Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Office|Office 365|PowerShell

Version 2 of the Azure Active Directory PowerShell Module is Generally Available – But be Careful

Azure AD PowerShell

What V2 of the Azure Active Directory PowerShell Module Means

Microsoft has given the Azure Active Directory PowerShell module an extensive upgrade and released Version 2 to general availability on December 5. The upgrade features a completely new naming convention as cmdlets are now prefixed with AzureAD rather than Msol (Microsoft Online).

The change in cmdlet naming is sufficient to mean that every script written to access Azure Active Directory needs to be rewritten before the new module can be deployed. Throw in some parameter changes and it’s clear that the work required to upgrade scripts to use the V2 module is more than a simple search and replace edit.


Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.


Microsoft makes a big thing that customers asked for “equivalent capabilities” between PowerShell and the Microsoft Graph API. The new module is based on the Graph API, which is the right thing to do, but I’m not sure that customers will welcome the disruption to operations that might occur as scripts are updated and tested against the new module.

No Need to Rush

Before you rush to install the new module, two really important points are made by Rob de Jong in the post announcing the release:

  • “The new Azure AD PowerShell v2.0 module don’t provide full functional parity with the older MSOL module yet. We’re working hard to make that happen in the coming months and will keep you updated on our progress.
  • We are not planning to publish new functionality in the MSOL PowerShell module. Over time we will implement all the functionality of the old MSOL cmdlets in the new module, and this new module contains quite a few new cmdlets that haven’t been available before.”

Although Microsoft says that V2 can now be used in production environments, the good news is that there’s no need to rush into an upgrade. The V1 module remains available and supported. Microsoft is working to upgrade the V2 module so that it will eventually have functional parity with V1, but that’s likely to take some months, possibly even mid-2017. Even when V2 reaches parity, the need will still exist to review, update, and test scripts as there’s no question of an automatic transition.

Revoking Refresh Tokens

One nice change included in the V2 module noted by MVP Vasil Michev is that the new module provides a way to revoke refresh tokens for Office 365, which is something you might like to do when an employee leaves the company and you want to cut off their access to Office 365 services. The cmdlet can be used to invalidate all refresh tokens and cookies for a user.

Downloading and Installing V2

The new module can be downloaded and installed from the PowerShell Gallery. There’s really no point in installing V2 on anything other than a test workstation so that you can become accustomed to the new naming convention and capabilities. Later, when V2 contains equivalent cmdlets to V1, you can start the process of reviewing and updating scripts.

A full list of the cmdlets currently included in the Azure Active Directory V2 PowerShell module is available online.

Change Can Be Bittersweet

Any change that requires code to be updated creates some challenges. Code that works perfectly with V1 might not do so well with V2. New bugs might be uncovered or introduced when scripts are updated. In short, change is a pain.

In this case, Microsoft is on the right path to keep PowerShell aligned with the Microsoft Graph. That’s a good strategic move, even if it means some pain for Office 365 tenants during the transition.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: