New versions of the AzureAD ( and AzureADPreview PowerShell modules available

Over the weekend, new versions of the Azure AD PowerShell modules have been released over at the PowerShell Gallery. As usual, they don’t come with any release notes whatsoever, and as usual I run a quick comparison between the cmdlets in hopes to find out what exactly changed. Here are the details:

The Azure AD PowerShell module, bumped to version, now features 176 total cmdlets. Of these, 5 are new:

  • Get-AzureADMSIdentityProvider – used to view the settings of the different identity providers you have configured for your tenant. In case you have missed it, Microsoft announced Google federation a while back, and also supports Facebook, Amazon, or LinkedIn according to the documentation.
  • New-AzureADMSIdentityProvider – used to create a new identity provider
  • Remove-AzureADMSIdentityProvider – used to remove existing identity providers
  • Set-AzureADMSIdentityProvider – used to update the settings of existing identity providers
  • Get-CrossCloudVerificationCode – and undocumented cmdlet, which seems to correlate to a newly introduced method for domain verification. All my attempts to run the cmdlet have failed with a “Specified HTTP method is not allowed for the request target.” message.

Which brings us to the list of changed/updated cmdlets:

Confirm-AzureADDomain now features a CrossCloudVerificationCode parameter, supposedly accepting the code generated with the Get-CrossCloudVerificationCode cmdlet. Cross-cloud here most likely means cross-Office365-instance, for example when you are trying to move between 21Vianet and the multi-geo instance?

Lastly, two additional parameters have been introduced to the New-/Set-AzureADApplicationProxyApplication cmdlets: IsPersistentCookieEnabled and IsSecureCookieEnabled.

For the AzureADPreview module, which has reached version, the number of cmdlets has reached 210. Of these, 3 are new:

  • Get-AzureADApplicationSignInSummary – a nice new addition that lists all Azure AD integrated applications along with the number of successful and failed sign-ins for the past 7 or 30 days. Here’s an example:
  • Get-AzureADApplicationSignInDetailedSummary – similar to the above, however it returns trending information over the past 30 days or so. Thus you can expect to see multiple entries per application. Here’s an example:
    In addition, the Status property will contain information about the last failure event details, current at that time.
Get-AzureADApplicationSignInDetailedSummary | ? {$_.Status.ErrorCode}
  • Get-CrossCloudVerificationCode – which we already covered above, so it doesn’t count.

With regards to updated cmdlets, only the Confirm-AzureADDomain one has received some attention, with the CrossCloudVerificationCode parameter added (discussed above).

5 thoughts on “New versions of the AzureAD ( and AzureADPreview PowerShell modules available

  1. Admin says:

    Can i get the script to set api permission
    i’m getting error

    Get-AzureADApplicationSignInSummary : Error occurred while executing GetApplicationSignInSummary
    Code: Authentication_MSGraphPermissionMissing
    Message: Calling principal does not have required MSGraph permissions Reports.Read.All

    1. Vasil Michev says:

      That’s a PowerShell cmdlet mate, it uses the permissions of the user calling the cmdlet, should be fine if you run it as GA or Reports reader.

  2. Glenn says:

    Hi Vasil

    Would you happen to know if there already is a MS Graph query available for the Get-AzureADApplicationSignIn… cmdlets?

    A search didn’t really deliver me any additional information on either the cmdlets or the availability of a query for it in Graph… Guess you were faster than MS…


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.