can be downloaded and installed from the PowerShell Gallery, www.powershellgallery.com. The gallery uses the PowerShellGet module. The PowerShellGet module requires PowerShell 3.0 or newer and requires one of the following operating systems:

Windows 10 Windows 8.1 Pro Windows 8.1 Enterprise Windows 7 SP1 Windows Server 2016 TP5 Windows Server 2012 R2 Windows Server 2008 R2 SP1

PowerShellGet also requires .NET Framework 4.5 or above. You can install .NET Framework 4.5 or above from here. For more information, please refer to this link For more detailed info on installation of the AzureAD cmdlets please see: Azure Active Directory PowerShell for Graph.

These are the cmdlets in the Azure Active Directory PowerShell for Graph Preview module.

Administrative Units

Add-AzureADAdministrativeUnitMember

Adds an administrative unit member.

Add-AzureADMSAdministrativeUnitMember

Adds an administrative unit member.

Add-AzureADMSScopedRoleMembership

Adds a scoped role membership to an administrative unit.

Add-AzureADScopedRoleMembership

Adds a scoped role membership to an administrative unit.

Get-AzureADAdministrativeUnit

Gets an administrative unit.

Get-AzureADAdministrativeUnitMember

Gets a member of an administrative unit.

Get-AzureADMSAdministrativeUnit

Gets an administrative unit.

Get-AzureADMSAdministrativeUnitMember

Gets a member of an administrative unit.

Get-AzureADMSGroupPermissionGrant

Retrieves a list of permission grants that have been consented for this group.

Get-AzureADMSScopedRoleMembership

Gets a scoped role membership from an administrative unit.

Get-AzureADScopedRoleMembership

Gets a scoped role membership from an administrative unit.

New-AzureADAdministrativeUnit

Creates an administrative unit.

New-AzureADMSAdministrativeUnit

Creates an administrative unit.

New-AzureADMSAdministrativeUnitMember

Create a new object as a member of the administrativeUnit. Currently only group objects are supported.

Remove-AzureADAdministrativeUnit

Removes an administrative unit.

Remove-AzureADAdministrativeUnitMember

Removes an administrative unit member.

Remove-AzureADMSAdministrativeUnit

Removes an administrative unit.

Remove-AzureADMSAdministrativeUnitMember

Removes an administrative unit member.

Remove-AzureADMSScopedRoleMembership

Removes a scoped role membership.

Remove-AzureADScopedRoleMembership

Removes a scoped role membership.

Set-AzureADAdministrativeUnit

Updates an administrative unit.

Set-AzureADMSAdministrativeUnit

Updates an administrative unit.

Application

Add-AzureADMSApplicationOwner

Adds an owner for an application object.

Get-AzureADMSApplication

Retrieves the list of applications within the organization.

Get-AzureADMSApplicationExtensionProperty

Retrieves the list of extension properties on an application object.

Get-AzureADMSApplicationOwner

Retrieves the list of owners for an application object.

New-AzureADMSApplication

Creates (registers) a new application object.

New-AzureADMSApplicationExtensionProperty

Creates an extension property on an application object.

New-AzureADMSApplicationKey

Adds a new key to an application.

New-AzureADMSApplicationPassword

Adds a strong password to an application.

Remove-AzureADMSApplication

Deletes an application object.

Remove-AzureADMSApplicationExtensionProperty

Deletes an extension property from an application object.

Remove-AzureADMSApplicationKey

Removes a key from an application.

Remove-AzureADMSApplicationOwner

Removes an owner from an application object.

Remove-AzureADMSApplicationPassword

Remove a password from an application.

Set-AzureADMSApplication

Updates the properties of an application object.

Set-AzureADMSApplicationLogo

Sets the logo for an application object.

Application Proxy Application Management

Get-AzureADApplicationProxyApplication

The Get-AzureADApplicationProxyApplication cmdlet retrieves an application configured for Application Proxy in Azure Active Directory.

Get-AzureADApplicationProxyApplicationConnectorGroup

The Get-AzureADApplicationProxyApplicationConnectorGroup cmdlet retrieves the connector group assigned for a specific application.

New-AzureADApplicationProxyApplication

The New-AzureADApplicationProxyApplication cmdlet creates a new application configured for Application Proxy in Azure Active Directory.

Remove-AzureADApplicationProxyApplication

Deletes an Application Proxy application.

Remove-AzureADApplicationProxyApplicationConnectorGroup

The Remove-AzureADApplicationProxyApplicationConnectorGroup cmdlet sets the connector group assigned for the specified application to 'Default' and removes the current assignment.

Set-AzureADApplicationProxyApplication

The Set-AzureADApplicationProxyApplication allows you to modify and set configurations for an application in Azure Active Directory configured to use ApplicationProxy.

Set-AzureADApplicationProxyApplicationCustomDomainCertificate

The Set-AzureADApplicationProxyApplicationCustomDomainCertificate cmdlet assigns a certificate to an application configured for Application Proxy in Azure Active Directory (AD). This will upload the certificate and allow the application to use Custom Domains.

Set-AzureADApplicationProxyApplicationSingleSignOn

The Set-AzureADApplicationProxyApplicationSingleSignOn cmdlet allows you to set and modify single sign-on (SSO) settings for an application configured for Application Proxy in Azure Active Directory.

Application Proxy Connector Management

Get-AzureADApplicationProxyConnector

The Get-AzureADApplicationProxyApplicationConnector cmdlet a list of all connectors, or if specified, details of a specific connector.

Get-AzureADApplicationProxyConnectorGroup

The Get-AzureADApplicationProxyConnectorGroup cmdlet retrieves a list of all connector groups, or if specified, details of a specific connector group.

Get-AzureADApplicationProxyConnectorGroupMembers

The Get-AzureADApplicationProxyConnectorGroupMembers gets all the Application Proxy connectors associated with the given connector group.

Get-AzureADApplicationProxyConnectorMemberOf

The Get-AzureADApplicationProxyConnectorMemberOf command gets the ConnectorGroup that the specified Connector is a member of.

New-AzureADApplicationProxyConnectorGroup

The New-AzureADApplicationProxyConnectorGroup cmdlet creates a new Application Proxy Connector group.

Remove-AzureADApplicationProxyConnectorGroup

The Remove-AzureADApplicationProxyApplicationConnectorGroup cmdlet deletes an Application Proxy Connector group.

Set-AzureADApplicationProxyApplicationConnectorGroup

The Set-AzureADApplicationProxyApplicationConnectorGroup cmdlet assigns the given connector group to a specified application.

Set-AzureADApplicationProxyConnector

The Set-AzureADApplicationProxyConnector cmdlet allows reassignment of the connector to another connector group.

Set-AzureADApplicationProxyConnectorGroup

The Set-AzureADApplicationProxyConnectorGroup cmdlet allows you to change the name of a given Application Proxy connector group.

Applications

Add-AzureADApplicationOwner

Adds an owner to an application.

Add-AzureADApplicationPolicy

The Add-AzureADApplicationPolicy cmdlet is not available at this time.

Get-AzureADApplication

Gets an application.

Get-AzureADApplicationExtensionProperty

Gets application extension properties.

Get-AzureADApplicationKeyCredential

Gets the key credentials for an application.

Get-AzureADApplicationLogo

Retrieve the logo of an application

Get-AzureADApplicationOwner

Gets the owner of an application.

Get-AzureADApplicationPasswordCredential

Gets the password credential for an application.

Get-AzureADApplicationPolicy

Gets an application policy.

Get-AzureADApplicationServiceEndpoint

Retrieve the service endpoint of an application

Get-AzureADDeletedApplication

Retrieves the list of previously deleted applications

New-AzureADApplication

Creates an application.

New-AzureADApplicationExtensionProperty

Creates an application extension property.

New-AzureADApplicationKeyCredential

Creates a key credential for an application.

New-AzureADApplicationPasswordCredential

Creates a password credential for an application.

Remove-AzureADApplication

Delete an application by objectId.

Remove-AzureADApplicationExtensionProperty

Removes an application extension property.

Remove-AzureADApplicationKeyCredential

Removes a key credential from an application.

Remove-AzureADApplicationOwner

Removes an owner from an application.

Remove-AzureADApplicationPasswordCredential

Removes a password credential from an application.

Remove-AzureADMSApplicationVerifiedPublisher

Removes the verified publisher from an application.

Set-AzureADApplication

Updates an application.

Set-AzureADApplicationLogo

Sets the logo for an Application

Set-AzureADMSApplicationVerifiedPublisher

Sets the verified publisher of an application to a verified Microsoft Partner Network (MPN) identifier.

AzureADPreview

Add-AzureADMSServicePrincipalDelegatedPermissionClassification

Add a classification for a delegated permission.

Get-AzureADApplicationSignInDetailedSummary

Get detailed sign in summaries

Get-AzureADApplicationSignInSummary

Get signin summary by last number of days

Get-AzureADExternalDomainFederation

Get an externalDomainFederation by external domain name.

Get-AzureADMSApplicationTemplate

Retrieve a list of applicationTemplate objects

Get-AzureADMSConditionalAccessPolicy

Gets an Azure Active Directory conditional access policy.

Get-AzureADMSNamedLocationPolicy

Gets an Azure Active Directory named location policy.

Get-AzureADMSPasswordSingleSignOnCredential

Gets the password SSO credentials

Get-AzureADMSPermissionGrantConditionSet

Get an Azure Active Directory permission grant condition set by id.

Get-AzureADMSPermissionGrantPolicy

Gets a permission grant policy.

Get-AzureADMSServicePrincipalDelegatedPermissionClassification

Retreive the delegated permission classification objects on a service principal.

Get-AzureADPrivilegedRole

{{ Fill in the Synopsis }}

Get-AzureADPrivilegedRoleAssignment

{{ Fill in the Synopsis }}

Get-CrossCloudVerificationCode

{{ Fill in the Synopsis }}

New-AzureADExternalDomainFederation

Create a new externalDomainFederation in Azure Active Directory

New-AzureADMSApplicationFromApplicationTemplate

Instantiates an application

New-AzureADMSConditionalAccessPolicy

Creates a new conditional access policy in Azure Active Directory.

New-AzureADMSNamedLocationPolicy

Creates a new named location policy in Azure Active Directory.

New-AzureADMSPasswordSingleSignOnCredential

Creates the password SSO credentials

New-AzureADMSPermissionGrantConditionSet

Create a new Azure Active Directory permission grant condition set in a given policy.

New-AzureADMSPermissionGrantPolicy

Creates a permission grant policy.

New-AzureADPrivilegedRoleAssignment

{{ Fill in the Synopsis }}

Remove-AzureADApplicationPolicy

Removes an application policy.

Remove-AzureADDeletedApplication

{{ Fill in the Synopsis }}

Remove-AzureADExternalDomainFederation

Delete an externalDomainFederation by external domain name.

Remove-AzureADMSConditionalAccessPolicy

Deletes a conditional access policy in Azure Active Directory by Id.

Remove-AzureADMSNamedLocationPolicy

Deletes an Azure Active Directory named location policy by PolicyId.

Remove-AzureADMSPasswordSingleSignOnCredential

Removes the password SSO credentials

Remove-AzureADMSPermissionGrantConditionSet

Delete an Azure Active Directory permission grant condition set by id

Remove-AzureADMSPermissionGrantPolicy

Removes a permission grant policy.

Remove-AzureADMSServicePrincipalDelegatedPermissionClassification

Remove delegated permission classification.

Remove-AzureADServicePrincipalPolicy
Set-AzureADMSConditionalAccessPolicy

Updates a conditional access policy in Azure Active Directory by Id.

Set-AzureADMSNamedLocationPolicy

Updates a named location policy in Azure Active Directory by PolicyId.

Set-AzureADMSPasswordSingleSignOnCredential

Sets the password SSO credentials

Set-AzureADMSPermissionGrantConditionSet

Update an existing Azure Active Directory permission grant condition set.

Set-AzureADMSPermissionGrantPolicy

Updates a permission grant policy.

Certificate Authorities

Get-AzureADTrustedCertificateAuthority

Gets the trusted certificate authority.

New-AzureADTrustedCertificateAuthority

Creates a trusted certificate authority.

Remove-AzureADTrustedCertificateAuthority

Removes a trusted certificate authority.

Set-AzureADTrustedCertificateAuthority

Updates a trusted certificate authority.

Connect to your directory

Connect-AzureAD

Connects with an authenticated account to use Active Directory cmdlet requests.

Disconnect-AzureAD

Disconnects the current session from an Azure Active Directory tenant.

Get-AzureADCurrentSessionInfo

This cmdlet will return the current session state

Contacts

Get-AzureADContact

Gets a contact from Azure Active Directory.

Get-AzureADContactDirectReport

Get the direct reports for a contact.

Get-AzureADContactManager

Gets the manager of a contact.

Get-AzureADContactMembership

Get a contact membership.

Get-AzureADContactThumbnailPhoto

Retrieves the thumbnail photo of a contact

Remove-AzureADContact

Removes a contact.

Remove-AzureADContactManager

Removes a contact's manager.

Select-AzureADGroupIdsContactIsMemberOf

Get groups in which a contact is a member.

Contracts

Get-AzureADContract

Gets a contract.

Custom Security Attributes

Add-AzureADMScustomSecurityAttributeDefinitionAllowedValues

Adds a predefined value for a custom security attribute definition.

Get-AzureADMSAttributeSet

Gets a list of attribute sets.

Get-AzureADMSCustomSecurityAttributeDefinition

Gets a list of custom security attribute definitions.

Get-AzureADMSCustomSecurityAttributeDefinitionAllowedValue

Gets the predefined value for a custom security attribute definition.

New-AzureADMSAttributeSet

Adds a new attribute set.

New-AzureADMSCustomSecurityAttributeDefinition

Adds a new custom security attribute definition.

Set-AzureADMSAttributeSet

Updates an existing attribute set.

Set-AzureADMSCustomSecurityAttributeDefinition

Updates an existing custom security attribute definition.

Set-AzureADMSCustomSecurityAttributeDefinitionAllowedValue

Updates an existing custom security attribute definition predefined value.

Deleted Objects

Get-AzureADMSDeletedDirectoryObject

This cmdlet is used to retrieve a soft deleted directory object from the directory

Get-AzureADMSDeletedGroup

This cmdlet is used to retrieve the soft deleted groups in a directory.

Remove-AzureADMSDeletedDirectoryObject

This cmdlet is used to permanently delete a previously deleted directory object

Restore-AzureADDeletedApplication

Restores a previously deleted application

Restore-AzureADMSDeletedDirectoryObject

This cmdlet is used to restore a previously deleted object.

Devices

Add-AzureADDeviceRegisteredOwner

Adds a registered owner for a device.

Add-AzureADDeviceRegisteredUser

Adds a registered user for a device.

Get-AzureADDevice

Gets a device from Active Directory.

Get-AzureADDeviceConfiguration

This cmdlet retrieves the device configuration object

Get-AzureADDeviceRegisteredOwner

Gets the registered owner of a device.

Get-AzureADDeviceRegisteredUser

Gets a registered user.

New-AzureADDevice

Creates a device.

Remove-AzureADDevice

Deletes a device.

Remove-AzureADDeviceRegisteredOwner

Removes the registered owner of a device.

Remove-AzureADDeviceRegisteredUser

Removes a registered user from a device.

Set-AzureADDevice

Updates a device.

Directory

Get-AzureADSubscribedSku

Gets subscribed SKUs to Microsoft services.

Get-AzureADTenantDetail

Gets the details of a tenant.

Set-AzureADTenantDetail

Set contact details for a tenant

Directory Auditing

Get-AzureADAuditDirectoryLogs

Get directory audit logs

Get-AzureADAuditSignInLogs

Get audit logs of sign ins.

Directory Objects

Get-AzureADObjectByObjectId

Retrieves the object(s) specified by the objectIds parameter

Directory Roles

Add-AzureADDirectoryRoleMember

Adds a member to a directory role.

Enable-AzureADDirectoryRole

Activates an existing directory role in Azure Active Directory.

Get-AzureADDirectoryRole

Gets a directory role.

Get-AzureADDirectoryRoleMember

Gets members of a directory role.

Get-AzureADDirectoryRoleTemplate

Gets directory role templates.

Remove-AzureADDirectoryRoleMember

Removes a member of a directory role.

Directory Settings

Get-AzureADDirectorySetting

Gets a directory setting.

Get-AzureADDirectorySettingTemplate

Gets a directory setting template.

New-AzureADDirectorySetting

Creates a directory settings object.

Remove-AzureADDirectorySetting

Deletes a directory setting in Azure Active Directory.

Set-AzureADDirectorySetting

Updates a directory setting in Azure Active Directory.

Domains

Confirm-AzureADDomain

Validate the ownership of a domain.

Get-AzureADDomain

Gets a domain.

Get-AzureADDomainNameReference

This cmdlet retrieves the objects that are referenced by a given domain name

Get-AzureADDomainServiceConfigurationRecord

Gets the domain's service configuration records from the serviceConfigurationRecords navigation property.

Get-AzureADDomainVerificationDnsRecord

Retrieve the domain verification DNS record for a domain

New-AzureADDomain

Creates a domain.

Remove-AzureADDomain

Removes a domain.

Set-AzureADDomain

Updates a domain.

Extension Properties

Get-AzureADExtensionProperty

Gets extension properties registered with Azure AD.

Groups

Add-AzureADGroupMember

Adds a member to a group.

Add-AzureADGroupOwner

Adds an owner to a group.

Add-AzureADMSLifecyclePolicyGroup

Adds a group to a lifecycle policy

Get-AzureADGroup

Gets a group.

Get-AzureADGroupAppRoleAssignment

Gets a group application role assignment.

Get-AzureADGroupMember

Gets a member of a group.

Get-AzureADGroupOwner

Gets an owner of a group.

Get-AzureADMSGroup

Gets information about groups in Azure AD.

Get-AzureADMSGroupLifecyclePolicy

Retrieves the properties and relationships of a groupLifecyclePolicies object in Azure Active Directory

Get-AzureADMSLifecyclePolicyGroup

Retrieves the lifecycle policy object to which a group belongs.

New-AzureADGroup

Creates a group.

New-AzureADGroupAppRoleAssignment

Assign a group of users to an application role.

New-AzureADMSGroup

Creates an Azure AD group.

New-AzureADMSGroupLifecyclePolicy

Creates a new groupLifecyclePolicy

Remove-AzureADGroup

Removes a group.

Remove-AzureADGroupAppRoleAssignment

Delete a group application role assignment.

Remove-AzureADGroupMember

Removes a member from a group.

Remove-AzureADGroupOwner

Removes an owner from a group.

Remove-AzureADMSGroup

Removes an Azure AD group.

Remove-AzureADMSGroupLifecyclePolicy

Deletes a groupLifecyclePolicies object

Remove-AzureADMSLifecyclePolicyGroup

Removes a group from a lifecycle policy

Reset-AzureADMSLifeCycleGroup

Renews a group by updating the RenewedDateTime property on a group to the current DateTime.

Select-AzureADGroupIdsGroupIsMemberOf

Gets group IDs that a group is a member of.

Set-AzureADGroup

Updates a specific group in Azure Active Directory

Set-AzureADMSGroup

{{Fill in the Synopsis}}

Set-AzureADMSGroupLifecyclePolicy

Updates a specific group Lifecycle Policy in Azure Active Directory

Identity Provider Management

Get-AzureADMSIdentityProvider

This cmdlet is used to retrieve the configured identity providers in the directory.

New-AzureADMSIdentityProvider

This cmdlet is used to configure a new identity provider in the directory.

Remove-AzureADMSIdentityProvider

This cmdlet is used to delete an identity provider in the directory.

Set-AzureADMSIdentityProvider

This cmdlet is used to update the properties of an existing identity provider configured in the directory.

OAuth2

Get-AzureADOAuth2PermissionGrant

Gets OAuth2PermissionGrant entities.

Remove-AzureADOAuth2PermissionGrant

Removes an oAuth2PermissionGrant.

Object Settings

Get-AzureADObjectSetting

Gets an object setting.

New-AzureADObjectSetting

Creates a settings object.

Remove-AzureADObjectSetting

Deletes settings in Azure Active Directory.

Set-AzureADObjectSetting

Updates object settings.

Policies

Get-AzureADMSAuthorizationPolicy

Gets an authorization policy.

Get-AzureADPolicy

Gets a policy.

Get-AzureADPolicyAppliedObject
New-AzureADPolicy

Creates a policy.

Remove-AzureADPolicy

Removes a policy.

Set-AzureADMSAuthorizationPolicy

Updates an authorization policy.

Set-AzureADPolicy

Updates a policy.

Privileged Role Management

Add-AzureADMSPrivilegedResource

Use this API to add a new azure AD MS privileged resource.

Close-AzureADMSPrivilegedRoleAssignmentRequest

Cancel a AzureADMSPrivilegedRoleAssignmentRequest

Get-AzureADMSPrivilegedResource

Get azure AD MS privileged resource

Get-AzureADMSPrivilegedRoleAssignment

Get role assignments for a specific provider and resource

Get-AzureADMSPrivilegedRoleAssignmentRequest

Get role assignment request for a specific resource

Get-AzureADMSPrivilegedRoleDefinition

Get role definitions

Get-AzureADMSPrivilegedRoleSetting

Get role settings

Open-AzureADMSPrivilegedRoleAssignmentRequest

Create a role assignment request

Set-AzureADMSPrivilegedRoleAssignmentRequest

Update a role assignment request

Set-AzureADMSPrivilegedRoleSetting

Update role setting

Role Management

Get-AzureADMSRoleAssignment

Gets information about role assignments in Azure AD.

Get-AzureADMSRoleDefinition

Gets information about role definitions in Azure AD.

New-AzureADMSRoleAssignment

Creates an Azure AD role assignment.

New-AzureADMSRoleDefinition

Creates an Azure AD role definition.

Remove-AzureADMSRoleAssignment

Removes a role assignment.

Remove-AzureADMSRoleDefinition

Removes a role definition.

Set-AzureADMSRoleDefinition

Update a role definition.

Service Principals

Add-AzureADServicePrincipalOwner

Adds an owner to a service principal.

Add-AzureADServicePrincipalPolicy

Adds a service principal policy.

Get-AzureADMSServicePrincipal

Gets a service principal.

Get-AzureADServiceAppRoleAssignedTo

{{Fill in the Synopsis}}

Get-AzureADServiceAppRoleAssignment

Gets a service principal application role assignment.

Get-AzureADServicePrincipal

Gets a service principal.

Get-AzureADServicePrincipalCreatedObject

Get objects created by a service principal.

Get-AzureADServicePrincipalKeyCredential

Get key credentials for a service principal.

Get-AzureADServicePrincipalMembership

Get a service principal membership.

Get-AzureADServicePrincipalOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object.

Get-AzureADServicePrincipalOwnedObject

Gets an object owned by a service principal.

Get-AzureADServicePrincipalOwner

Get the owner of a service principal.

Get-AzureADServicePrincipalPasswordCredential

Get credentials for a service principal.

Get-AzureADServicePrincipalPolicy
New-AzureADServiceAppRoleAssignment

Assigns a service principal to an application role.

New-AzureADServicePrincipal

Creates a service principal.

New-AzureADServicePrincipalKeyCredential

Create a new key credential for a service principal

New-AzureADServicePrincipalPasswordCredential

Creates a password credential for a service principal.

Remove-AzureADServiceAppRoleAssignment

Removes a service principal application role assignment.

Remove-AzureADServicePrincipal

Removes a service principal.

Remove-AzureADServicePrincipalKeyCredential

Removes a key credential from a service principal.

Remove-AzureADServicePrincipalOwner

Removes an owner from a service principal.

Remove-AzureADServicePrincipalPasswordCredential

Removes a password credential from a service principal.

Select-AzureADGroupIdsServicePrincipalIsMemberOf

Selects the groups in which a service principal is a member.

Set-AzureADMSServicePrincipal

Updates a service principal.

Set-AzureADServicePrincipal

Updates a service principal.

Staged Rollout

Add-AzureADMSFeatureRolloutPolicyDirectoryObject

Allows an admin to add a group to the cloud authentication roll-out policy in Azure AD. Users in this group will start authenticating to the cloud per policy.

Get-AzureADMSFeatureRolloutPolicy

Gets the policy for cloud authentication roll-out in Azure Active Directory.

New-AzureADMSFeatureRolloutPolicy

Allows an admin to create the policy for cloud authentication roll-out in Azure AD.

Remove-AzureADMSFeatureRolloutPolicy

Allows an admin to remove the policy for cloud authentication roll-out in Azure AD.

Remove-AzureADMSFeatureRolloutPolicyDirectoryObject

Allows an admin to remove a group from the cloud authentication rollout policy in Azure AD. Users in this group will revert back to the authenticating using the global policy (in most cases this will be federation).

Set-AzureADMSFeatureRolloutPolicy

Allows an admin to modify the policy for cloud authentication roll-out in Azure AD.

Trust Framework Policy Management

Get-AzureADMSTrustFrameworkPolicy

This cmdlet is used to retrieve the created trust framework policies (custom policies) in the directory.

New-AzureADMSTrustFrameworkPolicy

This cmdlet is used to create a trust framework policy (custom policy) in the directory.

Remove-AzureADMSTrustFrameworkPolicy

This cmdlet is used to delete a trust framework policy (custom policy) in the directory.

Set-AzureADMSTrustFrameworkPolicy

This cmdlet is used to update a trust framework policy (custom policy) in the directory.

Users

Get-AzureADMSUser

Gets a user.

Get-AzureADUser

Gets a user.

Get-AzureADUserAppRoleAssignment

Get a user application role assignment.

Get-AzureADUserCreatedObject

Get objects created by the user.

Get-AzureADUserDirectReport

Get the user's direct reports.

Get-AzureADUserExtension

Gets a user extension.

Get-AzureADUserLicenseDetail

Retrieves license details for a user

Get-AzureADUserManager

Gets the manager of a user.

Get-AzureADUserMembership

Get user memberships.

Get-AzureADUserOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object.

Get-AzureADUserOwnedDevice

Get registered devices owned by a user.

Get-AzureADUserOwnedObject

Get objects owned by a user.

Get-AzureADUserRegisteredDevice

Get devices registered by a user.

Get-AzureADUserThumbnailPhoto

Retrieve the thumbnail photo of a user

New-AzureADMSInvitation

This cmdlet is used to invite a new external user to your directory.

New-AzureADUser

Creates an AD user.

New-AzureADUserAppRoleAssignment

Assigns a user to an application role.

Remove-AzureADUser

Removes a user.

Remove-AzureADUserAppRoleAssignment

Removes a user application role assignment.

Remove-AzureADUserExtension

Removes a user extension.

Remove-AzureADUserManager

Removes a user's manager.

Revoke-AzureADSignedInUserAllRefreshToken

Invalidates the refresh tokens issued to applications for the current user.

Revoke-AzureADUserAllRefreshToken

Invalidates the refresh tokens issued to applications for a user.

Select-AzureADGroupIdsUserIsMemberOf

Selects the groups that a user is a member of.

Set-AzureADMSUser

Updates a user.

Set-AzureADUser

Updates a user.

Set-AzureADUserExtension

Sets a user extension.

Set-AzureADUserLicense

Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.

Note

The Set-AzureADUserLicense cmdlet is deprecated. Learn how to assign licenses with Microsoft Graph PowerShell. For more info, see the Assign License Microsoft Graph API.

Set-AzureADUserManager

Updates a user's manager.

Set-AzureADUserPassword

Sets the password of a user.

Set-AzureADUserThumbnailPhoto

Set the thumbnail photo for a user

Update-AzureADSignedInUserPassword

Updates the password for the signed-in user.