In this article, we’ll look at how to install the AzureAD PowerShell module, connect to your Azure Active Directory tenant and get some information from Azure. Microsoft currently allows you to use two PowerShell modules to connect to Azure AD:
- MS Online is an old module to manage the Azure/Office 365 from PowerShell.
MSOnlinemodule appeared about 6 years ago and is not developed by Microsoft now. - Azure Active Directory PowerShell for Graph (
AzureAD) is a modern PowerShell module for interacting with Azure infrastructure. The module is being actively developed, new features are being added (analogs of almost all MSOnline cmdlets are available).
5.1 installed. You can check your current PowerShell version with the command:
$PSVersionTable.PSVersion
Update the version of PowerShell on your computer if necessary.
Now you can install the Azure PowerShell module from the PowerShell Gallery. Open the PowerShell console as an administrator and run the command below:
Install-Module -Name AzureAD
The following message appears:
Untrusted repository. You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet.
Press Y -> Enter.
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
After the installation is over, you can check the version of the AzureAD module:
Get-Module AzureAD –ListAvailable
In our case, it is 2.0.2.135.
In this AzureAD module version, there are 224 cmdlets containing *-AzureAD* in their names. You can display a list of available cmdlets in the module as follows:
Get-Command –Module AzureAD
If you have an older version of the Azure AD installed, you can update it:
Update-Module -Name AzureAD
If you want to install the specific module version, run this command:
Update-Module -Name AzureAD -RequiredVersion 2.0.2.120
You can connect to the Azure tenant:
Connect-AzureAD
The cmdlet will prompt you to enter the credentials you want to use to access the AzureAD directory. In this example, I am using admin account username@woshub.onmicrosoft.com to access my tenant.
If you have Azure MFA enabled, confirm sign-in on your device.
You can also get connection credentials in PowerShell and save them into a variable:
$AzureADcreds = Get-Credential
Then you can use it for connection:
Connect-AzureAD -Credential $AzureADcreds
Connect-AzureAD -Credential (Get-Secret -Vault MyVaultName -Name azadm_maxbak)
The cmdlet returns a confirmation showing that the session with the Azure Active Directory has been successfully established. The command should display the AzureCloud environment, TenantID, and TenantDomain.
You can get information about the current Azure tenant as follows:
Get-AzureADTenantDetail
–AzureEnvironmentName option.
Connect-AzureAD -AzureEnvironmentName AzureChinaCloud
Connect-AzureAD -AzureEnvironmentName AzureGermanyCloud
Connect-AzureAD -AzureEnvironmentName AzureUSGovernment
By default, the module connects to the Worldwide cloud.
Then you can use AzureAD module cmdlets to get different information from your domain. Let’s find users whose contains Max:
Get-AzureADUser -SearchString Max
Or get a list of cloud groups in AzureAD:
Get-AzureADGroup
To get a list of available licenses in your Office 365 (Microsoft 365) subscription, the following cmdlet is used:
Get-AzureADSubscribedSku | select SkuPartNumber, ConsumedUnits
You can check which Azure license is assigned to the specific user account:
Get-AzureADUser -SearchString maxbak@woshub.onmicrosoft.com | Select -ExpandProperty AssignedLicenses
Then you can get the license name by the SkuID you got:
Get-AzureADSubscribedSku | Where {$_.SkuId -eq "7654321-babb-1234-ababa-2d2345678905"}
To disconnect from Azure in your PowerShell session, run the command below:
Disconnect-AzureAD