Over the weekend, new versions of the Azure AD PowerShell modules have been released over at the PowerShell Gallery. As usual, they don’t come with any release notes whatsoever, and as usual I run a quick comparison between the cmdlets in hopes to find out what exactly changed. Here are the details:
The Azure AD PowerShell module, bumped to version 2.0.1.14, now features 176 total cmdlets. Of these, 5 are new:
- Get-AzureADMSIdentityProvider – used to view the settings of the different identity providers you have configured for your tenant. In case you have missed it, Microsoft announced Google federation a while back, and also supports Facebook, Amazon, or LinkedIn according to the documentation.
- New-AzureADMSIdentityProvider – used to create a new identity provider
- Remove-AzureADMSIdentityProvider – used to remove existing identity providers
- Set-AzureADMSIdentityProvider – used to update the settings of existing identity providers
- Get-CrossCloudVerificationCode – and undocumented cmdlet, which seems to correlate to a newly introduced method for domain verification. All my attempts to run the cmdlet have failed with a “Specified HTTP method is not allowed for the request target.” message.
Which brings us to the list of changed/updated cmdlets:
Confirm-AzureADDomain now features a CrossCloudVerificationCode parameter, supposedly accepting the code generated with the Get-CrossCloudVerificationCode cmdlet. Cross-cloud here most likely means cross-Office365-instance, for example when you are trying to move between 21Vianet and the multi-geo instance?
Lastly, two additional parameters have been introduced to the New-/Set-AzureADApplicationProxyApplication cmdlets: IsPersistentCookieEnabled and IsSecureCookieEnabled.
For the AzureADPreview module, which has reached version 2.0.1.15, the number of cmdlets has reached 210. Of these, 3 are new:
- Get-AzureADApplicationSignInSummary – a nice new addition that lists all Azure AD integrated applications along with the number of successful and failed sign-ins for the past 7 or 30 days. Here’s an example:
- Get-AzureADApplicationSignInDetailedSummary – similar to the above, however it returns trending information over the past 30 days or so. Thus you can expect to see multiple entries per application. Here’s an example:
In addition, the Status property will contain information about the last failure event details, current at that time.
Get-AzureADApplicationSignInDetailedSummary | ? {$_.Status.ErrorCode}
- Get-CrossCloudVerificationCode – which we already covered above, so it doesn’t count.
With regards to updated cmdlets, only the Confirm-AzureADDomain one has received some attention, with the CrossCloudVerificationCode parameter added (discussed above).
Can i get the script to set api permission
i’m getting error
Get-AzureADApplicationSignInSummary : Error occurred while executing GetApplicationSignInSummary
Code: Authentication_MSGraphPermissionMissing
Message: Calling principal does not have required MSGraph permissions Reports.Read.All
That’s a PowerShell cmdlet mate, it uses the permissions of the user calling the cmdlet, should be fine if you run it as GA or Reports reader.
Hi Vasil
Would you happen to know if there already is a MS Graph query available for the Get-AzureADApplicationSignIn… cmdlets?
A search didn’t really deliver me any additional information on either the cmdlets or the availability of a query for it in Graph… Guess you were faster than MS…
Not sure if the docs are public yet, but you can find them on GitHub 🙂
https://github.com/lleonard-msft/microsoft-graph-docs/blob/755dd7b1c7d4f43cf9b1811bffeebcd72902fcd6/api-reference/beta/api/applicationsignindetailedsummary-get.md
Endpoint is /reports/applicationSignInDetailedSummary/{id}, I imagine the other one is /reports/applicationSignInSummary/.