Connect to Azure AD PowerShell – Step-by-step guide
PowerShell is probably one of the best tools for DevOps automation and working with solution in general across the board. It has been a gamechanger. It allows you to work with both on-premises and in the cloud solutions like Microsoft Azure AD (now Entra ID). Let’s see how you can use PowerShell to connect to Azure AD and the steps involved as well as other considerations like 2FA, etc.
Table of contents
- What is PowerShell?
- Install Microsoft Online PowerShell Module
- How to Connect to Azure Active Directory using PowerShell?
- Install the Azure AD PowerShell Module
- Create a PSCredential Object
- Connect to Azure AD using Connect-AzureAD cmdlet
- Connect with the Azure Active Directory PowerShell for Graph module
- Azure AD PowerShell with MFA
- Connect with the Microsoft Azure Active Directory Module for Windows PowerShell
- Verify Your Connection
- Start using cmdlets from Azure AD PowerShell Module
- Use Azure AD Cmdlets
- Connect to Security and Compliance Center
- How can I connect to Exchange Online using PowerShell?
- How can I connect to Microsoft Teams using PowerShell?
- Connect to SharePoint Online
- Wrapping up
What is PowerShell?
PowerShell is a “powerful” scripting language tool utility from Microsoft. It was created to overcome some of the limitations of the traditional command prompt (the old command line). It also has a very user-friendly “verb-noun” syntax for one-liners to the PowerShell commands.
Also, PowerShell has evolved beyond a Windows-only tool. The PowerShell Core release of PowerShell is cross-platform. While Windows PowerShell is a Windows-only platform, the new PowerShell Core is able to be run on macOS, Linux, and Windows.
Most software and even hardware vendors create PowerShell modules to work with their specific solutions. It means admins can use these PowerShell modules to standardize the automation tools and PowerShell scripts they use for scripting out their environments.
Install Microsoft Online PowerShell Module
Before connecting to Azure AD PowerShell, install the Microsoft Online PowerShell module. This module provides cmdlets for managing Azure Active Directory and its related services.
You can install the module from the PowerShell Gallery in your Windows PowerShell module shell (built into Windows Server and Windows clients) using the following install module cmdlet to install the msonline module:
Install-Module -Name MSOnlineHow to Connect to Azure Active Directory using PowerShell?
Let’s talk about how to connect. After you install the MSonline module, you can connect to Azure Active Directory using the Connect-MsolService cmdlet.
This cmdlet creates a PowerShell session connected with to your Azure AD tenant, that allows you to manage your organization’s resources using PowerShell.
Connect-MsolServiceInstall the Azure AD PowerShell Module
You also need to install the Azure AD (Entra ID) PowerShell module. Why? What does this do? It provides the cmdlets needed for managing Microsoft Entra ID or Azure AD. You can install the AzureAD module, to add the Azure Active Directory cmdlets. Note the following command to add:
Install-Module -Name AzureADYou will get a prompt to accept the untrusted repository. You will need to answer Yes or Yes to All.
Create a PSCredential Object
We can also use what is called the PSCredential object to work with credentials to store them for script purposes. Then, the object can be used in the login process. To create and store a PSCredential object use the following commands:
$UserPrincipalName = "[email protected]"
$SecurePassword = ConvertTo-SecureString "your-password" -AsPlainText -Force $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserPrincipalName, $SecurePasswordJust replace the following detail of [email protected] with your current Azure AD administrator’s User Principal Name (UPN). Then the your-password part with the corresponding password.
Connect to Azure AD using Connect-AzureAD cmdlet
After creating the PSCredential object you can follow through with using the Connect-AzureAD cmdlet to create a connected session to your Azure AD tenant. You will need to pass the $Credential object as a parameter to the cmdlet. You can do that like this in using a PowerShell one-liner:
Connect-AzureAD -Credential $CredentialConnect with the Azure Active Directory PowerShell for Graph module
The Azure Active Directory PowerShell for Graph module is another module to know. It is based on Microsoft Graph. Graph is Microsoft’s unified API endpoint used to access Microsoft 365 services endpoints. Even the GUI tools are using Graph in the backend to access services, configurations, parameters, etc. You can install the module using the following command:
Install-Module -Name AzureAD.Standard.PreviewAzure AD PowerShell with MFA
What about MFA as this is very common and needed these days for security (make sure to always enable MFA when possible). If MFA is enabled, you need to use an app password (app pass) or you can also use a tool that you may already be using called Microsoft authencator.
If you want to generate an app password, sign in to the Azure portal, go to your account settings. Then you can create a new app password under “App passwords.”
How To Set an App Password
To set an app password for Microsoft 365 and PowerShell, follow these steps:
Sign in to the Microsoft 365 admin center.
Go to your account settings.
Click “Security & privacy” and “Additional security verification.”
Click on “Create and manage app passwords.”
Click on “Create,” provide a name for the app password, and click “Next.”
Copy the generated app password and use it in your PowerShell scripts as needed.
After you create the new app password, configure this account password (app password) in the password in the $SecurePassword variable with your app password and follow the steps mentioned and documented with the process earlier to create a PSCredential object and connect to Azure AD using the Connect-AzureAD cmdlet.
Connect with the Microsoft Azure Active Directory Module for Windows PowerShell
The Microsoft Azure Active Directory Module for Windows PowerShell is a legacy module. It provides that provides cmdlets for managing Azure AD resources. To install this module, run the following command:
Install-Module -Name MSOnline -AllowClobberAfter installing the module, you can connect to Azure AD then using the Connect-MsolService cmdlet which we talked about earlier in the post discussion.
Verify Your Connection
After connecting to Azure AD using one of the available modules with its cmdlets, you can verify your connection by running cmdlets, such as Get-AzureADUser or Get-MsolUser. These will get information about your Azure AD users. It will help indicating that you have successfully connected to your tenant.
Start using cmdlets from Azure AD PowerShell Module
Once you have connected your connection settings and session to Azure AD you can start using cmdlets to manage your Azure Active Directory tenant.
For example, you can create new user accounts and do other things like the following: manage group memberships, and configure security settings.
New-AzureADUser -DisplayName "John Doe" -UserPrincipalName "[email protected]" -PasswordProfile $PasswordProfile -MailNickname "johndoe"Use Azure AD Cmdlets
There are many cmdlets available for working with Azure AD. Some examples of Azure AD cmdlets include:
Get-AzureADUser: Gets the information about Azure AD user accounts.
New-AzureADGroup: Creates the a new Azure AD group.
Add-AzureADGroupMember: Adds a new user to a Azure AD group.
Remove-AzureADGroupMember: Removes users from a Azure AD group
Connect to Security and Compliance Center
It may not be intuitive but the security and compliance center uses the ExchangeOnlineManagement module and you can then connect using the following cmdlet:
Install-Module -Name ExchangeOnlineManagement
After installing the module, use the Connect-IPPSSession cmdlet to establish a connection:
Connect-IPPSSession -Credential $CredentialHow can I connect to Exchange Online using PowerShell?
To connect to Exchange Online, install the ExchangeOnlineManagement module using the following commands to first install the session module for PowerShell and then connecting:
Install-Module -Name ExchangeOnlineManagementAfter installing the module, use the Connect-ExchangeOnline cmdlet to establish a session connection:
Connect-ExchangeOnline -Credential $CredentialHow can I connect to Microsoft Teams using PowerShell?
To connect to Microsoft Teams using PowerShell, install the MicrosoftTeams module using the following command:
Install-Module -Name MicrosoftTeams
After installing the module, use the Connect-MicrosoftTeams cmdlet to establish a connection:
Connect-MicrosoftTeams -Credential $CredentialConnect to SharePoint Online
To connect to SharePoint Online using the SharePoint Online management shell, install the SharePointPnPPowerShellOnline module using the following command:
Install-Module -Name SharePointPnPPowerShellOnline
After installing the module, use the Connect-PnPOnline cmdlet to establish a connection:
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com" -Credential $CredentialReplace https://yourtenant.sharepoint.com with your SharePoint Online site URL.
Wrapping up
Connecting to Microosft Azure AD PowerShell involves several steps that aren’t that difficult. Using our guide here, you can easily get connected to your environment without issue and start scripting and automating your Microsoft cloud infrastructure.
