Question 1

Why should I use Microsoft Graph PowerShell instead of AzureAD module?

Accepted Answer

The AzureAD and MSOnline modules are deprecated and will be retired. Microsoft Graph PowerShell is the recommended replacement with ongoing support, new features, and better security. It provides access to the full Microsoft 365 ecosystem through a unified API.

Question 2

How do I install and connect to Microsoft Graph PowerShell?

Accepted Answer

Install with: Install-Module Microsoft.Graph -Scope CurrentUser. Connect with: Connect-MgGraph -Scopes User.Read.All,Group.Read.All. You will need to consent to permissions. Use Disconnect-MgGraph when done.

Question 3

What scopes do I need for common operations?

Accepted Answer

User management: User.ReadWrite.All. Group management: Group.ReadWrite.All. MFA reports: Reports.Read.All, UserAuthenticationMethod.Read.All. License management: Organization.Read.All, User.ReadWrite.All. Directory roles: RoleManagement.Read.Directory.

Question 4

How do I export all users with their MFA status?

Accepted Answer

Use Get-MgUser with the AuthenticationMethods API. First get users with Get-MgUser -All, then for each user query Get-MgUserAuthenticationMethod. This identifies users without MFA configured for security compliance reporting.

Azure AD PowerShell Generator (Microsoft Graph)

Need Custom Development?

Frequently Asked Questions