Azure AD to Microsoft Graph migration changes in Azure PowerShell
The Az.Resources
PowerShell module version 5.1.0 of Azure PowerShell introduces changes to
the identity-related cmdlets. The cmdlets that rely on Azure AD Graph are transitioning to Microsoft
Graph. This change is occurring to ensure a smooth transition in light of the
announcement of the retirement of Azure AD Graph.
For more information, see
Azure AD to Microsoft Graph migration for Azure command line tools.
The following example installs the latest version of the Az.Resources
Azure PowerShell module.
Install-Module -Name Az.Resources -Repository PSGallery -Scope CurrentUser
See the following information for a list of changes.
Application
Get-AzAdApplication
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Parameter
IncludeTotalCount
is not supported and has been removed
New-AzAdApplication
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Parameter
Password
has been removed, customized password is not supported anymore, server assigns secret text when creation
Remove-AzAdApplication
- Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Update-AzAdApplication
Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADApplication
toSystem.Boolean
Changes to Application Object
ObjectId
has been replaced byId
HomePage
has been replaced byHomepageUrl
in theWeb
elementApplicationId
has been replaced byAppId
AvailableToOtherTenants
(boolean) has been replaced bySignInAudience
(string with 4 values: 'AzureADMyOrg', 'AzureADMultipleOrgs', 'AzureADandPersonalMicrosoftAccount', 'PersonalMicrosoftAccount')AzureADMultipleOrgs is equivalent to AvailableToOtherTenants:$true
AzureAdMyOrg is equivalent to AvailableToOtherTenants:$false or $null
ApiPermissions
has been replaced byRequiredResourceAccess
ReplyUrls
has been replaced byRedirectUris
in theWeb
elementObjectType
has been replaced byOdataType
Application Credential
Get-AzAdAppCredential
Input type of parameter
ApplicationObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential
andMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
New-AzAdAppCredential
Input type of parameter
ApplicationObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential
andMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
Parameter
Password
has been removed, customized password is not supported anymore, server will assign secret text when creation
Remove-AzAdAppCredential
- Input type of parameter
ApplicationObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Changes to App Credential Object
Password Credential
Password
has been replaced bySecretText
Key Credential
CertValue
has been Removed
ServicePrincipal
Get-AzAdServicePrincipal
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Parameter
IncludeTotalCount
is not supported and has been removed.
New-AzAdServicePrincipal
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Parameter set
ApplicationWithoutCredentialParameterSet
,ApplicationWithPasswordPlainParameterSet
,DisplayNameWithoutCredentialParameterSet
,DisplayNameWithPasswordPlainParameterSet
have been removed because those original parameter sets were not functioning.Role
contributor
is not assigned as default when parameter-Role
is not provided due to security consideration.Parameter
SkipAssignment
has been removed.
Remove-AzAdServicePrincipal
Input type of parameter
ApplicationObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADApplication
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphApplication
Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Update-AzAdServicePrincipal
Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toSystem.Boolean
Changes to Service Principal Object
ApplicationId
has been replaced byAppId
ObjectType
has been replaced byOdataType
ServicePrincipal Credential
Get-AzAdSpCredential
Input type of parameter
ServicePrincipalObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential
andMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
New-AzAdSpCredential
Input type of parameter
ServicePrincipalObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory. PSADCredential
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphKeyCredential
andMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphPasswordCredential
Remove-AzAdSpCredential
- Input type of parameter
ServicePrincipalObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADServicePrincipal
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphServicePrincipal
Changes to ServicePrincipal Credential Object
Password Credential
Password
has been replaced bySecretText
Key Credential
CertValue
has been Removed
User
Get-AzAdUser
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADUser
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Parameter
IncludeTotalCount
is not supported and has been removed
New-AzAdUser
- Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADUser
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Remove-AzAdUser
- Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADUser
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Update-AzAdUser
Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADUser
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphUser
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADUser
toSystem.Boolean
Changes to User Object
ObjectType
has been replaced byOdataType
ImmutableId
has been replaced byOnpremisesImmutableId
Group
Get-AzAdGroup
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Parameter
IncludeTotalCount
is not supported and has been removed
New-AzAdGroup
- Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Remove-AzAdGroup
- Input type of parameter
InputObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Changes of Group Object
ObjectType
has been replaced byOdataType
Group member
Get-AzAdGroupMember
Output type has been changed from
Microsoft.Azure.Commands.ActiveDirectory.PSADObject
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphDirectoryObject
Parameter
IncludeTotalCount
was removedInput type of parameter
GroupObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Important
Due to limitations with the current Graph API, service principals are not returned by
Get-AzAdGroupMember
in Az 7.x. For a workaround, see
Troubleshooting the Az PowerShell module.
Add-AzAdGroupMember
- Input type of parameter
GroupObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup
Remove-AzAdGroupMember
- Input type of parameter
GroupObject
has been changed fromMicrosoft.Azure.Commands.ActiveDirectory.PSADGroup
toMicrosoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphGroup