After a while, you discover the holes in any technology. In the case of the Microsoft Graph PowerShell SDK, some inconsistencies await unwary developers. The SDK doesn’t like $Null, doesn’t support pipelining, insists on specific property casing at times, sometimes accepts user principal names and sometimes doesn’t, and sticks valuable data in hash tables hiding in a property you might know nothing about. Good as it is to have the SDK cmdlets, they need to be treated with care as you transition from the old Azure AD and MSOL modules.
As developers update PowerShell scripts in preparation for the deprecation of the Azure AD and MSOL modules, they might need to insert new code to retrieve the membership of Azure AD groups for specific accounts. We cover that topic here, including the interesting case of the AdditionalProperties property returned by several Microsoft Graph PowerShell SDK cmdlets and the valuable information found there.
Azure AD Guest Accounts have a habit of becoming stale or obsolete as time progresses. Guest accounts created to share documents or to be a member of a long-forgotten team or group remain in Azure AD until someone comes to clean them up. This article explains how we refreshed a popular script to use cmdlets from the Microsoft Graph PowerShell SDK to report guest accounts with different degrees of staleness.
The Microsoft Graph SDK for PowerShell includes cmdlets for management of Azure AD Groups. The cmdlets work, and in some places they are screamingly fast compared to Exchange Online or Azure AD cmdlets. In other places, the cmdlets are a tad bizarre and expose a little too much of their Graph underpinnings. Oh well, at least after reading this article, you’ll know where the holes lie.