< All Topics
Print

Essential Microsoft Entra (Azure AD) Commands.

PostedSeptember 24, 2025
UpdatedSeptember 24, 2025
Byadmin

๐Ÿ”น Setup & Authentication

PowerShell

# Install Microsoft Graph PowerShell
Install-Module Microsoft.Graph -Scope CurrentUser

# Connect to Entra (Azure AD)
Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All","Directory.ReadWrite.All"

Azure CLI

# Update CLI
az upgrade

# Sign in
az login

๐Ÿ”น Users

FAQ: How do I manage users in Entra?

PowerShell

# List all users
Get-MgUser

# Get a specific user
Get-MgUser -UserId user@domain.com

# Create a user
New-MgUser -DisplayName "John Doe" -UserPrincipalName john@domain.com -MailNickname john -AccountEnabled $true -PasswordProfile @{Password="P@ssw0rd!"}

# Delete a user
Remove-MgUser -UserId john@domain.com

Azure CLI

# List all users
az ad user list

# Show user
az ad user show --id user@domain.com

# Create user
az ad user create --display-name "John Doe" --user-principal-name john@domain.com --password "P@ssw0rd!"

# Delete user
az ad user delete --id john@domain.com

๐Ÿ”น Groups

FAQ: How do I manage groups and memberships?

PowerShell

# List all groups
Get-MgGroup

# Create a security group
New-MgGroup -DisplayName "IT Team" -MailEnabled:$false -MailNickname "ITTeam" -SecurityEnabled:$true

# Add user to group
Add-MgGroupMember -GroupId <GroupObjectId> -DirectoryObjectId <UserObjectId>

# Remove group
Remove-MgGroup -GroupId <GroupObjectId>

Azure CLI

# List all groups
az ad group list

# Create group
az ad group create --display-name "IT Team" --mail-nickname "ITTeam"

# Add user to group
az ad group member add --group "IT Team" --member-id <UserObjectId>

# Delete group
az ad group delete --group "IT Team"

๐Ÿ”น Roles & Permissions

FAQ: How do I manage directory roles and assignments?

PowerShell

# List available directory roles
Get-MgDirectoryRole

# Assign role to user
Add-MgDirectoryRoleMember -DirectoryRoleId <RoleId> -DirectoryObjectId <UserObjectId>

Azure CLI

# List all roles
az role definition list

# Assign role
az role assignment create --assignee <UserObjectId> --role "User Administrator"

๐Ÿ”น Applications & Service Principals

FAQ: How do I manage app registrations?

PowerShell

# List applications
Get-MgApplication

# Create an application
New-MgApplication -DisplayName "MyApp"

# List service principals
Get-MgServicePrincipal

Azure CLI

# List apps
az ad app list

# Create app
az ad app create --display-name "MyApp"

# List service principals
az ad sp list

๐Ÿ”น Devices

FAQ: How do I view registered devices?

PowerShell

# List devices
Get-MgDevice

# Get device by ID
Get-MgDevice -DeviceId <DeviceObjectId>

Azure CLI

# List devices
az ad device list

# Show device
az ad device show --id <DeviceObjectId>

๐Ÿ”น Tenant & Directory Info

FAQ: How do I get details about my Entra tenant?

PowerShell

# Show organization/tenant info
Get-MgOrganization

Azure CLI

# Show tenant info
az account tenant list

โœ… Best Practices

  • Always use least privilege: grant only the roles required.
  • Prefer Microsoft Graph PowerShell over the old AzureAD module.
  • Use service principals & managed identities for automation, not personal accounts.
  • Regularly review sign-ins, risky users, and audit logs in the Entra admin portal.