Set-AzureADUser
This article provides migration details from Set-AzureADUser command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: Set-AzureADUser
- Azure AD Module: AzureAD
- Microsoft Graph Command: Update-MgUser (Community Examples)
- Graph Module: Microsoft.Graph.Users
- Graph Endpoint: PATCH /users/{user-id}
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | User.ReadWrite | User.ManageIdentities.All, User.EnableDisableAccount.All, User.ReadWrite.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | User.ReadWrite | Not available. |
| Application | User.ManageIdentities.All | User.EnableDisableAccount.All, User.ReadWrite.All, Directory.ReadWrite.All |
View more details on permissions.
Note
- To update sensitive user properties, such as accountEnabled, mobilePhone, and otherMails for users with privileged administrator roles:
- In delegated scenarios, the app must be assigned the Directory.AccessAsUser.All delegated permission and the calling user must have a higher privileged administrator role as indicated in Who can perform sensitive actions.
- In app-only scenarios, the app must be assigned a higher privileged administrator role as indicated in Who can perform sensitive actions.
- Your personal Microsoft account must be tied to a Microsoft Entra tenant to update your profile with the User.ReadWrite delegated permission on a personal Microsoft account.
- Updating the identities property requires the User.ManageIdentities.All permission. Also, adding a B2C local account to an existing user object is not allowed, unless the user object already contains a local account identity.
Property Mapping
| Azure AD Name | Microsoft Graph Name |
|---|---|
| AccountEnabled | AccountEnabled |
| AgeGroup | AgeGroup |
| City | City |
| CompanyName | CompanyName |
| ConsentProvidedForMinor | ConsentProvidedForMinor |
| Country | Country |
| CreationType | CreationType |
| Department | Department |
| DisplayName | DisplayName |
| ExtensionProperty | |
| FacsimileTelephoneNumber | |
| GivenName | GivenName |
| ImmutableId | |
| IsCompromised | |
| JobTitle | JobTitle |
| MailNickName | MailNickname |
| Mobile | |
| ObjectId | |
| OtherMails | OtherMails |
| PasswordPolicies | PasswordPolicies |
| PasswordProfile | PasswordProfile |
| PhysicalDeliveryOfficeName | |
| PostalCode | PostalCode |
| PreferredLanguage | PreferredLanguage |
| ShowInAddressList | ShowInAddressList |
| SignInNames | |
| State | State |
| StreetAddress | StreetAddress |
| Surname | Surname |
| TelephoneNumber | |
| UsageLocation | UsageLocation |
| UserPrincipalName | UserPrincipalName |
| UserState | |
| UserStateChangedOn | |
| UserType | UserType |