This module contains cmdlets that designed to work with Microsoft.Entra.
Administrative units
Add-EntraAdministrativeUnitMember |
Adds an administrative unit member. |
Add-EntraScopedRoleMembership |
Assign a Microsoft Entra role with an administrative unit scope. |
Get-EntraAdministrativeUnit |
Gets an administrative unit. |
Get-EntraAdministrativeUnitMember |
Gets a member of an administrative unit. |
Get-EntraDeletedAdministrativeUnit |
Retrieves the list of previously deleted administrative units. |
Get-EntraScopedRoleMembership |
List Microsoft Entra role assignments with administrative unit scope. |
New-EntraAdministrativeUnit |
Creates an administrative unit. |
Remove-EntraAdministrativeUnit |
Removes an administrative unit. |
Remove-EntraAdministrativeUnitMember |
Removes an administrative unit member. |
Remove-EntraScopedRoleMembership |
Removes a scoped role membership. |
Set-EntraAdministrativeUnit |
Updates the properties of an administrative unit. |
Add-EntraApplicationOwner |
Adds an owner to an application. |
Get-EntraApplication |
Gets an application. |
Get-EntraApplicationExtensionProperty |
Gets application extension properties. |
Get-EntraApplicationKeyCredential |
Gets the key credentials for an application. |
Get-EntraApplicationLogo |
Retrieve the logo of an application. |
Get-EntraApplicationOwner |
Gets the owner of an application. |
Get-EntraApplicationPasswordCredential |
Gets the password credential for an application. |
Get-EntraApplicationServiceEndpoint |
Retrieve the service endpoint of an application. |
Get-EntraApplicationTemplate |
Retrieve application templates from the Microsoft Entra gallery. |
Get-EntraDeletedApplication |
Retrieves the list of previously deleted applications. |
New-EntraApplication |
Creates (registers) a new application object. |
New-EntraApplicationExtensionProperty |
Creates an application extension property. |
New-EntraApplicationFromApplicationTemplate |
Add an instance of an application from the Microsoft Entra gallery to your directory. |
New-EntraApplicationKey |
Adds a new key to an application. |
New-EntraApplicationKeyCredential |
Creates a key credential for an application. |
New-EntraApplicationPassword |
Adds a strong password to an application. |
New-EntraApplicationPasswordCredential |
Creates a password credential for an application. |
Remove-EntraApplication |
Deletes an application object. |
Remove-EntraApplicationExtensionProperty |
Removes an application extension property. |
Remove-EntraApplicationKey |
Removes a key from an application. |
Remove-EntraApplicationKeyCredential |
Removes a key credential from an application. |
Remove-EntraApplicationOwner |
Removes an owner from an application. |
Remove-EntraApplicationPassword |
Remove a password from an application. |
Remove-EntraApplicationPasswordCredential |
Removes a password credential from an application. |
Remove-EntraApplicationVerifiedPublisher |
Removes the verified publisher from an application. |
Remove-EntraDeletedApplication |
Permanently delete a recently deleted application object from deleted items. |
Remove-EntraDeletedDirectoryObject |
Permanently delete a previously deleted directory object. |
Restore-EntraDeletedApplication |
Restores a previously deleted application. |
Set-EntraApplication |
Updates the properties of an application object. |
Set-EntraApplicationLogo |
Sets the logo for an Application |
Set-EntraApplicationVerifiedPublisher |
Sets the verified publisher of an application to a verified Microsoft Partner Network (MPN) identifier. |
Add-EntraEnvironment |
Adds Microsoft Entra environment to the settings file. |
Connect-Entra |
Connect to Microsoft Entra ID with an authenticated account. |
Disconnect-Entra |
Disconnects the current session from a Microsoft Entra ID tenant. |
Find-EntraPermission |
Helps users determine the necessary permissions for resources and identify the appropriate permissions required for various commands. |
Get-EntraContext |
Retrieve information about your current session |
Get-EntraEnvironment |
Gets global public Environments. |
Reset-EntraStrongAuthenticationMethodByUpn |
Resets the strong authentication method using the User Principal Name (UPN). |
Revoke-EntraSignedInUserAllRefreshToken |
Invalidates the refresh tokens issued to applications for the current user. |
Revoke-EntraUserAllRefreshToken |
Invalidates the refresh tokens issued to applications for a user. |
Certificate authorities
Get-EntraTrustedCertificateAuthority |
Gets the trusted certificate authority. |
New-EntraTrustedCertificateAuthority |
Creates a trusted certificate authority. |
Remove-EntraTrustedCertificateAuthority |
Removes a trusted certificate authority. |
Set-EntraTrustedCertificateAuthority |
Updates a trusted certificate authority. |
Get-EntraContact |
Gets a contact from Microsoft Entra ID. |
Get-EntraContactDirectReport |
Get the direct reports for a contact. |
Get-EntraContactManager |
Gets the manager of a contact. |
Get-EntraContactMembership |
Get a contact membership. |
Get-EntraContactThumbnailPhoto |
Retrieves the thumbnail photo of a contact. |
Remove-EntraContact |
Removes a contact. |
Get-EntraContract |
Gets a contract. |
Custom security attributes
Add-EntraCustomSecurityAttributeDefinitionAllowedValue |
Adds a predefined value for a custom security attribute definition. |
Get-EntraAttributeSet |
Gets a list of attribute sets. |
Get-EntraCustomSecurityAttributeDefinition |
Gets a list of custom security attribute definitions. |
Get-EntraCustomSecurityAttributeDefinitionAllowedValue |
Gets the predefined value for a custom security attribute definition. |
New-EntraAttributeSet |
Adds a new attribute set. |
New-EntraCustomSecurityAttributeDefinition |
Create a new customSecurityAttributeDefinition object. |
Set-EntraAttributeSet |
Updates an existing attribute set. |
Set-EntraCustomSecurityAttributeDefinition |
Update the properties of a customSecurityAttributeDefinition object. |
Set-EntraCustomSecurityAttributeDefinitionAllowedValue |
Updates an existing custom security attribute definition predefined value. |
Add-EntraDeviceRegisteredOwner |
Adds a registered owner for a device. |
Add-EntraDeviceRegisteredUser |
Adds a registered user for a device. |
Get-EntraDeletedDevice |
Retrieves the list of previously deleted devices. |
Get-EntraDevice |
Gets a device from Microsoft Entra ID. |
Get-EntraDeviceRegisteredOwner |
Gets the registered owner of a device. |
Get-EntraDeviceRegisteredUser |
Retrieve a list of users that are registered users of the device. |
New-EntraDevice |
Creates a device. |
Remove-EntraDevice |
Deletes a device. |
Remove-EntraDeviceRegisteredOwner |
Removes the registered owner of a device. |
Remove-EntraDeviceRegisteredUser |
Removes a registered user from a device. |
Set-EntraDevice |
Updates a device. |
Add-EntraDirectoryRoleMember |
Adds a member to a directory role. |
Enable-EntraDirectoryRole |
Activates an existing directory role in Microsoft Entra ID. |
Get-EntraDeletedDirectoryObject |
Retrieves a soft deleted directory object from the directory. |
Get-EntraDirectoryObject |
Retrieves directory objects based on a list of IDs. |
Get-EntraDirectoryObjectOnPremisesProvisioningError |
Returns directory synchronization errors when synchronizing on-premises directories to Microsoft Entra ID. |
Get-EntraDirectoryRole |
Gets a directory role. |
Get-EntraDirectoryRoleMember |
Gets members of a directory role. |
Get-EntraDirectoryRoleTemplate |
Gets directory role templates. |
Get-EntraDirSyncConfiguration |
Gets the directory synchronization settings. |
Get-EntraDirSyncFeature |
Checks the status of directory synchronization features for a tenant. |
Get-EntraExtensionProperty |
Gets extension properties registered with Microsoft Entra ID. |
Get-EntraHasObjectsWithDirSyncProvisioningError |
Returns whether Microsoft Entra ID has objects with DirSync provisioning error. |
Get-EntraObjectByObjectId |
Retrieves the objects specified by the ObjectIds parameter. |
Get-EntraTenantDetail |
Gets the details of a tenant. |
Remove-EntraDirectoryRoleMember |
Removes a member of a directory role. |
Resolve-EntraTenant |
Resolves a Tenant ID or Domain Name to a Microsoft Entra ID Tenant. |
Restore-EntraDeletedDirectoryObject |
Restore a previously deleted object. |
Set-EntraDirSyncConfiguration |
Modifies the directory synchronization settings. |
Set-EntraDirSyncEnabled |
Turns directory synchronization on or off for a company. |
Set-EntraDirSyncFeature |
Used to set identity synchronization features for a tenant. |
Set-EntraTenantDetail |
Set contact details for a tenant. |
Confirm-EntraDomain |
Validate the ownership of a domain. |
Get-CrossCloudVerificationCode |
Retrieves the verification code to confirm domain ownership in another connected cloud. |
Get-EntraDomain |
Gets a domain. |
Get-EntraDomainFederationSettings |
Retrieves settings for a federated domain. |
Get-EntraDomainNameReference |
Retrieves the objects that are referenced by a given domain name. |
Get-EntraDomainServiceConfigurationRecord |
Gets the domain's service configuration records from the |
Get-EntraDomainVerificationDnsRecord |
Retrieve the domain verification DNS record for a domain. |
Get-EntraFederationProperty |
Displays the properties of the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online. |
Get-EntraPasswordPolicy |
Retrieves the current password policy for the tenant or the specified domain. |
New-EntraDomain |
Creates a domain. |
Remove-EntraDomain |
Removes a domain. |
Remove-EntraExternalDomainFederation |
Delete an externalDomainFederation by external domain name. |
Set-EntraDomain |
Updates a domain. |
Set-EntraDomainFederationSettings |
Updates settings for a federated domain. |
Add-EntraGroupMember |
Add a member to a security or Microsoft 365 group. |
Add-EntraGroupOwner |
Add a user or service principal as an owner of a Microsoft 365 or security group. |
Add-EntraLifecyclePolicyGroup |
Adds a group to a lifecycle policy. |
Get-EntraDeletedGroup |
Retrieves soft-deleted groups in Microsoft Entra ID. |
Get-EntraGroup |
Gets a group. |
Get-EntraGroupAppRoleAssignment |
Gets a group application role assignment. |
Get-EntraGroupLifecyclePolicy |
Retrieves the properties and relationships of a groupLifecyclePolicies object in Microsoft Entra ID. If you specify no parameters, this cmdlet gets all groupLifecyclePolicies. |
Get-EntraGroupMember |
Gets a member of a group. |
Get-EntraGroupOwner |
Gets an owner of a group. |
Get-EntraGroupPermissionGrant |
Retrieves a list of permission grants consented to for a group. |
Get-EntraLifecyclePolicyGroup |
Retrieves the lifecycle policy object to which a group belongs. |
Get-EntraObjectSetting |
Gets an object setting. |
New-EntraGroup |
Creates a Microsoft Entra ID group. |
New-EntraGroupAppRoleAssignment |
Assign a group of users to an application role. |
New-EntraGroupLifecyclePolicy |
Creates a new groupLifecyclePolicy. |
Remove-EntraGroup |
Removes a group. |
Remove-EntraGroupAppRoleAssignment |
Delete a group application role assignment. |
Remove-EntraGroupLifecyclePolicy |
Deletes a groupLifecyclePolicies object |
Remove-EntraGroupMember |
Removes a member from a group. |
Remove-EntraGroupOwner |
Removes an owner from a group. |
Remove-EntraLifecyclePolicyGroup |
Removes a group from a lifecycle policy. |
Reset-EntraLifeCycleGroup |
Renews a group by updating the RenewedDateTime property on a group to the current DateTime. |
Select-EntraGroupIdsContactIsMemberOf |
Get groups in which a contact is a member. |
Select-EntraGroupIdsGroupIsMemberOf |
Gets group IDs that a group is a member of. |
Select-EntraGroupIdsUserIsMemberOf |
Selects the groups that a user is a member of. |
Set-EntraGroup |
Sets the properties for an existing Microsoft Entra ID group. |
Set-EntraGroupLifecyclePolicy |
Updates a specific group Lifecycle Policy in Microsoft Entra ID. |
Identity and access
Get-EntraOAuth2PermissionGrant |
Gets OAuth2PermissionGrant entities. |
New-EntraOauth2PermissionGrant |
Create a delegated permission grant using an oAuth2PermissionGrant object. This grant allows a client service principal to access a resource service principal on behalf of a signed-in user, with access restricted to the specified delegated permissions. In delegated scenarios using work or school accounts, the signed-in user must have a Microsoft Entra role or custom role with the necessary permissions. The following least privileged roles support this operation:
Remove-EntraOAuth2PermissionGrant |
Removes an OAuth2PermissionGrant. |
Update-EntraOauth2PermissionGrant |
Update the properties of a delegated permission grant (oAuth2PermissionGrant object). |
Identity provider
Get-EntraIdentityProvider |
This cmdlet is used to retrieve the configured identity providers in the directory. |
New-EntraIdentityProvider |
Configure a new identity provider in the directory. |
Remove-EntraIdentityProvider |
This cmdlet is used to delete an identity provider in the directory. |
Set-EntraIdentityProvider |
Update the properties of an existing identity provider configured in the directory. |
New-EntraInvitation |
Invite a new external user to your directory. |
Licenses and subscriptions
Get-EntraAccountSku |
Retrieves all the SKUs for a company. |
Get-EntraSubscribedSku |
Gets subscribed SKUs to Microsoft services. |
Enable-EntraAzureADAlias |
Enables aliases for AzureAD commands. |
Get-EntraUnsupportedCommand |
{{ Fill in the Synopsis }} |
Test-EntraScript |
Checks if the provided script uses Azure AD commands compatible with the Microsoft Entra PowerShell module. |
Partner information
Get-EntraPartnerInformation |
Retrieves company-level information for partners. |
Set-EntraPartnerInformation |
Sets company information for partners. |
Get-EntraAuthorizationPolicy |
Gets an authorization policy. |
Get-EntraConditionalAccessPolicy |
Gets a Microsoft Entra ID conditional access policy. |
Get-EntraFeatureRolloutPolicy |
Gets the policy for cloud authentication roll-out in Microsoft Entra ID. |
Get-EntraNamedLocationPolicy |
Gets a Microsoft Entra ID named location policy. |
Get-EntraPermissionGrantConditionSet |
Get a Microsoft Entra ID permission grant condition set by ID. |
Get-EntraPermissionGrantPolicy |
Gets a permission grant policy. |
Get-EntraPolicy |
Gets a policy. |
New-EntraConditionalAccessPolicy |
Creates a new conditional access policy in Microsoft Entra ID. |
New-EntraFeatureRolloutPolicy |
Allows an admin to create the policy for cloud authentication roll-out in Microsoft Entra ID. |
New-EntraNamedLocationPolicy |
Creates a new named location policy in Microsoft Entra ID. |
New-EntraPermissionGrantConditionSet |
Create a new Microsoft Entra ID permission grant condition set in a given policy. |
New-EntraPermissionGrantPolicy |
Creates a permission grant policy. |
New-EntraPolicy |
Creates a policy. |
Remove-EntraConditionalAccessPolicy |
Deletes a conditional access policy in Microsoft Entra ID by Id. |
Remove-EntraFeatureRolloutPolicy |
Allows an admin to remove the policy for cloud authentication roll-out in Microsoft Entra ID. |
Remove-EntraFeatureRolloutPolicyDirectoryObject |
Allows an admin to remove a group from the cloud authentication rollout policy in Microsoft Entra ID. Users in this group revert back to the authenticating using the global policy (in most cases this will be federation). |
Remove-EntraNamedLocationPolicy |
Deletes a Microsoft Entra ID named location policy by PolicyId. |
Remove-EntraPermissionGrantConditionSet |
Delete a Microsoft Entra ID permission grant condition set by ID. |
Remove-EntraPermissionGrantPolicy |
Removes a permission grant policy. |
Remove-EntraPolicy |
Removes a policy. |
Set-EntraAuthorizationPolicy |
Updates an authorization policy. |
Set-EntraConditionalAccessPolicy |
Updates a conditional access policy in Microsoft Entra ID by Id. |
Set-EntraFeatureRolloutPolicy |
Allows an admin to modify the policy for cloud authentication roll-out in Microsoft Entra ID. |
Set-EntraNamedLocationPolicy |
Updates a named location policy in Microsoft Entra ID by PolicyId. |
Set-EntraPermissionGrantConditionSet |
Update an existing Microsoft Entra ID permission grant condition set. |
Set-EntraPermissionGrantPolicy |
Updates a permission grant policy. |
Set-EntraPolicy |
Updates a policy. |
Get-EntraAuditDirectoryLog |
Get directory audit logs. |
Get-EntraAuditSignInLog |
Get audit logs of sign-ins. |
Role management
Get-EntraDirectoryRoleAssignment |
Get a Microsoft Entra ID roleAssignment. |
Get-EntraDirectoryRoleDefinition |
Gets information about role definitions in Microsoft Entra ID. |
New-EntraDirectoryRoleAssignment |
Create a new Microsoft Entra ID roleAssignment. |
New-EntraDirectoryRoleDefinition |
Create a new Microsoft Entra ID roleDefinition. |
Remove-EntraDirectoryRoleAssignment |
Delete a Microsoft Entra ID roleAssignment. |
Remove-EntraDirectoryRoleDefinition |
Delete a Microsoft Entra ID Directory roleDefinition object. |
Set-EntraDirectoryRoleDefinition |
Update an existing Microsoft Entra ID roleDefinition. |
Service principal
Add-EntraServicePrincipalDelegatedPermissionClassification |
Add a classification for a delegated permission. |
Add-EntraServicePrincipalOwner |
Add an owner (user or service principal) to a service principal. |
Get-EntraDeletedServicePrincipal |
Retrieves the list of previously deleted service principals. |
Get-EntraServicePrincipal |
Gets a service principal. |
Get-EntraServicePrincipalAppRoleAssignedTo |
Gets app role assignments for this app or service, granted to users, groups and other service principals. |
Get-EntraServicePrincipalAppRoleAssignment |
Gets a service principal application role assignment. |
Get-EntraServicePrincipalCreatedObject |
Get objects created by a service principal. |
Get-EntraServicePrincipalDelegatedPermissionClassification |
Retrieve the delegated permission classification objects on a service principal. |
Get-EntraServicePrincipalKeyCredential |
Get key credentials for a service principal. |
Get-EntraServicePrincipalMembership |
Get a service principal membership. |
Get-EntraServicePrincipalOAuth2PermissionGrant |
Gets an oAuth2PermissionGrant object. |
Get-EntraServicePrincipalOwnedObject |
Gets an object owned by a service principal. |
Get-EntraServicePrincipalOwner |
Get the owner of a service principal. |
Get-EntraServicePrincipalPasswordCredential |
Get credentials for a service principal. |
New-EntraServicePrincipal |
Creates a service principal. |
New-EntraServicePrincipalAppRoleAssignment |
Assigns a service principal to an application role. |
New-EntraServicePrincipalKeyCredential |
Creates a password credential for a service principal. |
New-EntraServicePrincipalPasswordCredential |
Creates a password credential for a service principal. |
Remove-EntraServicePrincipal |
Removes a service principal. |
Remove-EntraServicePrincipalAppRoleAssignment |
Removes a service principal application role assignment. |
Remove-EntraServicePrincipalDelegatedPermissionClassification |
Remove delegated permission classification. |
Remove-EntraServicePrincipalKeyCredential |
Removes a key credential from a service principal. |
Remove-EntraServicePrincipalOwner |
Removes an owner from a service principal. |
Remove-EntraServicePrincipalPasswordCredential |
Removes a password credential from a service principal. |
Select-EntraGroupIdsServicePrincipalIsMemberOf |
Selects the groups in which a service principal is a member. |
Set-EntraServicePrincipal |
Updates a service principal. |
Get-EntraDeletedUser |
Retrieves soft-deleted (recently deleted) users in Microsoft Entra ID. |
Get-EntraUser |
Gets a user. |
Get-EntraUserAdministrativeUnit |
Retrieves the list of administrative units a user belongs to. |
Get-EntraUserAppRoleAssignment |
Get a user application role assignment. |
Get-EntraUserAuthenticationMethod |
Retrieve a list of a user's registered authentication methods. |
Get-EntraUserCreatedObject |
Get objects created by the user. |
Get-EntraUserDirectReport |
Get the user's direct reports. |
Get-EntraUserExtension |
Gets a user extension. |
Get-EntraUserGroup |
Retrieves the list of groups a user belongs to. |
Get-EntraUserInactiveSignIn |
Retrieve users without interactive sign-ins in the last N days. |
Get-EntraUserLicenseDetail |
Retrieves license details for a user. |
Get-EntraUserManager |
Gets the manager of a user. |
Get-EntraUserMembership |
Get user memberships. |
Get-EntraUserOAuth2PermissionGrant |
Gets an oAuth2PermissionGrant object. |
Get-EntraUserOwnedDevice |
Get registered devices owned by a user. |
Get-EntraUserOwnedObject |
Get objects owned by a user. |
Get-EntraUserRegisteredDevice |
Get devices registered by a user. |
Get-EntraUserRole |
Retrieves the list of directory roles assigned to a user. |
Get-EntraUserSponsor |
Retrieve a user's sponsors (users or groups). |
Get-EntraUserThumbnailPhoto |
Retrieve the thumbnail photo of a user. |
New-EntraUser |
Creates a Microsoft Entra ID user. |
New-EntraUserAppRoleAssignment |
Assigns a user to an application role. |
Remove-EntraUser |
Removes a user. |
Remove-EntraUserAppRoleAssignment |
Removes a user application role assignment. |
Remove-EntraUserExtension |
Removes a user extension. |
Remove-EntraUserManager |
Removes a user's manager. |
Remove-EntraUserSponsor |
Removes a sponsor from a user. |
Set-EntraUser |
Updates a user. |
Set-EntraUserExtension |
Sets a user extension. |
Set-EntraUserLicense |
Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user. |
Set-EntraUserManager |
Updates a user's manager. |
Set-EntraUserPassword |
Sets the password of a user. |
Set-EntraUserThumbnailPhoto |
Set the thumbnail photo for a user. |
Update-EntraSignedInUserPassword |
Updates the password for the signed-in user. |
Update-EntraUserFromFederated |
Updates a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. |